Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 06-10-2017 Uruchomiony przez wiczi (07-10-2017 15:17:43) Run:1 Uruchomiony z C:\Users\wiczi\Downloads Załadowane profile: wiczi (Dostępne profile: wiczi) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: HKLM\...\Run: [SERVICE] => [X] HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [WifiAudio] => C:\Users\wiczi\AppData\Local\Temp\Rar$EXa0.900\wifiaudio_windows.exe <==== UWAGA HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [msiql] => C:\Users\wiczi\AppData\Local\Temp\00007476\msiql.exe /RUNNING <==== UWAGA HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [jorrj0dirj4] => "C:\Users\wiczi\AppData\Roaming\mgdc00zcfgp\2mslswu0add.exe" HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [AC4B63GB8D7ZXQY] => C:\Program Files\039D13FSE0\039D13FSE.exe [668672 2017-10-07] (59) HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [ans55we5zxf] => "C:\Users\wiczi\AppData\Roaming\ctsli5py401\lrkyvvmkhj1.exe" HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [k2hbjtkux4n] => "C:\Users\wiczi\AppData\Roaming\3lx1isnuf5g\0vjx5xcdz01.exe" HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [35s1qqalrvf] => "C:\Users\wiczi\AppData\Roaming\sd4uyjj3qwd\bfmlqaqsivp.exe" HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [3LDCG2UWTIBBNNW] => C:\Program Files\J33CWQTO0X\J33CWQTO0.exe [668672 2017-10-07] (59) HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [B9XA3KPASSP0IEP] => C:\Program Files\AYMZ4WRTNO\AYMZ4WRTN.exe [668672 2017-10-07] (59) HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [j3rpfkwdop4] => "C:\Users\wiczi\AppData\Roaming\aa3xp1m3evr\qxgmkgztgij.exe" HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [R4TBOLE2FWLHC2W] => C:\Program Files\K7KJNWYTE4\K7KJNWYTE.exe [668672 2017-10-07] (59) HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [ty3nb2wyauq] => "C:\Users\wiczi\AppData\Roaming\biy1bidt4l0\tsxuupndsze.exe" HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [t14dhmjgejq] => "C:\Users\wiczi\AppData\Roaming\2abg233kem3\um1ag4wwd4y.exe" HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [ouwa0r4lz30] => "C:\Users\wiczi\AppData\Roaming\iagqaaqvol0\n4ekvd3z3qr.exe" HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [PEHBPKUX8X99RZ3] => C:\Program Files\ZEVYAVKYSI\ZEVYAVKYS.exe [668672 2017-10-07] (59) HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [46NFVDANM7YK9DW] => C:\Program Files\PYKWL8MGUZ\PYKWL8MGU.exe [668672 2017-10-07] (59) HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [rfra4ehjfvj] => "C:\Users\wiczi\AppData\Roaming\jxdezycqule\mh00zvmvibr.exe" HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [brdvwcdk4ao] => "C:\Users\wiczi\AppData\Roaming\0jqi0zgv0ji\s2jft1xc53b.exe" HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [nj44jggelhu] => "C:\Users\wiczi\AppData\Roaming\gbs2qwnbw14\glgusc5w4kb.exe" HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [RGIM0EA3JE1WX9Q] => C:\Program Files\17B7WZZR38\17B7WZZR3.exe [668672 2017-10-07] (59) HKU\S-1-5-21-319334698-2115631649-3299897735-1000\...\Run: [JQIRXKQRID2CHP5] => C:\Program Files\MDNQT2KV8R\MDNQT2KV8.exe [668672 2017-10-07] (59) C:\Program Files\039D13FSE0 C:\Program Files\J33CWQTO0X C:\Program Files\AYMZ4WRTNO C:\Program Files\AYMZ4WRTNO C:\Program Files\K7KJNWYTE4 C:\Program Files\ZEVYAVKYSI C:\Program Files\PYKWL8MGUZ C:\Program Files\17B7WZZR38 C:\Program Files\MDNQT2KV8R C:\Users\wiczi\AppData\Roaming\jxdezycqule C:\Users\wiczi\AppData\Roaming\0jqi0zgv0ji C:\Users\wiczi\AppData\Roaming\gbs2qwnbw14 C:\Users\wiczi\AppData\Roaming\aa3xp1m3evr C:\Users\wiczi\AppData\Roaming\biy1bidt4l0 C:\Users\wiczi\AppData\Roaming\2abg233kem3 C:\Users\wiczi\AppData\Roaming\iagqaaqvol0 C:\Users\wiczi\AppData\Roaming\mgdc00zcfgp C:\Users\wiczi\AppData\Roaming\ctsli5py401 C:\Users\wiczi\AppData\Roaming\3lx1isnuf5g C:\Users\wiczi\AppData\Roaming\sd4uyjj3qwd ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\Users\wiczi\AppData\Roaming\tmp546.dat -> Brak pliku HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\ProgramData\DreamScreen\DreamScreen.scr [5313536 2017-10-07] (TODO: <公司名>) C:\ProgramData\DreamScreen GroupPolicy: Ograniczenia - Chrome <==== UWAGA Tcpip\Parameters: [NameServer] 82.163.143.136 82.163.142.138 Tcpip\..\Interfaces\{669E9543-2778-4A2E-BE7D-4CC3C7525398}: [NameServer] 82.163.142.8,95.211.158.136 HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYvHPkpvb-No78HikOEZEV2_LfH80ml8jqaUs3k_rxzv8Fc2MqsPUWbWU0f55y6UhUhXjFR4Ifimk_SXDDbLQTfSW8fFDa20g6OXN_f9UZwckQTBRyJxl-_hnOjxCywjkR0FJafhNXysuyoQalkYEbYjAub8Q,,&q={searchTerms} HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYvHPkpvb-No78HikOEZEV2_LfH80ml8jqaUs3k_rxzv8Fc2MqsPUWbWU0f55y6UhUt99UoLAxdD8NuPXs55NQpueu9KN1m6ZTGiXWq1p6eLKO43l_L4ei16X-VY4IA2E9pyieNyNJCI9H0ZhBxMb9gbEMANw,, SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYvHPkpvb-No78HikOEZEV2_LfH80ml8jqaUs3k_rxzv8Fc2MqsPUWbWU0f55y6UhUhXjFR4Ifimk_SXDDbLQTfSW8fFDa20g6OXN_f9UZwckQTBRyJxl-_hnOjxCywjkR0FJafhNXysuyoQalkYEbYjAub8Q,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-319334698-2115631649-3299897735-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYvHPkpvb-No78HikOEZEV2_LfH80ml8jqaUs3k_rxzv8Fc2MqsPUWbWU0f55y6UhUhXjFR4Ifimk_SXDDbLQTfSW8fFDa20g6OXN_f9UZwckQTBRyJxl-_hnOjxCywjkR0FJafhNXysuyoQalkYEbYjAub8Q,,&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKU\S-1-5-21-319334698-2115631649-3299897735-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYvHPkpvb-No78HikOEZEV2_LfH80ml8jqaUs3k_rxzv8Fc2MqsPUWbWU0f55y6UhUhXjFR4Ifimk_SXDDbLQTfSW8fFDa20g6OXN_f9UZwckQTBRyJxl-_hnOjxCywjkR0FJafhNXysuyoQalkYEbYjAub8Q,,&q={searchTerms} CHR HKLM-x32\...\Chrome\Extension: [clgckgfbhciacomhlchmgdnplmdiadbj] - hxxps://clients2.google.com/service/update2/crx R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2017-08-17] () [Brak podpisu cyfrowego] <==== UWAGA C:\ProgramData\Logic Cramble S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] 2017-09-18 09:28 - 2017-09-18 09:28 - 007327744 _____ () C:\Users\wiczi\AppData\Local\agent.dat 2017-09-18 09:28 - 2017-09-18 09:28 - 000070800 _____ () C:\Users\wiczi\AppData\Local\Config.xml 2017-09-18 09:28 - 2017-09-18 09:28 - 001895382 _____ () C:\Users\wiczi\AppData\Local\Faxjob.bin 2017-09-18 09:28 - 2017-09-18 09:28 - 002554368 _____ (TODO: ) C:\Users\wiczi\AppData\Local\GreenWarm.exe 2017-09-18 09:28 - 2017-09-18 09:28 - 001899389 _____ () C:\Users\wiczi\AppData\Local\GreenWarm.tst 2017-09-18 09:28 - 2017-09-18 09:28 - 000016464 _____ () C:\Users\wiczi\AppData\Local\InstallationConfiguration.xml 2017-09-18 09:28 - 2017-09-18 09:28 - 000140800 _____ () C:\Users\wiczi\AppData\Local\installer.dat 2017-09-18 09:28 - 2017-09-18 09:28 - 000018432 _____ () C:\Users\wiczi\AppData\Local\Main.dat 2017-09-18 09:28 - 2017-09-18 09:28 - 000005568 _____ () C:\Users\wiczi\AppData\Local\md.xml 2017-09-18 09:28 - 2017-09-18 09:28 - 000126464 _____ () C:\Users\wiczi\AppData\Local\noah.dat 2017-09-18 09:28 - 2017-09-18 09:28 - 002554368 _____ (TODO: ) C:\Users\wiczi\AppData\Local\TinRanfix.exe 2017-09-18 09:28 - 2017-09-18 09:28 - 000278508 _____ () C:\Users\wiczi\AppData\Local\TinRanfix.tst 2017-09-18 09:28 - 2017-09-18 09:28 - 000032038 _____ () C:\Users\wiczi\AppData\Local\uninstall_temp.ico Task: {4DABA4CF-48BC-47E8-9B36-398229333BCA} - System32\Tasks\{7D0F0A47-0E78-7F0B-0F11-7F0F09791179} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwAgACAAOwAgADsAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMA (dane wartości zawierają 9540 znaków więcej). <==== UWAGA Task: {111E2617-97A6-4DFE-91D7-68B15355CE0C} - System32\Tasks\LaCieS => C:\Disk\WebService.exe [2017-09-18] (TODO: ) C:\Disk\WebService.exe C:\Disk\securedisk.exe Task: {07733C2B-B09A-48A7-B06B-2D1C0408E614} - System32\Tasks\Opera scheduled Autoupdate 1506784223 => C:\Users\wiczi\AppData\Local\Programs\Opera\launcher.exe Task: {38A2A7E0-A278-433F-8AA0-476C1BCF30A0} - System32\Tasks\jJKowXmxzIFxIuj => rundll32 "C:\Program Files (x86)\TQoarIXzU\CfZgRr.dll",#1 Task: {38EF46DD-79BA-46A2-B7A6-02F0F8027642} - System32\Tasks\jJKowXmxzIFxIuj2 => rundll32 "C:\Program Files (x86)\TQoarIXzU\CfZgRr.dll",#1 Task: {E8746C37-5B0C-4B7B-9EC4-12551D03784D} - System32\Tasks\LSjUFtTofwjkxN => rundll32 "C:\Program Files (x86)\ICBaloCIDxXU2\NCgfMZIgPRUri.dll",#1 Task: C:\Windows\Tasks\jJKowXmxzIFxIuj.job => C:\Program Files (x86)\TQoarIXzU\CfZgRr.dll C:\Program Files (x86)\TQoarIXzU Task: {85D7E03C-E193-4D63-B9A1-8C25E517BA90} - System32\Tasks\Beeper => C:\Windows\system32\rundll32.exe "C:\Program Files\Beeper\Beeper.dll",njxVgIafTBR <==== UWAGA C:\Program Files\Beeper Task: {5EE02D9A-E4A4-4C40-BF68-B96C914D13CD} - System32\Tasks\{63AD27C3-C35E-E0B0-63EC-813B01F4AC0F} => C:\Windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\ab4f31a8\9276406a.dll" <==== UWAGA Task: {D07F2050-C90D-4DD0-AA1F-53F005E6B4C3} - System32\Tasks\{E9AB34FF-5E00-8354-C440-05D4A8CF09DE} => C:\ProgramData\{071E9CDE-B0B5-2B75-8F6A-A7A75FE71BC0}\1B5BA9BC-ACF0-1E17-E3EB-0667DC944503.exe [2017-10-04] () <==== UWAGA C:\PROGRA~3\ab4f31a8 C:\ProgramData\{071E9CDE-B0B5-2B75-8F6A-A7A75FE71BC0} Task: {E8746C37-5B0C-4B7B-9EC4-12551D03784D} - System32\Tasks\LSjUFtTofwjkxN => rundll32 "C:\Program Files (x86)\ICBaloCIDxXU2\NCgfMZIgPRUri.dll",#1 C:\Program Files (x86)\ICBaloCIDxXU2 ShortcutWithArgument: C:\Users\wiczi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://pop.yeawindows.com/ ShortcutWithArgument: C:\Users\wiczi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://pop.yeawindows.com/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://pop.yeawindows.com/ ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://pop.yeawindows.com/ HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Classes\regfile: regedit.exe "%1" <==== UWAGA C:\Users\Public\Desktop\EloBuddy.lnk DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Users\wiczi\AppData\Local\Mozilla C:\Users\wiczi\AppData\Roaming\Mozilla C:\Users\wiczi\AppData\Roaming\Profiles CMD: ipconfig /flushdns CMD: netsh advfirewall reset CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files\System" CMD: dir /a "C:\Program Files (x86)\Common Files\System" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\wiczi\AppData\Local CMD: dir /a C:\Users\wiczi\AppData\LocalLow CMD: dir /a C:\Users\wiczi\AppData\Roaming Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} Hosts: EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SERVICE => Wartość pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WifiAudio => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\msiql => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\jorrj0dirj4 => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AC4B63GB8D7ZXQY => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ans55we5zxf => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\k2hbjtkux4n => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\35s1qqalrvf => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\3LDCG2UWTIBBNNW => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\B9XA3KPASSP0IEP => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\j3rpfkwdop4 => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\R4TBOLE2FWLHC2W => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ty3nb2wyauq => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\t14dhmjgejq => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ouwa0r4lz30 => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PEHBPKUX8X99RZ3 => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\46NFVDANM7YK9DW => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\rfra4ehjfvj => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\brdvwcdk4ao => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\nj44jggelhu => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RGIM0EA3JE1WX9Q => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\JQIRXKQRID2CHP5 => Wartość pomyślnie usunięto C:\Program Files\039D13FSE0 => pomyślnie przeniesiono C:\Program Files\J33CWQTO0X => pomyślnie przeniesiono C:\Program Files\AYMZ4WRTNO => pomyślnie przeniesiono "C:\Program Files\AYMZ4WRTNO" => nie znaleziono. C:\Program Files\K7KJNWYTE4 => pomyślnie przeniesiono C:\Program Files\ZEVYAVKYSI => pomyślnie przeniesiono C:\Program Files\PYKWL8MGUZ => pomyślnie przeniesiono C:\Program Files\17B7WZZR38 => pomyślnie przeniesiono C:\Program Files\MDNQT2KV8R => pomyślnie przeniesiono C:\Users\wiczi\AppData\Roaming\jxdezycqule => pomyślnie przeniesiono C:\Users\wiczi\AppData\Roaming\0jqi0zgv0ji => pomyślnie przeniesiono C:\Users\wiczi\AppData\Roaming\gbs2qwnbw14 => pomyślnie przeniesiono C:\Users\wiczi\AppData\Roaming\aa3xp1m3evr => pomyślnie przeniesiono C:\Users\wiczi\AppData\Roaming\biy1bidt4l0 => pomyślnie przeniesiono C:\Users\wiczi\AppData\Roaming\2abg233kem3 => pomyślnie przeniesiono C:\Users\wiczi\AppData\Roaming\iagqaaqvol0 => pomyślnie przeniesiono C:\Users\wiczi\AppData\Roaming\mgdc00zcfgp => pomyślnie przeniesiono C:\Users\wiczi\AppData\Roaming\ctsli5py401 => pomyślnie przeniesiono C:\Users\wiczi\AppData\Roaming\3lx1isnuf5g => pomyślnie przeniesiono C:\Users\wiczi\AppData\Roaming\sd4uyjj3qwd => pomyślnie przeniesiono HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} => Wartość pomyślnie usunięto HKLM\Software\Classes\CLSID\{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} => klucz pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Control Panel\Desktop\\SCRNSAVE.EXE => Wartość pomyślnie usunięto C:\ProgramData\DreamScreen => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => Wartość pomyślnie usunięto HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{669E9543-2778-4A2E-BE7D-4CC3C7525398}\\NameServer => Wartość pomyślnie usunięto HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch => klucz pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\ielnksrch => klucz nie znaleziono. HKU\S-1-5-21-319334698-2115631649-3299897735-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKU\S-1-5-21-319334698-2115631649-3299897735-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{ielnksrch} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\clgckgfbhciacomhlchmgdnplmdiadbj => klucz pomyślnie usunięto HKLM\System\CurrentControlSet\Services\backlh => klucz pomyślnie usunięto backlh => serwis pomyślnie usunięto C:\ProgramData\Logic Cramble => pomyślnie przeniesiono HKLM\System\CurrentControlSet\Services\EsgScanner => klucz pomyślnie usunięto EsgScanner => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\gdrv => klucz pomyślnie usunięto gdrv => serwis pomyślnie usunięto C:\Users\wiczi\AppData\Local\agent.dat => pomyślnie przeniesiono C:\Users\wiczi\AppData\Local\Config.xml => pomyślnie przeniesiono C:\Users\wiczi\AppData\Local\Faxjob.bin => pomyślnie przeniesiono C:\Users\wiczi\AppData\Local\GreenWarm.exe => pomyślnie przeniesiono C:\Users\wiczi\AppData\Local\GreenWarm.tst => pomyślnie przeniesiono C:\Users\wiczi\AppData\Local\InstallationConfiguration.xml => pomyślnie przeniesiono C:\Users\wiczi\AppData\Local\installer.dat => pomyślnie przeniesiono C:\Users\wiczi\AppData\Local\Main.dat => pomyślnie przeniesiono C:\Users\wiczi\AppData\Local\md.xml => pomyślnie przeniesiono C:\Users\wiczi\AppData\Local\noah.dat => pomyślnie przeniesiono C:\Users\wiczi\AppData\Local\TinRanfix.exe => pomyślnie przeniesiono C:\Users\wiczi\AppData\Local\TinRanfix.tst => pomyślnie przeniesiono C:\Users\wiczi\AppData\Local\uninstall_temp.ico => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DABA4CF-48BC-47E8-9B36-398229333BCA} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DABA4CF-48BC-47E8-9B36-398229333BCA} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{7D0F0A47-0E78-7F0B-0F11-7F0F09791179} => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7D0F0A47-0E78-7F0B-0F11-7F0F09791179} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{111E2617-97A6-4DFE-91D7-68B15355CE0C} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{111E2617-97A6-4DFE-91D7-68B15355CE0C} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\LaCieS => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaCieS => klucz pomyślnie usunięto C:\Disk\WebService.exe => pomyślnie przeniesiono C:\Disk\securedisk.exe => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07733C2B-B09A-48A7-B06B-2D1C0408E614} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07733C2B-B09A-48A7-B06B-2D1C0408E614} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1506784223 => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1506784223 => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38A2A7E0-A278-433F-8AA0-476C1BCF30A0} => klucz nie znaleziono. C:\Windows\System32\Tasks\jJKowXmxzIFxIuj => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jJKowXmxzIFxIuj => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38EF46DD-79BA-46A2-B7A6-02F0F8027642} => klucz nie znaleziono. C:\Windows\System32\Tasks\jJKowXmxzIFxIuj2 => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jJKowXmxzIFxIuj2 => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8746C37-5B0C-4B7B-9EC4-12551D03784D} => klucz nie znaleziono. C:\Windows\System32\Tasks\LSjUFtTofwjkxN => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LSjUFtTofwjkxN => klucz nie znaleziono. C:\Windows\Tasks\jJKowXmxzIFxIuj.job => nie znaleziono. "C:\Program Files (x86)\TQoarIXzU" => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{85D7E03C-E193-4D63-B9A1-8C25E517BA90} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85D7E03C-E193-4D63-B9A1-8C25E517BA90} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\Beeper => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Beeper => klucz pomyślnie usunięto C:\Program Files\Beeper => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EE02D9A-E4A4-4C40-BF68-B96C914D13CD} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EE02D9A-E4A4-4C40-BF68-B96C914D13CD} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{63AD27C3-C35E-E0B0-63EC-813B01F4AC0F} => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{63AD27C3-C35E-E0B0-63EC-813B01F4AC0F} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D07F2050-C90D-4DD0-AA1F-53F005E6B4C3} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D07F2050-C90D-4DD0-AA1F-53F005E6B4C3} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{E9AB34FF-5E00-8354-C440-05D4A8CF09DE} => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E9AB34FF-5E00-8354-C440-05D4A8CF09DE} => klucz pomyślnie usunięto C:\PROGRA~3\ab4f31a8 => pomyślnie przeniesiono C:\ProgramData\{071E9CDE-B0B5-2B75-8F6A-A7A75FE71BC0} => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8746C37-5B0C-4B7B-9EC4-12551D03784D} => klucz nie znaleziono. C:\Windows\System32\Tasks\LSjUFtTofwjkxN => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LSjUFtTofwjkxN => klucz nie znaleziono. "C:\Program Files (x86)\ICBaloCIDxXU2" => nie znaleziono. C:\Users\wiczi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\wiczi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Classes\regfile => klucz pomyślnie usunięto C:\Users\Public\Desktop\EloBuddy.lnk => pomyślnie przeniesiono HKCU\Software\Mozilla => klucz nie znaleziono. HKCU\Software\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Mozilla => klucz nie znaleziono. HKLM\SOFTWARE\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Mozilla => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\mozilla.org => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => klucz pomyślnie usunięto "C:\Users\wiczi\AppData\Local\Mozilla" => nie znaleziono. C:\Users\wiczi\AppData\Roaming\Mozilla => pomyślnie przeniesiono "C:\Users\wiczi\AppData\Roaming\Profiles" => nie znaleziono. ========= ipconfig /flushdns ========= Konfiguracja IP systemu Windows Pomy˜lnie opr˘ľniono pami©† podr©cznĄ programu rozpoznawania nazw DNS. ========= Koniec CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= ========= dir /a "C:\Program Files" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CA44-BAD5 Katalog: C:\Program Files 2017-10-07 15:17 . 2017-10-07 15:17 .. 2017-07-19 12:32 Common Files 2009-07-14 06:54 174 desktop.ini 2017-10-04 15:06 DIFX 2017-07-18 09:47 DVD Maker 2017-09-21 11:21 Google 2017-07-19 12:32 Image-Line 2017-07-15 15:53 Intel 2017-07-18 09:47 Internet Explorer 2017-07-29 19:58 Java 2017-10-07 10:20 Malwarebytes 2011-04-12 15:32 Microsoft Games 2017-08-10 22:47 MPC-HC 2009-07-14 07:32 MSBuild 2017-07-15 16:28 NVIDIA Corporation 2017-10-07 10:51 Perfect Uninstaller 2017-07-15 15:46 Realtek 2009-07-14 07:32 Reference Assemblies 2017-09-18 09:36 RunBooster 2017-10-04 15:05 SteelSeries 2017-07-16 14:51 TeamSpeak 3 Client 2009-07-14 07:09 Uninstall Information 2017-07-15 15:55 VIA XHCI UASP Utility 2017-07-18 09:47 Windows Defender 2017-07-18 09:47 Windows Journal 2011-04-12 15:21 Windows Mail 2017-07-18 09:47 Windows Media Player 2017-07-15 15:39 Windows NT 2011-04-12 15:21 Windows Photo Viewer 2010-11-21 05:31 Windows Portable Devices 2011-04-12 15:21 Windows Sidebar 1 plik(˘w) 174 bajt˘w 31 katalog(˘w) 4˙859˙039˙744 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CA44-BAD5 Katalog: C:\Program Files (x86) 2017-10-07 15:15 . 2017-10-07 15:15 .. 2017-07-19 12:34 ASIO4ALL v2 2017-09-30 10:42 BlueStacks 2017-09-30 17:09 Cheat Engine 6.7 2017-09-18 09:35 Common Files 2017-08-10 10:02 DAEMON Tools Lite 2017-10-07 15:15 DAEMON Tools Toolbar 2009-07-14 06:54 174 desktop.ini 2017-09-13 21:21 DsNET Corp 2017-07-20 23:11 DVDVideoSoft 2017-07-20 23:11 FreeCodecPack 2017-10-04 20:06 GameSpy Arcade 2017-09-21 11:21 Google 2017-07-19 12:34 Image-Line 2017-10-05 19:00 InstallShield Installation Information 2017-07-15 15:54 Intel 2017-07-18 09:47 Internet Explorer 2017-08-21 09:56 ManyCam 2017-10-05 18:58 Microsoft Games 2017-07-15 15:43 Microsoft.NET 2017-09-22 19:46 Minecraft 2017-07-15 21:47 MSBuild 2017-07-15 16:28 NVIDIA Corporation 2017-08-14 15:46 OpenSubtitlesPlayer 2017-07-15 15:52 Realtek 2009-07-14 07:32 Reference Assemblies 2017-10-07 10:19 ShutdownTime 2017-09-16 18:35 Skype 2017-08-11 00:24 SoundWire Server 2017-09-22 13:51 Steinberg 2017-08-11 00:13 Stream What You Hear 2017-07-15 15:46 Temp 2009-07-14 06:57 Uninstall Information 2017-07-15 15:55 VIA 2017-07-20 10:51 VstPlugins 2017-07-15 16:27 VulkanRT 2017-07-18 09:47 Windows Defender 2011-04-12 15:21 Windows Mail 2017-07-18 09:47 Windows Media Player 2009-07-14 07:32 Windows NT 2011-04-12 15:21 Windows Photo Viewer 2010-11-21 05:31 Windows Portable Devices 2011-04-12 15:21 Windows Sidebar 2017-07-15 15:59 WinRAR 2017-10-07 10:12 YeaDesktop 1 plik(˘w) 174 bajt˘w 45 katalog(˘w) 4˙859˙035˙648 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a "C:\Program Files\Common Files\System" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CA44-BAD5 Katalog: C:\Program Files\Common Files\System 2017-07-18 09:47 . 2017-07-18 09:47 .. 2017-07-18 09:47 ado 2009-07-14 03:40 29˙184 DirectDB.dll 2011-04-12 15:21 en-US 2017-07-18 09:47 msadc 2017-07-18 09:47 Ole DB 2011-04-12 15:21 pl-PL 2011-10-01 07:45 886˙784 wab32.dll 2009-07-14 03:33 1˙098˙752 wab32res.dll 3 plik(˘w) 2˙014˙720 bajt˘w 7 katalog(˘w) 4˙859˙039˙744 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files\System" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CA44-BAD5 Katalog: C:\Program Files (x86)\Common Files\System 2017-07-18 09:47 . 2017-07-18 09:47 .. 2017-07-18 09:47 ado 2009-07-14 03:15 24˙064 DirectDB.dll 2011-04-12 15:21 en-US 2017-07-18 09:47 msadc 2017-07-18 09:47 Ole DB 2011-04-12 15:21 pl-PL 2011-10-01 06:37 708˙608 wab32.dll 2009-07-14 03:11 1˙098˙752 wab32res.dll 3 plik(˘w) 1˙831˙424 bajt˘w 7 katalog(˘w) 4˙859˙039˙744 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a C:\ProgramData ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CA44-BAD5 Katalog: C:\ProgramData 2017-10-07 15:17 . 2017-10-07 15:17 .. 2017-10-04 14:46 0226e74a-0ac3-0 2017-10-04 14:45 0226e74a-75c1-1 2017-10-04 14:45 3b81ec62-1b63-1 2017-10-04 14:45 3b81ec62-3283-0 2017-10-04 14:45 3b81ec62-37a7-0 2017-10-04 14:45 3b81ec62-52e7-1 2017-08-11 22:52 Apple 2009-07-14 07:08 Application Data [C:\ProgramData] 2017-10-04 14:45 bc3f3d8e-27a1-1 2017-10-04 14:46 bc3f3d8e-2d13-0 2017-09-30 10:41 BlueStacks 2017-10-01 12:22 BlueStacksSetup 2017-10-07 10:13 CupCheck 2017-08-10 10:01 DAEMON Tools Lite 2017-07-15 15:39 Dane aplikacji [C:\ProgramData] 2009-07-14 07:08 Desktop [C:\Users\Public\Desktop] 2017-07-20 23:11 DigitalWave.ApplicationUpdater_files 2017-09-17 23:05 Dishonored 2 2009-07-14 07:08 Documents [C:\Users\Public\Documents] 2017-07-15 15:39 Dokumenty [C:\Users\Public\Documents] 2017-10-07 10:13 DreamCompress 2009-07-14 07:08 Favorites [C:\Users\Public\Favorites] 2017-07-28 23:21 GOG.com 2017-07-15 15:45 Intel 2017-10-07 10:20 Malwarebytes 2017-08-21 09:54 ManyCam 2017-07-15 15:39 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 2017-09-18 09:32 Microleaves 2017-07-21 00:08 Microsoft 2017-10-05 18:59 Microsoft Games 2017-09-18 09:30 266 ntuser.pol 2017-10-07 15:17 NVIDIA 2017-07-16 16:21 NVIDIA Corporation 2017-08-14 15:46 OpenSubtitlesPlayer 2017-07-29 19:58 Oracle 2017-10-02 20:51 Origin 2017-09-17 23:05 Package Cache 2017-07-15 15:39 Pulpit [C:\Users\Public\Desktop] 2017-09-18 09:29 Quoteexs 2017-07-15 21:46 regid.1991-06.com.microsoft 2017-07-15 17:04 Riot Games 2017-09-16 18:35 Skype 2009-07-14 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2017-10-04 15:05 SteelSeries 2017-07-15 15:39 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 2009-07-14 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2017-07-15 15:39 Ulubione [C:\Users\Public\Favorites] 2017-07-15 21:46 VsTelemetry 2017-10-04 14:45 {392f7f5f-012c-0} 2017-10-04 14:45 {6d261e0a-012c-1} 2017-10-04 14:45 {710b224b-412c-0} 2017-10-04 14:45 {D4CDA45A-6366-13F1-FDF6-2F6E87F2843B} 1 plik(˘w) 266 bajt˘w 53 katalog(˘w) 4˙859˙031˙552 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a C:\Users\wiczi\AppData\Local ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CA44-BAD5 Katalog: C:\Users\wiczi\AppData\Local 2017-10-07 15:17 . 2017-10-07 15:17 .. 2017-09-18 09:28 AdService 2017-09-18 09:29 AdvinstAnalytics 2017-09-30 10:42 Bluestacks 2017-07-15 16:19 CEF 2017-10-07 10:42 CrashDumps 2017-08-03 10:39 CrashRpt 2017-07-15 15:39 Dane aplikacji [C:\Users\wiczi\AppData\Local] 2017-08-21 11:21 Diagnostics 2017-10-07 15:13 ElevatedDiagnostics 2017-07-15 15:54 57˙560 GDIPFONTCACHEV1.DAT 2017-09-08 17:54 GG 2017-09-18 17:35 GOG.com 2017-09-21 11:17 Google 2017-07-15 15:39 Historia [C:\Users\wiczi\AppData\Local\Microsoft\Windows\History] 2017-10-07 10:34 3˙941˙193 IconCache.db 2017-10-07 10:41 ManyCam 2017-08-03 21:08 Microsoft 2017-07-30 12:48 Ndemic Creations 2017-07-15 16:20 NVIDIA 2017-07-15 16:32 NVIDIA Corporation 2017-09-30 17:10 Opera Software 2017-09-30 17:10 Programs 2017-08-11 22:52 Rogue Amoeba 2017-10-07 10:17 Spotify 2017-07-18 16:02 Steam 2017-10-07 15:15 Temp 2017-07-15 15:39 Temporary Internet Files [C:\Users\wiczi\AppData\Local\Microsoft\Windows\Temporary Internet Files] 2017-07-16 21:35 VirtualStore 2 plik(˘w) 3˙998˙753 bajt˘w 28 katalog(˘w) 4˙859˙031˙552 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a C:\Users\wiczi\AppData\LocalLow ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CA44-BAD5 Katalog: C:\Users\wiczi\AppData\LocalLow 2017-10-07 15:15 . 2017-10-07 15:15 .. 2017-07-28 23:21 LionShield 2017-07-30 15:29 Ludeon Studios 2017-07-30 08:58 Microsoft 2017-09-30 11:48 Sauropod Studio 2017-07-29 19:58 Sun 2017-10-05 15:24 uTorrent 0 plik(˘w) 0 bajt˘w 8 katalog(˘w) 4˙859˙031˙552 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a C:\Users\wiczi\AppData\Roaming ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CA44-BAD5 Katalog: C:\Users\wiczi\AppData\Roaming 2017-10-07 15:17 . 2017-10-07 15:17 .. 2017-09-22 19:49 .blazingpack 2017-09-23 19:19 .minecraft 2017-07-30 08:45 .mono 2017-07-29 20:11 .technic 2017-07-18 10:50 Adobe 2017-09-17 22:10 DAEMON Tools Lite 2017-10-07 10:13 DreamScreen 2017-09-23 21:23 DVDVideoSoft 2017-09-30 11:48 electron-quick-start 2017-07-16 21:34 EloBuddy 2017-10-07 10:43 GG 2017-07-15 15:39 Identities 2017-07-19 12:32 Image-Line 2017-07-15 15:54 Intel Corporation 2017-09-08 17:54 Macromedia 2017-08-21 09:54 ManyCam 2011-04-12 15:32 Media Center Programs 2017-09-18 09:29 Microleaves 2017-08-16 23:09 Microsoft 2017-10-05 19:00 Microsoft Games 2017-08-10 22:47 MPC-HC 2017-08-03 10:39 NVIDIA 2017-09-30 17:10 Opera Software 2017-07-15 17:04 Riot Games 2017-10-02 20:46 SimCity 2017-10-07 10:42 Skype 2017-10-07 10:43 Spotify 2017-10-04 15:08 steelseries-engine-3-client 2017-07-29 19:58 Sun 2017-09-20 12:39 The Creative Assembly 2017-09-22 18:55 TS3Client 2017-10-07 11:02 Twitch 2017-10-05 22:50 uTorrent 2017-07-15 16:02 WinRAR 2017-09-20 12:35 Xfer 0 plik(˘w) 0 bajt˘w 37 katalog(˘w) 4˙859˙027˙456 bajt˘w wolnych ========= Koniec CMD: ========= ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54439937 B Java, Flash, Steam htmlcache => 222538225 B Windows/system/drivers => 54885284 B Edge => 0 B Chrome => 493712277 B Firefox => 0 B Opera => 327191147 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 58558278 B systemprofile32 => 66788 B LocalService => 66228 B NetworkService => 66228 B wiczi => 39375920299 B RecycleBin => 5150182951 B EmptyTemp: => 42.6 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 15:18:43 ====