Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 14.03.2018 Uruchomiony przez byrdz (23-03-2018 15:02:47) Run:2 Uruchomiony z C:\Users\byrdz\Documents\FIX IT PLEASE Załadowane profile: byrdz (Dostępne profile: defaultuser0 & byrdz) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Native Instruments Homepage.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Massive\Native Instruments Homepage.lnk C:\Users\byrdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kazrog\Recabinet\Manual.lnk C:\Users\byrdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kazrog\Recabinet\Uninstall.lnk ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku Task: {09B886FF-8099-4260-A05F-5802AEAD33D8} - System32\Tasks\dTRRfHQjsHOvbdt2 => rundll32 "C:\Program Files (x86)\LfFoujfjU\vJRmNI.dll",#1 Task: {CEFC37DF-45F8-422D-AE02-524CCA67331F} - System32\Tasks\qFbxfDUevnccZZ => rundll32 "C:\Program Files (x86)\jzVqtpDsXbLU2\EvfJfRbmLNDIf.dll",#1 Task: {EB593E33-0DC7-4D22-87F1-F1F330177DA5} - System32\Tasks\dIxshjfnsDsrepSSqPt2 => rundll32 "C:\Program Files (x86)\pidIvTaYsJowC\MczYPAT.dll",#1 Task: {FFDEAE73-39A9-4E12-8959-6F63B0386E8D} - System32\Tasks\WlbBJSMcknvngxNxC2 => rundll32 "C:\Program Files (x86)\mAUzXDPkZrvZtXzyunR\youRzsM.dll",#1 C:\Program Files (x86)\LfFoujfjU C:\Program Files (x86)\jzVqtpDsXbLU2 C:\Program Files (x86)\pidIvTaYsJowC C:\Program Files (x86)\mAUzXDPkZrvZtXzyunR Task: {18EBE0ED-1EAB-4776-BDFC-E8DFA3640784} - System32\Tasks\GoogleUpdateSecurityTaskMachine_AJ => C:\Users\byrdz\AppData\Roaming\4aa57c69cf284598ba2474ba12f54e45\HandlerExecution.exe [2018-03-22] () <==== UWAGA Task: {8BCC4E10-726F-4DA4-B219-6D2BE0E31FB2} - System32\Tasks\GoogleUpdateSecurityTaskMachine_YD => C:\Users\byrdz\AppData\Roaming\73179a203cf14340a078b0b2aacf6ba6\HandlerExecution.exe [2018-03-22] () <==== UWAGA Task: {A4C9CEF0-7528-4F97-B650-8F312A6116F1} - System32\Tasks\GoogleUpdateSecurityTaskMachine_OX => C:\Users\byrdz\AppData\Roaming\76cc55dd9a3740408c857ed0f23ff1bb\HandlerExecution.exe [2018-03-22] () <==== UWAGA Task: {E6E348A5-D695-46CB-88BC-4DDDA52CD080} - System32\Tasks\GoogleUpdateSecurityTaskMachine_LF => C:\Users\byrdz\AppData\Local\ca82a53784824e738c137e50727f8f1a\HandlerExecution.exe [2018-03-22] () <==== UWAGA Task: {A3D367BC-0B47-45F3-A9CB-CDB33A77C63B} - System32\Tasks\GoogleUpdateSecurityTaskMachine_FG => C:\ProgramData\e9bee0b438034d95b679fea1fd7dc782\HandlerExecution.exe [2018-03-22] () <==== UWAGA C:\Users\byrdz\AppData\Roaming\4aa57c69cf284598ba2474ba12f54e45 C:\Users\byrdz\AppData\Roaming\73179a203cf14340a078b0b2aacf6ba6 C:\Users\byrdz\AppData\Roaming\76cc55dd9a3740408c857ed0f23ff1bb C:\ProgramData\e9bee0b438034d95b679fea1fd7dc782 Task: {626CFDB1-5A99-4870-8752-C6117F6A7A62} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA Task: {662EABC6-8533-4A21-B365-DAE015B50537} - System32\Tasks\cmdsrv => C:\Browse\cmdsrvs.exe [2018-03-13] (Secrypt Inc.) C:\Browse GroupPolicy: Ograniczenia - Chrome <==== UWAGA S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S1 ebsktgnk; \??\C:\WINDOWS\system32\drivers\ebsktgnk.sys [X] S1 fqvefljg; \??\C:\WINDOWS\system32\drivers\fqvefljg.sys [X] S1 nkwpmper; \??\C:\WINDOWS\system32\drivers\nkwpmper.sys [X] S1 sldylynf; \??\C:\WINDOWS\system32\drivers\sldylynf.sys [X] S1 tcqhgvfw; \??\C:\WINDOWS\system32\drivers\tcqhgvfw.sys [X] 2018-03-22 15:34 - 2018-03-22 15:34 - 000000000 ____D C:\Program Files (x86)\yplCmHJcuoUn 2018-03-22 15:34 - 2018-03-22 15:34 - 000000000 ____D C:\Program Files (x86)\JwYYyjKjrIE 2018-03-22 15:07 - 2018-03-22 15:07 - 000000000 ____D C:\Program Files (x86)\pidIvTaYsJowCapgudtfmgq 2018-03-22 15:07 - 2018-03-22 15:07 - 000000000 ____D C:\Program Files (x86)\mAUzXDPkZrvZtXzyunRqnaqcoltor 2018-03-22 14:09 - 2018-03-22 14:09 - 000000000 ____D C:\Program Files (x86)\pidIvTaYsJowCwwpehuhwin 2018-03-22 14:09 - 2018-03-22 14:09 - 000000000 ____D C:\Program Files (x86)\mAUzXDPkZrvZtXzyunRytubqimuyg 2018-03-22 14:07 - 2018-03-22 14:09 - 000000000 ____D C:\Program Files (x86)\foldershare 2018-03-22 14:09 - 2018-03-22 15:45 - 000000000 ____D C:\Program Files\UEDT1PI04N 2018-03-22 14:35 - 2018-03-22 15:08 - 000000000 ____D C:\Users\byrdz\AppData\Local\yvxxOSvvvpXeZpQog 2018-03-22 14:09 - 2018-03-22 15:30 - 000000000 ____D C:\Users\byrdz\AppData\Roaming\j55dtnxuyah 2018-03-22 14:08 - 2018-03-22 15:19 - 000000000 ____D C:\Users\byrdz\AppData\Roaming\cpuminer 2018-03-22 14:08 - 2018-03-22 14:08 - 000000000 ____D C:\Users\byrdz\AppData\Roaming\gplyra 2018-03-22 14:06 - 2018-03-22 14:06 - 000000000 ____D C:\ProgramData\ef737cee-6357-1 2018-03-22 14:06 - 2018-03-22 14:06 - 000000000 ____D C:\ProgramData\ef737cee-3535-0 2018-03-22 14:09 - 2018-03-22 15:43 - 000000000 ____D C:\ProgramData\9d594f1d35 2018-03-22 14:07 - 2018-03-22 15:08 - 000000000 ____D C:\Applications Folder: C:\Users\Public\Documents\AdobeGC Folder: C:\WINDOWS\Microsoft Antimalware Folder: C:\WINDOWS\system32\config\SOFTWARE Folder: C:\Users\byrdz\AppData\Roaming\WidModule Folder: C:\Program Files (x86)\ON Tcpip\..\Interfaces\{5b7f5289-b6e9-46e5-bfee-e51b2047720e}: [NameServer] 82.163.142.8,95.211.158.136 CMD: ipconfig /flushdns CMD: netsh advfirewall reset Hosts: CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files\System" CMD: dir /a "C:\Program Files (x86)\Common Files\System" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\byrdz\AppData\Local CMD: dir /a C:\Users\byrdz\AppData\LocalLow CMD: dir /a C:\Users\byrdz\AppData\Roaming Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Native Instruments Homepage.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Massive\Native Instruments Homepage.lnk => pomyślnie przeniesiono C:\Users\byrdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kazrog\Recabinet\Manual.lnk => pomyślnie przeniesiono C:\Users\byrdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kazrog\Recabinet\Uninstall.lnk => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => nie znaleziono "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09B886FF-8099-4260-A05F-5802AEAD33D8}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09B886FF-8099-4260-A05F-5802AEAD33D8}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\dTRRfHQjsHOvbdt2 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dTRRfHQjsHOvbdt2" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEFC37DF-45F8-422D-AE02-524CCA67331F}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEFC37DF-45F8-422D-AE02-524CCA67331F}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\qFbxfDUevnccZZ => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\qFbxfDUevnccZZ" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB593E33-0DC7-4D22-87F1-F1F330177DA5}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB593E33-0DC7-4D22-87F1-F1F330177DA5}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\dIxshjfnsDsrepSSqPt2 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dIxshjfnsDsrepSSqPt2" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FFDEAE73-39A9-4E12-8959-6F63B0386E8D}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFDEAE73-39A9-4E12-8959-6F63B0386E8D}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\WlbBJSMcknvngxNxC2 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WlbBJSMcknvngxNxC2" => pomyślnie usunięto C:\Program Files (x86)\LfFoujfjU => pomyślnie przeniesiono C:\Program Files (x86)\jzVqtpDsXbLU2 => pomyślnie przeniesiono C:\Program Files (x86)\pidIvTaYsJowC => pomyślnie przeniesiono C:\Program Files (x86)\mAUzXDPkZrvZtXzyunR => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18EBE0ED-1EAB-4776-BDFC-E8DFA3640784}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18EBE0ED-1EAB-4776-BDFC-E8DFA3640784}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_AJ => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_AJ" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BCC4E10-726F-4DA4-B219-6D2BE0E31FB2}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BCC4E10-726F-4DA4-B219-6D2BE0E31FB2}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_YD => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_YD" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4C9CEF0-7528-4F97-B650-8F312A6116F1}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4C9CEF0-7528-4F97-B650-8F312A6116F1}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_OX => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_OX" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6E348A5-D695-46CB-88BC-4DDDA52CD080}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6E348A5-D695-46CB-88BC-4DDDA52CD080}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_LF => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_LF" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3D367BC-0B47-45F3-A9CB-CDB33A77C63B}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3D367BC-0B47-45F3-A9CB-CDB33A77C63B}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_FG => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_FG" => pomyślnie usunięto C:\Users\byrdz\AppData\Roaming\4aa57c69cf284598ba2474ba12f54e45 => pomyślnie przeniesiono C:\Users\byrdz\AppData\Roaming\73179a203cf14340a078b0b2aacf6ba6 => pomyślnie przeniesiono C:\Users\byrdz\AppData\Roaming\76cc55dd9a3740408c857ed0f23ff1bb => pomyślnie przeniesiono C:\ProgramData\e9bee0b438034d95b679fea1fd7dc782 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{626CFDB1-5A99-4870-8752-C6117F6A7A62}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{626CFDB1-5A99-4870-8752-C6117F6A7A62}" => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => niepowodzenie przy usuwaniu. Odmowa dostępu. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{662EABC6-8533-4A21-B365-DAE015B50537}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{662EABC6-8533-4A21-B365-DAE015B50537}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\cmdsrv => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cmdsrv" => pomyślnie usunięto C:\Browse => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono "HKLM\System\CurrentControlSet\Services\gupdate" => pomyślnie usunięto gupdate => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\gupdatem" => pomyślnie usunięto gupdatem => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\ebsktgnk" => pomyślnie usunięto ebsktgnk => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\fqvefljg" => pomyślnie usunięto fqvefljg => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\nkwpmper" => pomyślnie usunięto nkwpmper => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\sldylynf" => pomyślnie usunięto sldylynf => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\tcqhgvfw" => pomyślnie usunięto tcqhgvfw => serwis pomyślnie usunięto C:\Program Files (x86)\yplCmHJcuoUn => pomyślnie przeniesiono C:\Program Files (x86)\JwYYyjKjrIE => pomyślnie przeniesiono C:\Program Files (x86)\pidIvTaYsJowCapgudtfmgq => pomyślnie przeniesiono C:\Program Files (x86)\mAUzXDPkZrvZtXzyunRqnaqcoltor => pomyślnie przeniesiono C:\Program Files (x86)\pidIvTaYsJowCwwpehuhwin => pomyślnie przeniesiono C:\Program Files (x86)\mAUzXDPkZrvZtXzyunRytubqimuyg => pomyślnie przeniesiono C:\Program Files (x86)\foldershare => pomyślnie przeniesiono C:\Program Files\UEDT1PI04N => pomyślnie przeniesiono C:\Users\byrdz\AppData\Local\yvxxOSvvvpXeZpQog => pomyślnie przeniesiono C:\Users\byrdz\AppData\Roaming\j55dtnxuyah => pomyślnie przeniesiono C:\Users\byrdz\AppData\Roaming\cpuminer => pomyślnie przeniesiono C:\Users\byrdz\AppData\Roaming\gplyra => pomyślnie przeniesiono C:\ProgramData\ef737cee-6357-1 => pomyślnie przeniesiono C:\ProgramData\ef737cee-3535-0 => pomyślnie przeniesiono C:\ProgramData\9d594f1d35 => pomyślnie przeniesiono C:\Applications => pomyślnie przeniesiono ========================= Folder: C:\Users\Public\Documents\AdobeGC ======================== 2018-03-22 15:31 - 2018-03-22 15:31 - 000000330 ____A [646A83C89907BF1A7C8622A04DE7B552] () C:\Users\Public\Documents\AdobeGC\adobegc_a02904 ====== Koniec Folder: ====== ========================= Folder: C:\WINDOWS\Microsoft Antimalware ======================== 2018-03-22 14:26 - 2018-03-22 14:27 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Definition Updates 2018-03-22 14:26 - 2018-03-22 14:26 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Definition Updates\{47CEA7F9-B82A-4533-BFC1-4351A2823F26} 2018-03-22 14:26 - 2018-03-01 18:17 - 033187552 ____A [85D91E5C6053711D05C6096F8FEEA7C3] (Microsoft Corporation) C:\WINDOWS\Microsoft Antimalware\Definition Updates\{47CEA7F9-B82A-4533-BFC1-4351A2823F26}\mpasbase.vdm 2018-03-22 14:26 - 2018-03-22 13:28 - 004644584 ____A [F13B032282BF207234EC3108B2FEAC8D] (Microsoft Corporation) C:\WINDOWS\Microsoft Antimalware\Definition Updates\{47CEA7F9-B82A-4533-BFC1-4351A2823F26}\mpasdlta.vdm 2018-03-22 14:26 - 2018-03-01 18:17 - 060515552 ____A [B29B11807B08D7DAE57C4ADC09BB2E4B] (Microsoft Corporation) C:\WINDOWS\Microsoft Antimalware\Definition Updates\{47CEA7F9-B82A-4533-BFC1-4351A2823F26}\mpavbase.vdm 2018-03-22 14:26 - 2018-03-22 13:28 - 008828640 ____A [0968B75444AFEC7429386134FA4893F1] (Microsoft Corporation) C:\WINDOWS\Microsoft Antimalware\Definition Updates\{47CEA7F9-B82A-4533-BFC1-4351A2823F26}\mpavdlta.vdm 2018-03-22 14:26 - 2018-02-09 02:25 - 014453336 ____A [C80DF35BF0E3457CB71C2BC57644EE8F] (Microsoft Corporation) C:\WINDOWS\Microsoft Antimalware\Definition Updates\{47CEA7F9-B82A-4533-BFC1-4351A2823F26}\mpengine.dll 2018-03-22 14:26 - 2018-03-22 14:26 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Definition Updates\Backup 2018-03-22 14:26 - 2018-03-22 14:27 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Definition Updates\Updates 2018-03-22 14:26 - 2018-03-22 14:23 - 000058120 ____A [BF2513029E231BE96D82F7C3ABFF87F4] (Microsoft Corporation) C:\WINDOWS\Microsoft Antimalware\Definition Updates\Updates\MpKslb165de97.sys 2018-03-22 14:26 - 2018-03-22 14:32 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\LocalCopy 2018-03-22 14:26 - 2018-03-22 14:26 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Quarantine 2018-03-22 14:26 - 2018-03-22 14:32 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Scans 2018-03-22 14:26 - 2018-03-22 14:31 - 000000112 ____A [F411F5D10F54781242D3DCCD3E0C5F1F] () C:\WINDOWS\Microsoft Antimalware\Scans\MpDiag.bin 2018-03-22 14:27 - 2018-03-22 14:32 - 000180224 ____A [7712BA041B8B0BB423BF295F10932C71] () C:\WINDOWS\Microsoft Antimalware\Scans\mpenginedb.db 2018-03-22 14:31 - 2018-03-22 14:31 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry 2018-03-22 14:31 - 2018-03-22 14:32 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424 2018-03-22 14:32 - 2018-03-22 14:32 - 000001668 ____A [73324246C0E67DC65AF2232ABD92989C] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\0DFAE29A-F947-6492-61EF-CC58E059A684 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\2B029364-670E-B92E-1CB5-C4DDF5E35A37 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\31916878-7B8F-AC2B-DFC1-74D4340FCFCF 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\42CCAAB9-3813-EA51-DF03-AD81C0D873AF 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\5A877C38-9190-D720-38AC-41288B85F34F 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\63DFDEE6-1D97-19E3-3C0E-234FE4008136 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\75C3AE11-7CDE-357B-1D62-5DCA98AAD877 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\8EFEDD40-0BDA-F571-934F-8303EC4ABDD4 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\9949B37F-A428-B5C6-0714-4B9D7C3C6356 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\9B1610F2-3D6B-6CCE-6F70-36EDAAF51004 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\A3963CC1-3628-18C9-323D-896D0BEFC206 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\BD2B04D9-EA6A-C171-1E14-9C724591DC5B 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\C2CAF064-7835-F972-F9E9-822CE7C12749 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\CED62027-2D78-7EED-00A6-04A2B699AF55 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\D61EA19B-BE81-7DB2-9069-977653E360B5 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\DFB43BBB-049D-BCAF-32BB-50B3960E8A72 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\E0FF34DD-B1C3-5232-63AB-4D656F12DDC3 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\E1F1E991-ED74-EE31-3708-93C44C9112C6 2018-03-22 14:32 - 2018-03-22 14:32 - 000000094 ____A [AD9A18762B0CD194E0E4653287ACB8EE] () C:\WINDOWS\Microsoft Antimalware\Scans\FailTelemetry\6A2D9DB707AF3542AD23FD4F3A56D424\F69BF25C-5DE9-CDE3-0847-DBC95F187386 2018-03-22 14:26 - 2018-03-22 14:31 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Scans\History 2018-03-22 14:31 - 2018-03-22 14:32 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Scans\History\Results 2018-03-22 14:31 - 2018-03-22 14:31 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Scans\History\Results\Quick 2018-03-22 14:31 - 2018-03-22 14:31 - 000023694 ____A [3FE15A0F416E9F1C234ABE367D49AA04] () C:\WINDOWS\Microsoft Antimalware\Scans\History\Results\Quick\{C0C21A60-C08F-49F9-9AF6-F4DA599B1398} 2018-03-22 14:32 - 2018-03-22 14:32 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Scans\History\Results\Resource 2018-03-22 14:32 - 2018-03-22 14:32 - 000019806 ____A [0C7EA154D4A4DCF1CAF0697D84DFFB96] () C:\WINDOWS\Microsoft Antimalware\Scans\History\Results\Resource\{B79D2D6A-AF07-4235-AD23-FD4F3A56D424} 2018-03-22 14:26 - 2018-03-22 14:32 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Scans\History\Service 2018-03-22 14:31 - 2018-03-22 14:32 - 000000002 ____A [F3B25701FE362EC84616A93A45CE9998] () C:\WINDOWS\Microsoft Antimalware\Scans\History\Service\Detections.log 2018-03-22 14:32 - 2018-03-22 14:32 - 000000078 ____A [69B41003E20FAE3C669E8E5E503EA19D] () C:\WINDOWS\Microsoft Antimalware\Scans\History\Service\History.Log 2018-03-22 14:31 - 2018-03-22 14:31 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Scans\History\Service\DetectionHistory 2018-03-22 14:31 - 2018-03-22 14:31 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Scans\History\Service\DetectionHistory\22 2018-03-22 14:31 - 2018-03-22 14:32 - 000002856 ____A [0679DB8F2233EE023BA66DA2C526ABBB] () C:\WINDOWS\Microsoft Antimalware\Scans\History\Service\DetectionHistory\22\23CF80C6-C8CB-4A39-8E49-437F56C42E2F 2018-03-22 14:26 - 2018-03-22 14:26 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Support 2018-03-22 14:26 - 2018-03-22 14:32 - 000001538 ____A [7C16B66D46ADBC30C78488BD7DEA2796] () C:\WINDOWS\Microsoft Antimalware\Support\MPDetection-03222018-142656.log 2018-03-22 14:26 - 2018-03-22 14:32 - 000158198 ____A [AD677AAE963EA34FCE05A3108C65D1B7] () C:\WINDOWS\Microsoft Antimalware\Support\MPLog-03222018-142656.log 2018-03-22 14:26 - 2018-03-22 14:32 - 004194304 ____A [C29EC07B4AB980EE96D46842DEDF947D] () C:\WINDOWS\Microsoft Antimalware\Support\MpWppTracing-03222018-142656-00000003-ffffffff.bin 2018-03-22 14:26 - 2018-03-22 14:32 - 000040902 ____A [2D73FDA0E5AE5EACE5349E061FFDF770] () C:\WINDOWS\Microsoft Antimalware\Support\msssWrapper.log 2018-03-22 14:26 - 2018-03-22 14:27 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\Microsoft Antimalware\Tmp 2018-03-22 14:27 - 2018-03-22 14:27 - 000001578 ____A [44073F692F99D239CA6C043DEC3E8F70] () C:\WINDOWS\Microsoft Antimalware\Tmp\MpCmdRun.log ====== Koniec Folder: ====== ========================= Folder: C:\WINDOWS\system32\config\SOFTWARE ======================== C:\WINDOWS\system32\config\SOFTWARE => Plik ====== Koniec Folder: ====== ========================= Folder: C:\Users\byrdz\AppData\Roaming\WidModule ======================== 2018-03-22 14:07 - 2018-03-22 14:07 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\byrdz\AppData\Roaming\WidModule\data.txt 2018-03-22 14:07 - 2018-03-22 14:08 - 000013438 ____A [373BD747C335B04DC9F82B72E16992F4] () C:\Users\byrdz\AppData\Roaming\WidModule\unins000.dat 2018-03-22 14:08 - 2018-03-22 14:08 - 001202385 ____A [CB92B5729637F3A29757149ABE6A7768] () C:\Users\byrdz\AppData\Roaming\WidModule\unins000.exe ====== Koniec Folder: ====== ========================= Folder: C:\Program Files (x86)\ON ======================== 2018-03-22 14:09 - 2017-12-14 07:42 - 000001860 ____A [DEB1B377008E7C7A9BC805B740245D6B] () C:\Program Files (x86)\ON\72417.exe.config 2018-03-22 14:07 - 2017-12-14 07:42 - 000001860 ____A [DEB1B377008E7C7A9BC805B740245D6B] () C:\Program Files (x86)\ON\73843.exe.config ====== Koniec Folder: ====== "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5b7f5289-b6e9-46e5-bfee-e51b2047720e}\\NameServer" => pomyślnie usunięto ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= Koniec CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. ========= dir /a "C:\Program Files" ========= Volume in drive C has no label. Volume Serial Number is E458-3A05 Directory of C:\Program Files 23.03.2018 15:03 . 23.03.2018 15:03 .. 04.03.2018 19:39 Adobe 22.03.2018 19:36 Common Files 29.09.2017 14:44 174 desktop.ini 29.01.2018 17:01 GIMP 2 23.01.2018 17:49 Intel 30.09.2017 15:29 internet explorer 24.01.2018 08:13 Lightworks 17.01.2017 01:14 Microsoft Office 15 22.03.2018 14:07 My Program 02.12.2017 15:28 Native Instruments 08.11.2017 19:38 Neat Video v4 (SR) for Premiere 03.05.2017 22:54 paint.net 24.07.2017 05:07 PowerISO 19.01.2018 08:00 rempl 22.03.2018 14:07 Shadowsocks 04.11.2017 17:33 Steinberg 15.01.2017 06:58 Uninstall Information 23.01.2018 17:49 UNP 01.03.2018 23:55 Windows Defender 23.01.2018 17:46 Windows Mail 30.09.2017 15:29 Windows Media Player 29.09.2017 14:46 Windows Multimedia Platform 23.01.2018 18:09 windows nt 30.09.2017 15:28 Windows Photo Viewer 29.09.2017 14:46 Windows Portable Devices 29.09.2017 14:46 Windows Security 22.03.2018 14:07 Windows Sidebar 23.03.2018 09:53 WindowsApps 29.09.2017 14:46 WindowsPowerShell 22.07.2017 02:00 WinRAR 09.03.2017 19:50 Zynewave 1 File(s) 174 bytes 32 Dir(s) 464˙114˙049˙024 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Volume in drive C has no label. Volume Serial Number is E458-3A05 Directory of C:\Program Files (x86) 23.03.2018 15:03 . 23.03.2018 15:03 .. 04.03.2018 19:41 Adobe 24.03.2017 17:46 ASIO4ALL v2 18.03.2018 15:52 Common Files 29.09.2017 14:44 174 desktop.ini 22.03.2018 14:18 Google 16.09.2017 18:27 HTC 25.05.2017 17:31 Impro-Visor8.11 15.01.2017 00:17 Intel 30.09.2017 15:29 Internet Explorer 22.03.2018 13:53 Kazrog 04.02.2017 01:50 Lame For Audacity 18.03.2018 15:52 Microsoft Office 23.01.2018 17:49 Microsoft.NET 22.03.2018 13:22 Mozilla Firefox 22.03.2018 13:22 Mozilla Maintenance Service 06.06.2017 15:18 MuseScore 2 20.03.2018 00:14 NapiProjekt 22.03.2018 15:45 ON 10.01.2018 21:09 OpenOffice 4 23.03.2018 10:18 ShutdownTime 04.11.2017 17:33 steinberg 24.03.2017 19:38 VideoLAN 20.03.2018 22:37 VulkanRT 30.09.2017 15:28 Windows Defender 23.01.2018 17:46 Windows Mail 30.09.2017 15:29 Windows Media Player 29.09.2017 14:46 Windows Multimedia Platform 29.09.2017 14:46 windows nt 30.09.2017 15:28 Windows Photo Viewer 29.09.2017 14:46 Windows Portable Devices 29.09.2017 14:46 Windows Sidebar 29.09.2017 14:46 WindowsPowerShell 1 File(s) 174 bytes 33 Dir(s) 464˙114˙044˙928 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files\Common Files\System" ========= Volume in drive C has no label. Volume Serial Number is E458-3A05 Directory of C:\Program Files\Common Files\System 30.09.2017 15:28 . 30.09.2017 15:28 .. 17.02.2018 14:59 ado 30.09.2017 15:28 en-US 30.09.2017 15:28 msadc 30.09.2017 15:28 ole db 30.09.2017 15:28 pl-PL 29.09.2017 14:41 863˙744 wab32.dll 29.09.2017 14:41 964˙096 wab32res.dll 2 File(s) 1˙827˙840 bytes 7 Dir(s) 464˙114˙049˙024 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files\System" ========= Volume in drive C has no label. Volume Serial Number is E458-3A05 Directory of C:\Program Files (x86)\Common Files\System 30.09.2017 15:28 . 30.09.2017 15:28 .. 17.02.2018 14:59 ado 30.09.2017 15:28 en-US 30.09.2017 15:28 msadc 30.09.2017 15:28 ole db 30.09.2017 15:28 pl-PL 29.09.2017 14:42 748˙032 wab32.dll 29.09.2017 14:42 964˙096 wab32res.dll 2 File(s) 1˙712˙128 bytes 7 Dir(s) 464˙114˙049˙024 bytes free ========= Koniec CMD: ========= ========= dir /a C:\ProgramData ========= Volume in drive C has no label. Volume Serial Number is E458-3A05 Directory of C:\ProgramData 23.03.2018 15:03 . 23.03.2018 15:03 .. 25.07.2017 00:17 Ableton 04.03.2018 19:41 Adobe 22.03.2018 15:40 AVAST Software 16.07.2016 12:47 Comms 15.01.2017 07:02 Dane aplikacji [C:\ProgramData] 15.01.2017 07:02 Dokumenty [C:\Users\Public\Documents] 24.01.2018 08:13 Geevs 16.09.2017 18:27 HTC 20.03.2018 22:38 Intel 15.01.2017 07:02 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 24.01.2018 07:50 Microsoft 24.01.2018 07:47 Microsoft OneDrive 24.07.2017 04:34 Native Instruments 22.03.2018 14:09 266 ntuser.pol 22.03.2018 13:59 Overloud 04.03.2018 19:35 Package Cache 15.01.2017 07:02 Pulpit [C:\Users\Public\Desktop] 23.01.2018 17:49 regid.1986-12.com.adobe 18.03.2018 15:53 regid.1991-06.com.microsoft 29.09.2017 14:46 SoftwareDistribution 04.11.2017 18:46 Spectrasonics 15.01.2017 07:02 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 23.01.2018 18:11 USOPrivate 23.01.2018 18:11 USOShared 30.09.2017 15:30 WindowsHolographicDevices 24.07.2017 05:22 {1C7A6EB7-BED0-4444-B0DA-4BFDCF83C380} 03.08.2017 07:24 {95055A72-FFA9-40C0-B228-69A7BAC97B69} 24.07.2017 06:17 {A6377726-7317-464A-87EB-693294E9F383} 02.12.2017 15:28 {C78336EC-F2EB-4640-99A4-DFE96581B90B} 24.07.2017 04:35 {D3CD7CDD-9759-4CF4-BE92-BA89914360B5} 02.12.2017 15:28 {E26B3878-7CEC-469C-B449-5CAA336DF8CD} 1 File(s) 266 bytes 32 Dir(s) 464˙114˙040˙832 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\byrdz\AppData\Local ========= Volume in drive C has no label. Volume Serial Number is E458-3A05 Directory of C:\Users\byrdz\AppData\Local 23.03.2018 15:03 . 23.03.2018 15:03 .. 04.03.2018 19:36 Adobe 22.03.2018 14:18 AdService 22.03.2018 14:07 AdvinstAnalytics 22.03.2018 14:07 ca82a53784824e738c137e50727f8f1a 18.01.2017 21:44 CEF 31.01.2017 21:04 Comms 24.01.2018 07:46 ConnectedDevicesPlatform 23.01.2018 17:54 Dane aplikacji [C:\Users\byrdz\AppData\Local] 25.01.2018 15:56 DBG 10.08.2017 13:38 Diagnostics 19.03.2017 20:33 Downloaded Installations 23.03.2018 10:05 ElevatedDiagnostics 18.09.2017 19:46 fontconfig 18.09.2017 19:46 gegl-0.2 21.06.2017 03:28 Google 30.01.2018 19:15 gtk-2.0 23.01.2018 17:54 Historia [C:\Users\byrdz\AppData\Local\Microsoft\Windows\History] 23.03.2018 11:15 223˙014 IconCache.db 22.03.2018 14:07 11˙568 InstallationConfiguration.xml 22.03.2018 14:07 140˙800 installer.dat 20.03.2018 22:38 Intel 01.04.2017 11:29 Macromedia 24.01.2018 07:45 Microsoft 25.01.2017 17:32 Microsoft Help 15.01.2017 00:16 MicrosoftEdge 15.01.2017 00:25 Mozilla 24.01.2017 16:50 MuseScore 02.12.2017 15:31 Native Instruments 25.04.2017 22:58 NetworkTiles 22.03.2018 14:21 Opera Software 20.03.2018 22:36 Packages 24.01.2018 07:45 PackageStaging 03.05.2017 23:22 paint.net 22.03.2018 15:33 930˙816 po.db 22.03.2018 14:07 Programs 15.01.2017 00:12 Publishers 30.01.2018 19:15 6˙898 recently-used.xbel 22.03.2018 15:36 7˙604 Resmon.ResmonCfg 24.11.2017 16:50 Spectrasonics 30.03.2017 16:59 speech 22.03.2018 01:42 Spotify 25.05.2017 18:00 SuperCollider 23.03.2018 14:50 Temp 23.01.2018 17:54 Temporary Internet Files [C:\Users\byrdz\AppData\Local\Microsoft\Windows\INetCache] 17.09.2017 22:17 Tempzxpsign0117126a21bf8c54 24.10.2017 18:01 Tempzxpsign05abda1ef2e9152c 14.09.2017 19:45 Tempzxpsign15b076bb593e4db0 25.10.2017 17:36 Tempzxpsign1b5a7721e62f4544 23.09.2017 16:31 Tempzxpsign20a92816e6f9840f 21.09.2017 19:05 Tempzxpsign245511539e85fdc5 29.10.2017 17:29 Tempzxpsign25176c53bb608af5 11.11.2017 18:37 Tempzxpsign3079644bf3c603cd 24.10.2017 16:58 Tempzxpsign4117560ed488d404 17.07.2017 00:05 Tempzxpsign44e62ecd09bfe3bc 17.07.2017 07:42 Tempzxpsign4e24e4731d861175 24.10.2017 18:00 Tempzxpsign53ebfa5c3869d0cc 30.01.2018 18:00 Tempzxpsign59d9706ca8cf9e45 21.09.2017 19:06 Tempzxpsign5b2bbc3d7aedfe31 11.11.2017 18:35 Tempzxpsign610b468bb34207b0 04.08.2017 08:17 Tempzxpsign64560cbb5dba3dc4 18.09.2017 20:18 Tempzxpsign665d8bc5eb465835 09.08.2017 23:32 Tempzxpsign7c215dae3f320151 24.10.2017 17:00 Tempzxpsign826122b7c7875ea3 17.09.2017 22:59 Tempzxpsign89c905817378f47c 29.11.2017 18:23 Tempzxpsign9a57f0d730a8b104 17.09.2017 23:00 Tempzxpsign9b8124b0d508de9a 29.11.2017 18:25 Tempzxpsign9c7a096f1333b3ad 17.09.2017 22:15 Tempzxpsigna16c8e2213a484e1 03.10.2017 18:18 Tempzxpsignb4a6de5792f6ad93 04.10.2017 18:48 Tempzxpsignb64b235397309cf5 08.11.2017 19:39 Tempzxpsignb6f1c38ea6686b77 24.10.2017 18:05 Tempzxpsignb99395e29007a027 24.10.2017 16:57 Tempzxpsignbf4c5c5bfd8471a6 24.10.2017 18:06 Tempzxpsignc4e8384643c956b4 09.08.2017 23:32 Tempzxpsignc610caa2431dcc51 08.11.2017 19:17 Tempzxpsignc6dc1605e58fbde0 04.10.2017 18:47 Tempzxpsignceeffb1dcef157c5 29.10.2017 23:34 Tempzxpsignd74bbf7a970475b9 18.09.2017 18:40 Tempzxpsignded324d52e816196 24.10.2017 17:13 Tempzxpsigne14e1d261082814a 03.10.2017 18:19 Tempzxpsigne1b27970247ec8a0 23.09.2017 16:30 Tempzxpsigne262e15bb7644ea6 17.07.2017 00:07 Tempzxpsigne4dc47304b6b9f7f 29.10.2017 23:35 Tempzxpsigne5873278521019f6 13.01.2018 14:15 Tempzxpsigne5c7032cd78ed900 14.09.2017 19:44 Tempzxpsigne9fca20791d443d1 29.10.2017 17:30 Tempzxpsignfc91deff77cceab7 09.08.2017 23:28 Tempzxpsignfdee99d3da81ba82 08.11.2017 19:18 Tempzxpsignfef0e826f7901fd9 24.01.2018 07:45 TileDataLayer 15.07.2017 00:57 UNP 15.01.2017 00:12 VirtualStore 6 File(s) 1˙320˙700 bytes 88 Dir(s) 464˙114˙028˙544 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\byrdz\AppData\LocalLow ========= Volume in drive C has no label. Volume Serial Number is E458-3A05 Directory of C:\Users\byrdz\AppData\LocalLow 22.03.2018 13:33 . 22.03.2018 13:33 .. 31.07.2017 18:33 Evernote 01.04.2017 11:29 Microsoft 23.03.2018 14:44 Mozilla 05.02.2017 19:13 Raft 17.01.2017 00:50 Temp 0 File(s) 0 bytes 7 Dir(s) 464˙114˙032˙640 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\byrdz\AppData\Roaming ========= Volume in drive C has no label. Volume Serial Number is E458-3A05 Directory of C:\Users\byrdz\AppData\Roaming 23.03.2018 15:03 . 23.03.2018 15:03 .. 24.07.2017 06:07 Ableton 04.03.2018 15:47 Adobe 22.03.2018 14:08 FastDataX 01.04.2017 11:29 Macromedia 22.03.2018 14:07 Microleaves 23.01.2018 18:04 Microsoft 21.11.2017 02:21 Mozilla 10.03.2018 01:06 MuseScore 20.03.2018 00:14 NapiProjekt 21.11.2017 14:58 Nozbe 10.01.2018 21:10 OpenOffice 22.03.2018 14:09 Opera Software 22.03.2018 14:00 Overloud 24.07.2017 05:08 PowerISO 22.03.2018 13:53 Recabinet3Presets 22.03.2018 13:53 Recabinet4Presets 15.01.2017 00:14 Skype 22.03.2018 01:23 Spotify 22.03.2018 14:06 SystemHealer 22.03.2018 13:33 uTorrent 22.03.2018 13:33 vlc 22.03.2018 14:08 WidModule 22.07.2017 02:04 WinRAR 09.03.2017 19:50 Zynewave 0 File(s) 0 bytes 26 Dir(s) 464˙114˙008˙064 bytes free ========= Koniec CMD: ========= ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 8151040 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 102896527 B Java, Flash, Steam htmlcache => 3461 B Windows/system/drivers => 4243616 B Edge => 1113117 B Chrome => 360709176 B Firefox => 408063241 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 4182 B NetworkService => 188658 B defaultuser0 => 0 B byrdz => 491025417 B RecycleBin => 50908147568 B EmptyTemp: => 48.7 GB danych tymczasowych Usunięto. ================================ Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 23-03-2018 15:05:54) Rezultat usuwania kluczy przy restarcie: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => niepowodzenie przy usuwaniu. Odmowa dostępu. ==== Koniec Fixlog 15:05:54 ====