Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 02.01.2018 Uruchomiony przez Tomek (02-01-2018 12:19:18) Run:1 Uruchomiony z C:\Users\Tomek\Downloads Załadowane profile: Tomek (Dostępne profile: Tomek) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: GroupPolicy: Ograniczenia <==== UWAGA GroupPolicy\User: Ograniczenia <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA CHR HKLM-x32\...\Chrome\Extension: [ligncphnohhjkgekjkghahajihclailj] - hxxps://clients2.google.com/service/update2/crx ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku Task: {11A1355E-74B7-4403-965F-5D5F6C8F7BB2} - System32\Tasks\bltopncomhohoj => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" bltopn.com/hohoj <==== UWAGA Task: {5CC3BF70-8F9E-4F5B-9324-0437989BF219} - System32\Tasks\diaBwAC => C:\Users\Tomek\AppData\Local\KFpvnQr.bat <==== UWAGA Task: {A81A5C34-540B-4D39-B27C-F29AB89AB36C} - System32\Tasks\LEJuPHPn => C:\Users\Tomek\AppData\Local\HZFuUvea.bat <==== UWAGA C:\Users\Tomek\AppData\Local\KFpvnQr.bat C:\Users\Tomek\AppData\Local\HZFuUvea.bat DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Users\Tomek\AppData\Local\Mozilla C:\Users\Tomek\AppData\Roaming\Mozilla C:\Users\Tomek\AppData\Roaming\Profiles CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files\System" CMD: dir /a "C:\Program Files (x86)\Common Files\System" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Tomek\AppData\Local CMD: dir /a C:\Users\Tomek\AppData\LocalLow CMD: dir /a C:\Users\Tomek\AppData\Roaming CMD: netsh advfirewall reset Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\User => pomyślnie przeniesiono "HKLM\SOFTWARE\Policies\Google" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ligncphnohhjkgekjkghahajihclailj" => pomyślnie usunięto "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => klucz nie znaleziono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11A1355E-74B7-4403-965F-5D5F6C8F7BB2} => niepowodzenie przy usuwaniu klucz. ErrorCode1: 0x00000002 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11A1355E-74B7-4403-965F-5D5F6C8F7BB2}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\bltopncomhohoj => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bltopncomhohoj" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5CC3BF70-8F9E-4F5B-9324-0437989BF219}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CC3BF70-8F9E-4F5B-9324-0437989BF219}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\diaBwAC => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\diaBwAC" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A81A5C34-540B-4D39-B27C-F29AB89AB36C}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A81A5C34-540B-4D39-B27C-F29AB89AB36C}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\LEJuPHPn => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LEJuPHPn" => pomyślnie usunięto "C:\Users\Tomek\AppData\Local\KFpvnQr.bat" => nie znaleziono "C:\Users\Tomek\AppData\Local\HZFuUvea.bat" => nie znaleziono "HKCU\Software\Mozilla" => pomyślnie usunięto "HKCU\Software\MozillaPlugins" => pomyślnie usunięto "HKLM\SOFTWARE\Mozilla" => pomyślnie usunięto HKLM\SOFTWARE\MozillaPlugins => klucz nie znaleziono "HKLM\SOFTWARE\Wow6432Node\Mozilla" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\mozilla.org" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\MozillaPlugins" => pomyślnie usunięto "C:\Users\Tomek\AppData\Local\Mozilla" => nie znaleziono "C:\Users\Tomek\AppData\Roaming\Mozilla" => nie znaleziono "C:\Users\Tomek\AppData\Roaming\Profiles" => nie znaleziono ========= dir /a "C:\Program Files" ========= Volume in drive C is Windows Volume Serial Number is 6885-9E54 Directory of C:\Program Files 26.12.2017 18:01 . 26.12.2017 18:01 .. 21.12.2017 01:46 Autodesk 23.12.2017 21:44 AVAST Software 21.12.2017 21:54 Bonjour 23.12.2017 22:18 CCleaner 23.12.2017 21:51 Common Files 20.12.2017 23:51 CPUID 29.09.2017 14:44 174 desktop.ini 21.12.2017 02:17 Dolby 16.03.2017 16:09 Elantech 21.12.2017 02:13 Intel 14.12.2017 00:40 internet explorer 21.12.2017 21:55 iPod 21.12.2017 21:55 iTunes 22.11.2017 15:03 Lenovo 25.12.2017 18:58 Malwarebytes 21.12.2017 02:16 NVIDIA Corporation 21.12.2017 02:17 Realtek 20.12.2017 22:05 rempl 20.12.2017 23:21 SteelSeries 21.12.2017 02:11 Synaptics 26.12.2017 18:01 TeamSpeak 3 Client 16.03.2017 13:54 Uninstall Information 14.12.2017 00:40 Windows Defender 21.12.2017 02:11 Windows Mail 30.09.2017 15:29 Windows Media Player 29.09.2017 14:46 Windows Multimedia Platform 21.12.2017 02:21 windows nt 30.09.2017 15:28 Windows Photo Viewer 29.09.2017 14:46 Windows Portable Devices 29.09.2017 14:46 Windows Security 29.09.2017 14:46 Windows Sidebar 01.01.2018 22:41 WindowsApps 29.09.2017 14:46 WindowsPowerShell 1 File(s) 174 bytes 34 Dir(s) 136˙616˙763˙392 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Volume in drive C is Windows Volume Serial Number is 6885-9E54 Directory of C:\Program Files (x86) 02.01.2018 01:10 . 02.01.2018 01:10 .. 21.12.2017 21:54 Apple Software Update 21.12.2017 01:44 Autodesk 21.12.2017 21:54 Bonjour 21.12.2017 21:53 Common Files 29.09.2017 14:44 174 desktop.ini 01.01.2018 22:34 Google 16.03.2017 15:31 InstallShield Installation Information 16.03.2017 15:32 Intel 14.12.2017 00:40 Internet Explorer 16.03.2017 15:31 Lenovo 22.11.2017 15:04 Microsoft Office 29.09.2017 14:46 Microsoft.NET 20.12.2017 22:40 Mozilla Firefox 21.12.2017 02:13 NVIDIA Corporation 16.03.2017 15:26 Realtek 02.01.2018 12:03 Steam 21.12.2017 02:17 VulkanRT 30.09.2017 15:28 Windows Defender 21.12.2017 02:11 Windows Mail 30.09.2017 15:29 Windows Media Player 29.09.2017 14:46 Windows Multimedia Platform 29.09.2017 14:46 windows nt 30.09.2017 15:28 Windows Photo Viewer 29.09.2017 14:46 Windows Portable Devices 29.09.2017 14:46 Windows Sidebar 29.09.2017 14:46 WindowsPowerShell 1 File(s) 174 bytes 27 Dir(s) 136˙616˙685˙568 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files\Common Files\System" ========= Volume in drive C is Windows Volume Serial Number is 6885-9E54 Directory of C:\Program Files\Common Files\System 30.09.2017 15:28 . 30.09.2017 15:28 .. 30.09.2017 15:28 ado 30.09.2017 15:28 en-US 30.09.2017 15:28 msadc 30.09.2017 15:28 ole db 30.09.2017 15:28 pl-PL 29.09.2017 14:41 863˙744 wab32.dll 29.09.2017 14:41 964˙096 wab32res.dll 2 File(s) 1˙827˙840 bytes 7 Dir(s) 136˙616˙628˙224 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files\System" ========= Volume in drive C is Windows Volume Serial Number is 6885-9E54 Directory of C:\Program Files (x86)\Common Files\System 30.09.2017 15:28 . 30.09.2017 15:28 .. 30.09.2017 15:28 ado 30.09.2017 15:28 en-US 30.09.2017 15:28 msadc 30.09.2017 15:28 ole db 30.09.2017 15:28 pl-PL 29.09.2017 14:42 748˙032 wab32.dll 29.09.2017 14:42 964˙096 wab32res.dll 2 File(s) 1˙712˙128 bytes 7 Dir(s) 136˙616˙566˙784 bytes free ========= Koniec CMD: ========= ========= dir /a C:\ProgramData ========= Volume in drive C is Windows Volume Serial Number is 6885-9E54 Directory of C:\ProgramData 26.12.2017 22:10 . 26.12.2017 22:10 .. 21.12.2017 21:54 Apple 21.12.2017 21:54 Apple Computer 21.12.2017 00:15 Application Data 21.12.2017 01:46 Autodesk 23.12.2017 22:48 AVAST Software 16.07.2016 12:47 Comms 22.11.2017 15:04 Dane aplikacji [C:\ProgramData] 22.11.2017 15:04 Dokumenty [C:\Users\Public\Documents] 21.12.2017 02:17 Dolby 16.03.2017 15:26 0 DP45977C.lfl 21.12.2017 01:08 FLEXnet 20.12.2017 21:51 Intel 22.11.2017 15:03 Lenovo 25.12.2017 18:58 Malwarebytes 22.11.2017 15:04 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 21.12.2017 02:33 Microsoft 21.12.2017 02:31 Microsoft OneDrive 16.03.2017 15:27 102 Microsoft.SqlServer.Compact.400.64.bc 02.01.2018 12:19 NVIDIA 21.12.2017 02:17 NVIDIA Corporation 26.12.2017 18:01 Package Cache 22.11.2017 15:04 Pulpit [C:\Users\Public\Desktop] 16.03.2017 15:40 Realtek 21.12.2017 02:13 regid.1991-06.com.microsoft 29.09.2017 14:46 SoftwareDistribution 22.12.2017 13:41 Steam 23.12.2017 21:46 SteelSeries 26.12.2017 22:10 SWCUTemp 22.11.2017 15:04 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 21.12.2017 02:29 USOPrivate 21.12.2017 02:29 USOShared 30.09.2017 15:30 WindowsHolographicDevices 2 File(s) 102 bytes 32 Dir(s) 136˙616˙501˙248 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Tomek\AppData\Local ========= Volume in drive C is Windows Volume Serial Number is 6885-9E54 Directory of C:\Users\Tomek\AppData\Local 02.01.2018 12:02 . 02.01.2018 12:02 .. 20.12.2017 23:01 Akamai 21.12.2017 21:54 Apple 21.12.2017 22:01 Apple Computer 21.12.2017 01:47 Autodesk 21.12.2017 01:11 Autodesk,_Inc 23.12.2017 21:46 cache 20.12.2017 22:18 CEF 20.12.2017 22:03 Comms 20.12.2017 21:58 ConnectedDevicesPlatform 21.12.2017 02:17 Dane aplikacji [C:\Users\Tomek\AppData\Local] 21.12.2017 09:45 DBG 25.12.2017 19:35 Google 21.12.2017 01:09 Granta Design 21.12.2017 02:17 Historia [C:\Users\Tomek\AppData\Local\Microsoft\Windows\History] 02.01.2018 05:04 32˙579 IconCache.db 24.12.2017 02:22 Microsoft 21.12.2017 02:30 MicrosoftEdge 20.12.2017 22:36 NVIDIA 20.12.2017 22:36 NVIDIA Corporation 21.12.2017 21:41 Packages 21.12.2017 12:46 PlaceholderTileLogoFolder 20.12.2017 23:51 Programs 20.12.2017 22:54 Publishers 21.12.2017 00:36 Steam 02.01.2018 12:09 Temp 21.12.2017 02:17 Temporary Internet Files [C:\Users\Tomek\AppData\Local\Microsoft\Windows\INetCache] 21.12.2017 02:30 TileDataLayer 21.12.2017 21:09 Unity 20.12.2017 21:47 VirtualStore 1 File(s) 32˙579 bytes 30 Dir(s) 136˙616˙439˙808 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Tomek\AppData\LocalLow ========= Volume in drive C is Windows Volume Serial Number is 6885-9E54 Directory of C:\Users\Tomek\AppData\LocalLow 21.12.2017 21:09 . 21.12.2017 21:09 .. 24.12.2017 00:54 BitTorrent 21.12.2017 20:33 Microsoft 21.12.2017 21:09 Unity 0 File(s) 0 bytes 5 Dir(s) 136˙616˙386˙560 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Tomek\AppData\Roaming ========= Volume in drive C is Windows Volume Serial Number is 6885-9E54 Directory of C:\Users\Tomek\AppData\Roaming 28.12.2017 20:19 . 28.12.2017 20:19 .. 20.12.2017 21:47 Adobe 21.12.2017 22:19 Apple Computer 21.12.2017 01:47 Autodesk 23.12.2017 21:51 AVAST Software 24.12.2017 15:02 BitTorrent 23.12.2017 20:19 Glador 20.12.2017 22:47 Google 21.12.2017 02:20 Microsoft 28.12.2017 20:19 NVIDIA 26.12.2017 19:08 steelseries-engine-3-client 02.01.2018 01:10 TS3Client 0 File(s) 0 bytes 13 Dir(s) 136˙616˙321˙024 bytes free ========= Koniec CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 7888896 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11079384 B Java, Flash, Steam htmlcache => 194393205 B Windows/system/drivers => 342690989 B Edge => 17421 B Chrome => 753104554 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 2466 B NetworkService => 52408 B Tomek => 20970752 B RecycleBin => 1943451 B EmptyTemp: => 1.2 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 12:20:16 ====