Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 17.02.2018 Uruchomiony przez Tom (18-02-2018 16:44:35) Run:5 Uruchomiony z C:\Users\Tom\Desktop\Programy\Naprawa Załadowane profile: Tom (Dostępne profile: Tom) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: ContextMenuHandlers4: [XXX Groove GFS Context Menu Handler XXX] -> [CC]{6C467336-8281-4E60-8204-430CED96822D} => -> Brak pliku Task: {083DBD78-6142-4412-889A-5C2FF00931A8} - System32\Tasks\oudkhUIy => C:\Program Files (x86)\Common Files\oDilKaTEO.bat [2013-08-22] () <==== UWAGA Task: {686BFC1A-ACF6-4F7B-97D0-FB09235494D7} - System32\Tasks\SAAUauULUHEA => C:\Users\Tom\AppData\Roaming\EvuyXJiab.bat [2013-08-22] () <==== UWAGA Task: {43AD0FC1-8A67-4B75-9973-607FCA0C4158} - System32\Tasks\dzopercomjhar => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" dzoper.com/jhar <==== UWAGA C:\Program Files (x86)\Common Files\oDilKaTEO C:\Users\Tom\AppData\Roaming\EvuyXJiab C:\Users\Tom\VieKIdn.bat File: C:\Users\Tom\AppData\Local\eoAAiZW.exe File: C:\Program Files (x86)\yeIGOyz.exe C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk ShortcutWithArgument: C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\Ewa - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5" ShortcutWithArgument: C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Tomasz - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitoWP\Deinstalacja.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitoWP\Pomoc.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitoWP\VitoWP w internecie.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitoWP\VitoWP.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast\SopCast web site.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast\Uninstall.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rodos_LE 2010\Instrukcja instalacji.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rodos_LE 2010\Pierwsze kroki.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rodos_LE 2010\Rodos 2010 - edycja studencka.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Deinstalacja programu Lightshot.lnk C:\Users\Tom\Links\OneDrive.lnk C:\Users\Tom\Desktop\Menedżer Realtek HD Audio.lnk C:\Users\Tom\Desktop\Programy\Domekt.lnk C:\Users\Tom\Desktop\Programy\Malwarebytes.lnk C:\Users\Tom\Desktop\Programy\SopCast.lnk C:\Users\Tom\Desktop\Programy\UnHackMe.lnk C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mad Max.lnk C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MadMax.lnk C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2017.lnk C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tropico 5 - Complete Collection.lnk C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast\SopCast.lnk C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Domekt\Uninstall.lnk GroupPolicy: Ograniczenia <==== UWAGA GroupPolicy\User: Ograniczenia <==== UWAGA HKU\S-1-5-21-3585312160-345975134-3153727662-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811141 SearchScopes: HKU\S-1-5-21-3585312160-345975134-3153727662-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B50A97ECF-19C2-403C-B8D8-053718DD94B3%7D&gp=811142 SearchScopes: HKU\S-1-5-21-3585312160-345975134-3153727662-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B50A97ECF-19C2-403C-B8D8-053718DD94B3%7D&gp=811142 CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dijfnbhlogmffhgpelodglnnkncadnbi] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx CHR HomePage: Profile 4 -> inline.go.mail.ru CHR DefaultSearchURL: Profile 4 -> hxxps://inline.go.mail.ru/search?inline_comp=dse&q={searchTerms}&fr=chxtn12.0.23 CHR DefaultSearchKeyword: Profile 4 -> inline.go.mail.ru CHR DefaultSuggestURL: Profile 4 -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms} S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X] DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Users\Tom\AppData\Local\Mozilla C:\Users\Tom\AppData\Roaming\Mozilla C:\Users\Tom\AppData\Roaming\Profiles CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files\System" CMD: dir /a "C:\Program Files (x86)\Common Files\System" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Tom\AppData\Local CMD: dir /a C:\Users\Tom\AppData\LocalLow CMD: dir /a C:\Users\Tom\AppData\Roaming CMD: dir /a C:\Users Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. "HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX" => pomyślnie usunięto HKLM\Software\Classes\CLSID\[CC]{6C467336-8281-4E60-8204-430CED96822D} => klucz nie znaleziono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{083DBD78-6142-4412-889A-5C2FF00931A8} => niepowodzenie przy usuwaniu klucz. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{083DBD78-6142-4412-889A-5C2FF00931A8} => niepowodzenie przy usuwaniu klucz. ErrorCode1: 0x00000002 C:\Windows\System32\Tasks\oudkhUIy => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\oudkhUIy => niepowodzenie przy usuwaniu klucz. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{686BFC1A-ACF6-4F7B-97D0-FB09235494D7} => niepowodzenie przy usuwaniu klucz. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{686BFC1A-ACF6-4F7B-97D0-FB09235494D7} => niepowodzenie przy usuwaniu klucz. ErrorCode1: 0x00000002 C:\Windows\System32\Tasks\SAAUauULUHEA => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SAAUauULUHEA => niepowodzenie przy usuwaniu klucz. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43AD0FC1-8A67-4B75-9973-607FCA0C4158} => niepowodzenie przy usuwaniu klucz. ErrorCode1: 0x00000002 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43AD0FC1-8A67-4B75-9973-607FCA0C4158} => niepowodzenie przy usuwaniu klucz. ErrorCode1: 0x00000002 C:\Windows\System32\Tasks\dzopercomjhar => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dzopercomjhar => niepowodzenie przy usuwaniu klucz. ErrorCode1: 0x00000002 C:\Program Files (x86)\Common Files\oDilKaTEO => pomyślnie przeniesiono C:\Users\Tom\AppData\Roaming\EvuyXJiab => pomyślnie przeniesiono C:\Users\Tom\VieKIdn.bat => pomyślnie przeniesiono ========================= File: C:\Users\Tom\AppData\Local\eoAAiZW.exe ======================== C:\Users\Tom\AppData\Local\eoAAiZW.exe Plik podpisany cyfrowo MD5: E1D499C501DC2E1F8B451F1A43BFABED Data utworzenia i modyfikacji: 2018-01-09 23:14 - 2013-08-22 04:56 Rozmiar: 000055808 Atrybuty: ----A Firma: Microsoft Corporation Wewnętrzna nazwa: msiexec Oryginalna nazwa: msiexec.exe Produkt: Windows Installer - Unicode Opis: Windows® installer Plik Wersja: 5.0.9600.16384 (winblue_rtm.130821-1623) Produkt Wersja: 5.0.9600.16384 Prawa autorskie: © Microsoft Corporation. All rights reserved. VirusTotal: https://www.virustotal.com/file/c5702c91551a8eeca4e0fc935b6bca1fcd26d05c11711d15392fdc5191474826/analysis/1518797762/ ====== Koniec File: ====== ========================= File: C:\Program Files (x86)\yeIGOyz.exe ======================== C:\Program Files (x86)\yeIGOyz.exe Plik podpisany cyfrowo MD5: 8522688D7CCCA3DBA216C70EB92DA39B Data utworzenia i modyfikacji: 2018-01-09 23:14 - 2013-08-22 04:39 Rozmiar: 000192512 Atrybuty: ----A Firma: Microsoft Corporation Wewnętrzna nazwa: bitsadmin.exe Oryginalna nazwa: bitsadmin.exe Produkt: Microsoft® Windows® Operating System Opis: BITS administration utility Plik Wersja: 7.7.9600.16384 (winblue_rtm.130821-1623) Produkt Wersja: 7.7.9600.16384 Prawa autorskie: © Microsoft Corporation. All rights reserved. VirusTotal: https://www.virustotal.com/file/f5c8d1ff59df62de9620e65cad39722df0a8593c186b721cb4cf0d27080f9133/analysis/1516904113/ ====== Koniec File: ====== C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk => pomyślnie przeniesiono C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\Ewa - Chrome.lnk => Skrót - argument pomyślnie usunięto C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Tomasz - Chrome.lnk => Skrót - argument pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitoWP\Deinstalacja.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitoWP\Pomoc.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitoWP\VitoWP w internecie.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitoWP\VitoWP.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast\SopCast web site.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast\Uninstall.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rodos_LE 2010\Instrukcja instalacji.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rodos_LE 2010\Pierwsze kroki.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rodos_LE 2010\Rodos 2010 - edycja studencka.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Deinstalacja programu Lightshot.lnk => pomyślnie przeniesiono C:\Users\Tom\Links\OneDrive.lnk => pomyślnie przeniesiono C:\Users\Tom\Desktop\Menedżer Realtek HD Audio.lnk => pomyślnie przeniesiono C:\Users\Tom\Desktop\Programy\Domekt.lnk => pomyślnie przeniesiono C:\Users\Tom\Desktop\Programy\Malwarebytes.lnk => pomyślnie przeniesiono C:\Users\Tom\Desktop\Programy\SopCast.lnk => pomyślnie przeniesiono C:\Users\Tom\Desktop\Programy\UnHackMe.lnk => pomyślnie przeniesiono C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mad Max.lnk => pomyślnie przeniesiono C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MadMax.lnk => pomyślnie przeniesiono C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2017.lnk => pomyślnie przeniesiono C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tropico 5 - Complete Collection.lnk => pomyślnie przeniesiono C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast\SopCast.lnk => pomyślnie przeniesiono C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Domekt\Uninstall.lnk => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\Windows\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\User => pomyślnie przeniesiono HKU\S-1-5-21-3585312160-345975134-3153727662-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono "HKU\S-1-5-21-3585312160-345975134-3153727662-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => pomyślnie usunięto "HKU\S-1-5-21-3585312160-345975134-3153727662-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => klucz nie znaleziono "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dijfnbhlogmffhgpelodglnnkncadnbi" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif" => pomyślnie usunięto "Chrome HomePage" => pomyślnie usunięto "Chrome DefaultSearchURL" => pomyślnie usunięto "Chrome DefaultSearchKeyword" => pomyślnie usunięto "Chrome DefaultSuggestURL" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\MBAMWebProtection" => pomyślnie usunięto MBAMWebProtection => serwis pomyślnie usunięto "HKCU\Software\Mozilla" => pomyślnie usunięto "HKCU\Software\MozillaPlugins" => pomyślnie usunięto "HKLM\SOFTWARE\Mozilla" => pomyślnie usunięto "HKLM\SOFTWARE\MozillaPlugins" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Mozilla" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\mozilla.org" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\MozillaPlugins" => pomyślnie usunięto C:\Users\Tom\AppData\Local\Mozilla => pomyślnie przeniesiono C:\Users\Tom\AppData\Roaming\Mozilla => pomyślnie przeniesiono C:\Users\Tom\AppData\Roaming\Profiles => pomyślnie przeniesiono ========= dir /a "C:\Program Files" ========= Volume in drive C is SYSTEM Volume Serial Number is B81A-A17B Directory of C:\Program Files 2017-05-03 07:33 . 2017-05-03 07:33 .. 2017-03-24 19:36 7-Zip 2016-05-01 21:29 Autodesk 2017-03-24 19:31 AVAST Software 2015-03-20 14:33 CCleaner 2017-10-24 20:28 Common Files 2016-12-12 15:43 CPL PacK 2015-03-13 21:25 DAEMON Tools Lite 2013-08-22 16:35 174 desktop.ini 2013-10-26 12:50 Hyper-V 2015-03-06 18:39 Intel 2015-09-29 16:10 Internet Explorer 2017-03-23 22:46 KMSpico 2015-06-28 21:35 KOPRIN 2015-03-21 11:49 Microsoft Office 2016-06-08 10:37 Microsoft Silverlight 2017-04-10 08:56 MK 2013-10-26 12:50 MSBuild 2015-03-06 18:16 NVIDIA Corporation 2017-04-24 21:10 Realtek 2013-10-26 12:50 Reference Assemblies 2015-10-08 16:48 Rockstar Games 2013-08-22 15:47 Uninstall Information 2013-10-26 12:36 Unlocker 2017-01-29 17:03 VideoLAN 2013-09-30 05:18 Windows Defender 2013-09-30 04:56 Windows Mail 2015-03-17 21:53 Windows Media Player 2013-08-22 16:36 Windows Multimedia Platform 2013-08-22 16:36 Windows NT 2013-09-30 04:56 Windows Photo Viewer 2013-08-22 16:36 Windows Portable Devices 2013-08-22 16:36 Windows Sidebar 2015-03-06 17:21 WindowsApps 2013-08-22 16:36 WindowsPowerShell 2017-03-24 20:41 WinRAR 1 File(s) 174 bytes 36 Dir(s) 61˙664˙776˙192 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Volume in drive C is SYSTEM Volume Serial Number is B81A-A17B Directory of C:\Program Files (x86) 2018-02-17 17:47 . 2018-02-17 17:47 .. 2015-05-22 13:45 Adobe 2015-09-01 20:40 Alcohol Soft 2015-03-20 17:03 ALLPlayer 2016-05-01 21:26 Autodesk 2018-02-18 16:44 Common Files 2015-12-15 20:45 Corel 2018-02-17 17:47 CrystalDiskInfo 2016-10-17 19:36 Datacomp 2013-08-22 16:34 174 desktop.ini 2017-02-15 19:47 e-file 2015-04-18 16:08 EssentialPIM 2017-01-11 22:01 FLIR Systems 2015-06-24 21:00 foobar2000 2017-04-11 20:36 Google 2015-04-21 18:14 Hp 2017-04-24 21:09 InstallShield Installation Information 2015-03-06 18:35 Intel 2013-09-30 05:18 Internet Explorer 2018-02-18 14:18 Java 2017-09-05 17:14 KMPlayer 2018-01-09 23:48 Mail.Ru 2015-04-17 22:01 Microsoft 2013-10-26 12:44 Microsoft CAPICOM 2.1.0.2 2015-03-21 11:50 Microsoft Office 2016-06-08 10:37 Microsoft Silverlight 2016-05-05 20:47 Microsoft SQL Server Compact Edition 2015-03-21 11:50 Microsoft Visual Studio 2015-03-21 11:49 Microsoft Visual Studio 8 2015-03-21 11:50 Microsoft Works 2015-03-21 11:49 Microsoft.NET 2017-04-10 08:56 MIO 2017-03-29 16:57 MK 2017-04-11 20:15 Mozilla Firefox 2015-03-21 11:50 MSBuild 2015-11-25 20:38 MSECache 2017-08-25 13:33 NapiProjekt 2015-03-06 18:16 NVIDIA Corporation 2017-01-12 19:12 OpenOffice 4 2017-03-24 19:37 QuickTime 2017-04-24 21:07 Realtek 2013-10-26 12:50 Reference Assemblies 2015-10-08 16:48 Rockstar Games 2017-09-05 17:09 Skype 2013-10-26 12:53 TakeOwnershipEx 2016-09-29 19:13 TeamViewer 2017-04-24 21:10 Temp 2017-04-11 20:16 UnHackMe 2017-02-19 14:31 VideoLAN 2013-09-30 05:18 Windows Defender 2016-05-05 20:47 Windows Live 2013-09-30 04:56 Windows Mail 2013-08-22 16:36 Windows Multimedia Platform 2013-08-22 16:36 Windows NT 2013-09-30 04:56 Windows Photo Viewer 2013-08-22 16:36 Windows Portable Devices 2013-08-22 16:36 Windows Sidebar 2013-08-22 16:36 WindowsPowerShell 2013-08-22 04:39 192˙512 yeIGOyz.exe 2016-10-17 19:36 Zuzia10 2 File(s) 192˙686 bytes 59 Dir(s) 61˙664˙772˙096 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files\Common Files\System" ========= Volume in drive C is SYSTEM Volume Serial Number is B81A-A17B Directory of C:\Program Files\Common Files\System 2013-09-30 04:56 . 2013-09-30 04:56 .. 2013-09-30 04:56 ado 2013-08-22 12:03 30˙208 DirectDB.dll 2013-08-22 15:51 en-US 2013-09-30 04:56 msadc 2013-09-30 04:56 Ole DB 2013-09-30 04:56 pl-PL 2013-08-22 11:16 851˙456 wab32.dll 2013-08-22 12:42 988˙160 wab32res.dll 3 File(s) 1˙869˙824 bytes 7 Dir(s) 61˙664˙776˙192 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files\System" ========= Volume in drive C is SYSTEM Volume Serial Number is B81A-A17B Directory of C:\Program Files (x86)\Common Files\System 2015-03-21 11:49 . 2015-03-21 11:49 .. 2013-09-30 04:56 ado 2013-08-22 04:40 26˙112 DirectDB.dll 2013-08-22 15:51 en-US 2013-09-30 04:56 msadc 2015-03-21 11:49 MSMAPI 2015-03-21 11:49 Ole DB 2013-09-30 04:56 pl-PL 2013-08-22 04:01 710˙656 wab32.dll 2013-08-22 05:17 988˙160 wab32res.dll 3 File(s) 1˙724˙928 bytes 8 Dir(s) 61˙664˙772˙096 bytes free ========= Koniec CMD: ========= ========= dir /a C:\ProgramData ========= Volume in drive C is SYSTEM Volume Serial Number is B81A-A17B Directory of C:\ProgramData 2018-02-18 15:32 . 2018-02-18 15:32 .. 2015-04-18 21:30 .mono 2015-05-22 13:46 Adobe 2015-03-20 17:03 ALLPlayer 2015-09-29 16:10 Apple 2017-03-24 19:37 Apple Computer 2013-08-22 15:45 Application Data [C:\ProgramData] 2017-04-24 21:10 Audyssey Labs 2016-05-02 20:56 Autodesk 2017-10-10 19:30 AVAST Software 2016-12-18 14:12 Avg 2016-12-18 14:09 Common Files 2015-12-15 20:48 Corel 2015-12-15 20:47 CorelDRAW Graphics Suite X7 2015-03-13 21:25 DAEMON Tools Lite 2013-10-26 12:14 Dane aplikacji [C:\ProgramData] 2013-08-22 15:45 Desktop [C:\Users\Public\Desktop] 2013-08-22 15:45 Documents [C:\Users\Public\Documents] 2013-10-26 12:14 Dokumenty [C:\Users\Public\Documents] 2015-03-06 18:37 0 DP45977C.lfl 2015-03-17 21:28 Electronic Arts 2016-05-01 21:32 FLEXnet 2017-01-11 22:01 FLIR Systems 2015-04-21 18:17 HP 2015-04-21 18:14 HP Product Assistant 2017-05-23 16:47 3˙733 hpzinstall.log 2015-03-06 18:40 Intel 2016-11-02 10:32 KONAMI 2018-01-09 23:15 Mail.Ru 2013-10-26 12:14 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 2017-02-01 08:12 MFAData 2017-03-23 22:16 Microsoft 2015-11-11 19:19 Microsoft Help 2016-02-06 16:02 Microsoft OneDrive 2016-05-01 21:28 153 Microsoft.SqlServer.Compact.351.32.bc 2017-01-11 22:03 108 Microsoft.SqlServer.Compact.400.32.bc 2018-01-09 23:42 266 ntuser.pol 2018-02-18 16:38 NVIDIA 2015-03-06 18:16 NVIDIA Corporation 2018-02-18 14:25 Oracle 2015-03-13 23:01 Origin 2018-01-09 23:04 Package Cache 2015-12-15 20:48 Protexis 2013-10-26 12:14 Pulpit [C:\Users\Public\Desktop] 2015-03-14 15:46 regid.1986-12.com.adobe 2013-09-30 04:59 regid.1991-06.com.microsoft 2017-04-07 22:29 RegRun 2016-03-12 23:15 RELOADED 2015-03-16 23:23 SecuROM 2017-11-14 16:35 Skype 2016-12-12 20:43 Socialclub 2013-08-22 15:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2015-03-14 14:40 Steam 2018-02-18 15:32 SWCUTemp 2013-10-26 12:14 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 2016-05-01 21:39 TEMP 2013-08-22 15:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2015-04-21 18:17 WEBREG 5 File(s) 4˙260 bytes 54 Dir(s) 61˙664˙768˙000 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Tom\AppData\Local ========= Volume in drive C is SYSTEM Volume Serial Number is B81A-A17B Directory of C:\Users\Tom\AppData\Local 2018-02-18 16:44 . 2018-02-18 16:44 .. 2017-05-13 20:00 Adobe 2017-04-11 20:13 AMD 2015-09-29 16:10 Apple 2015-05-09 15:13 Apps 2016-05-03 10:12 Autodesk 2016-05-03 10:13 Autodesk, Inc 2017-02-01 08:12 Avg 2017-01-31 21:05 AvgSetupLog 2017-05-28 21:00 cache 2015-08-05 17:15 CEF 2017-04-07 21:25 clean 2015-04-18 21:30 Colossal Order 2018-02-18 15:36 CrashDumps 2015-03-06 17:24 Dane aplikacji [C:\Users\Tom\AppData\Local] 2017-04-11 20:36 Deployment 2018-02-02 17:03 Diagnostics 2017-04-05 17:13 e-file_sp._z_o.o 2018-01-11 12:13 e-file_sp._z_o.o._sp._k 2018-01-25 19:36 ElevatedDiagnostics 2013-08-22 04:56 55˙808 eoAAiZW.exe 2017-01-11 22:03 FLIR Systems 2017-01-11 22:03 FLIR_Systems 2017-09-11 21:46 173˙184 GDIPFONTCACHEV1.DAT 2016-11-01 18:56 Google 2015-03-06 17:24 Historia [C:\Users\Tom\AppData\Local\Microsoft\Windows\History] 2015-05-10 17:48 HP 2018-02-18 15:31 96˙358 IconCache.db 2016-07-06 20:49 1 llftool.4.40.agreement 2018-02-16 23:14 Local Recovery 2018-01-09 23:48 Mail.Ru 2016-12-18 14:12 MFAData 2018-01-09 18:50 Microsoft 2016-03-05 21:01 Microsoft Help 2015-03-06 17:46 MSfree Inc 2016-11-18 20:22 OpiumSoft 2016-05-03 10:13 Packages 2015-03-13 21:28 Programs 2018-02-18 15:36 Recovery 2017-04-05 16:05 17 resmon.resmoncfg 2015-09-17 19:02 RETScreen 2015-04-19 10:01 Rockstar Games 2016-01-04 19:09 SKIDROW 2016-02-27 18:15 Skype 2018-02-13 22:40 Spotify 2018-02-18 16:44 Temp 2015-03-06 17:24 Temporary Internet Files [C:\Users\Tom\AppData\Local\Microsoft\Windows\INetCache] 2015-03-13 22:05 The Witcher 2 2018-01-08 23:25 UAB_Amalva 2018-01-09 23:48 Unity 2016-10-20 15:43 3 updater.log 2016-10-20 15:43 424 UserProducts.xml 2018-02-02 18:19 Windows Live 2018-01-09 23:14 1 WMI.ini 8 File(s) 325˙796 bytes 47 Dir(s) 61˙664˙763˙904 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Tom\AppData\LocalLow ========= Volume in drive C is SYSTEM Volume Serial Number is B81A-A17B Directory of C:\Users\Tom\AppData\LocalLow 2018-02-18 14:17 . 2018-02-18 14:17 .. 2017-04-22 17:41 .ACEStream 2015-03-06 18:45 Adobe 2015-09-29 16:09 Apple Computer 2017-09-05 17:18 KMPlayer 2016-05-05 20:47 Microsoft 2017-04-11 20:07 Mozilla 2017-04-08 21:54 Nvizzio Creations 2018-02-18 14:17 Oracle 2018-01-09 23:56 Sun 2017-04-08 13:57 Temp 2018-01-09 23:48 Unity 2018-02-16 23:31 uTorrent 0 File(s) 0 bytes 14 Dir(s) 61˙664˙763˙904 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Tom\AppData\Roaming ========= Volume in drive C is SYSTEM Volume Serial Number is B81A-A17B Directory of C:\Users\Tom\AppData\Roaming 2018-02-18 16:44 . 2018-02-18 16:44 .. 2018-02-18 15:24 .ACEStream 2015-04-18 21:30 .mono 2017-04-22 17:42 ACEStream 2017-04-07 21:53 ACESTREAM.del 2015-05-22 13:48 Adobe 2015-09-29 21:59 Apple Computer 2016-05-02 20:56 Autodesk 2017-03-24 19:29 AVAST Software 2016-12-18 14:13 AVG 2017-02-15 19:48 com.efile.epity 2016-03-02 16:51 com.efile.epity2015 2015-12-15 20:47 Corel 2017-10-02 22:01 DAEMON Tools Lite 2018-01-11 22:35 Domekt 2016-01-14 20:19 dvdcss 2016-10-10 15:55 EssentialPIM 2015-03-20 17:52 EurekaLog 2013-08-22 04:39 59 EvuyXJiab.bat 2016-03-02 16:51 fillUp 2017-09-18 18:35 foobar2000 2016-03-01 11:30 GofinDruki 2017-05-17 19:40 Google 2015-03-06 17:44 HD Tune Pro 2015-05-10 17:48 HP 2015-04-21 18:14 HpUpdate 2015-03-06 18:36 Intel Corporation 2017-04-09 14:34 Kalypso Media 2015-03-06 17:58 Macromedia 2017-12-07 14:42 Microsoft 2015-03-20 17:05 NapiProjekt 2015-03-14 15:46 NVIDIA 2017-01-12 19:12 OpenOffice 2017-08-19 21:41 132 Preferencje formatu PNG CS6 firmy Adobe 2015-09-17 19:03 RETScreen 2016-11-07 08:19 Rocket.Chat+ 2016-11-23 10:20 Skype 2018-02-13 22:40 Spotify 2015-03-14 16:58 StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2015-04-18 21:30 Steam 2018-01-09 23:56 Sun 2015-09-05 19:15 TakeOwnershipEx 2016-10-09 16:30 TeamViewer 2017-10-22 21:27 Tropico 5 2016-12-18 14:12 TuneUp Software 2018-02-16 23:31 uTorrent 2015-04-18 17:59 VitoWP 2018-02-18 15:25 vlc 2015-03-06 18:29 WinRAR 2 File(s) 191 bytes 48 Dir(s) 61˙664˙759˙808 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users ========= Volume in drive C is SYSTEM Volume Serial Number is B81A-A17B Directory of C:\Users 2015-03-06 17:24 . 2015-03-06 17:24 .. 2013-08-22 15:45 All Users [C:\ProgramData] 2013-10-26 21:34 Default 2013-08-22 15:45 Default User [C:\Users\Default] 2013-08-22 16:34 174 desktop.ini 2015-03-06 17:22 Public 2018-02-18 16:44 Tom 1 File(s) 174 bytes 7 Dir(s) 61˙664˙763˙904 bytes free ========= Koniec CMD: ========= ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22209315 B Java, Flash, Steam htmlcache => 558 B Windows/system/drivers => 501221 B Edge => 0 B Chrome => 41932806 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 2337 B NetworkService => 0 B Tom => 190455489 B RecycleBin => 0 B EmptyTemp: => 251.3 MB danych tymczasowych Usunięto. ================================ Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 18-02-2018 16:46:09) Rezultat usuwania kluczy przy restarcie: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{083DBD78-6142-4412-889A-5C2FF00931A8}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{083DBD78-6142-4412-889A-5C2FF00931A8}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\oudkhUIy" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{686BFC1A-ACF6-4F7B-97D0-FB09235494D7}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{686BFC1A-ACF6-4F7B-97D0-FB09235494D7}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SAAUauULUHEA" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43AD0FC1-8A67-4B75-9973-607FCA0C4158}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43AD0FC1-8A67-4B75-9973-607FCA0C4158}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dzopercomjhar" => pomyślnie usunięto ==== Koniec Fixlog 16:46:09 ====