Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 17.03.2019 Uruchomiony przez user (29-03-2019 14:24:47) Run:1 Uruchomiony z C:\Users\user\Downloads\Nowy folder Załadowane profile: user (Dostępne profile: user & karo & Gość) Tryb startu: Safe Mode (with Networking) ============================================== fixlist - zawartość: ***************** Task: {3661E9DC-15A8-4CE0-8F73-1B8E2B76DC31} - System32\Tasks\{7C43039F-868D-2B2D-6F56-96BCFE1D923C} => "msiexec.exe" /q /i hxxps://refreshnerer711rb.info/6XluDaNWoH.3pO <==== UWAGA Task: {3382C5BE-304B-4AE7-86A9-8ED83C2A4332} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe <==== UWAGA Task: {06D4F777-E5C2-4DFF-B77C-C658ADE23922} - System32\Tasks\Opera scheduled Autoupdate 711520318 => C:\Users\user\AppData\Roaming\Microsoft\Windows\atdciudr\vvsjbjiv.exe (Auslogics) [Brak podpisu cyfrowego] C:\Users\user\AppData\Roaming\Microsoft\Windows\atdciudr\vvsjbjiv.exe Task: {A8D4E625-6C6F-45C0-8C28-40DB4D99A1C3} - System32\Tasks\{14A53F9D-1CC7-44CE-93C0-305185110475} => C:\Windows\system32\pcalua.exe -a G:\INSTALL.EXE -d G:\ Task: {D56A2AF2-418D-4F64-9A45-D5D6EA9C9402} - System32\Tasks\{0580CD35-433F-CED3-4F61-3D8278FF8688} => C:\Users\user\VeOIcpuyeqim.exe (Microsoft Windows -> Microsoft Corporation) C:\Users\user\VeOIcpuyeqim.exe ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ccdcmbwux64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpprefcl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nmwcdcoclsx64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpprefcl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\gpscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSVCP50.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\nmwcdnsux64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [130] AlternateDataStreams: C:\Users\karo\Desktop\FontViewer.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\karo\Desktop\FontViewer.exe:$CmdZnID [26] HKU\S-1-5-21-2235225777-535561683-332804176-1000\Software\Classes\.exe: => <==== UWAGA FirewallRules: [TCP Query User{E911B7AB-84F9-436A-A561-29A7BFB159B1}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe Brak pliku FirewallRules: [UDP Query User{7CB3CA27-0D15-4F05-BE3A-CCA84172B444}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe Brak pliku FirewallRules: [TCP Query User{CA94F369-3C29-4DC4-8BA3-532A34C04D74}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe Brak pliku FirewallRules: [UDP Query User{3006BD86-ECA7-470A-85F7-2F99597ECAED}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe Brak pliku FirewallRules: [TCP Query User{C3B0CD5D-5014-4D39-8EC3-1A1DE6C03217}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe Brak pliku FirewallRules: [UDP Query User{44562EF9-A25B-4D22-9952-8B27B11BA59A}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe Brak pliku FirewallRules: [{4A14C4B5-E5C7-464F-9906-D302E5B55975}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{91B77E4B-97B9-493F-A19B-2D24308226BB}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{90C0FC46-34B1-49BE-9B5A-C6CEAE23AA93}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{864EE2E8-8B87-4493-B0F4-86AD3EDB837E}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{34198088-1087-4D30-BB7C-2EC5733E504E}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{4DEF2152-CD56-40F0-8E2E-63B406893732}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{B0E673AD-A5A5-4ABE-B90F-662316AE6FB5}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{D04524C9-6CC1-479A-950F-E9735B30CBB7}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{90364810-8753-4BED-A12D-1B45C727FD06}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{FDFDA379-D586-4516-99F8-7B59F8E9A483}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{DF9089C9-D4AA-4A33-A757-237E64689DC9}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{5163BCAD-DD57-4F37-9C42-082F46B72E82}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{A5276312-E7AD-4D8A-A1B8-5B06BB05E8B1}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{7D35F66E-3B72-4303-A2F2-ADEA9CC258E3}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{300C8872-3157-4B70-9F14-97A25DCA0556}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{E41461D8-9DF5-471C-B1D5-D2673D3050B7}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{0B96C2BD-4D9D-4B68-AE97-0075771A1FCC}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{FAED70E2-8D43-4F1E-959B-05DBE82DA277}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{B81E2377-0023-4320-8BD0-CD4751DE8878}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CE1CD19A-C236-4CBA-AE95-6706F15C8E7D}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{DBAA7435-50C3-44C0-B13F-17D17B04051E}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{4890B4A0-67C2-444E-9C6E-B401E49EFC79}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{93691619-3758-4A11-8D6F-649FA53B17AE}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{3BA033E9-2DE0-432B-BA44-D8DA302F5327}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{9A4032CC-7849-461A-8D44-E2F94C9D4E50}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{DAF52FDF-F031-4140-A407-1F55715502BA}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{248E85E9-85B5-4A84-A523-8FB25E906050}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{ADDB3B1D-D6ED-443E-81AB-B8CE408497CA}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F5DDF0D2-6927-40EC-B812-89810F2190CB}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{281C973F-935D-4377-8814-7B68FE7D668E}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{7836DB9E-8D85-431F-9DF5-3F29D9AB01C5}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8BDD7F73-2582-41B9-B514-C820DF5FF2AB}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{82A64EA0-EFD2-4F0A-9113-D695184CCD4F}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{631CA928-EAEF-437F-A9BE-40A483E0E75E}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F0DDBECF-16EE-4651-B248-ED5DC683A895}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{64818208-3E0C-4358-8740-171BFE634C39}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{324E459C-D0DF-44A7-B9CA-3AB111F812D8}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E342D27F-D9FC-4D8A-A11C-F5A5AA723142}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{33365278-6494-4EBB-AF6B-39D2752E5F29}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{A86E1DD9-13D7-441E-84FF-D894DDAD1518}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{9BD77420-C354-4628-8BC9-A5831E14C453}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{5461DEF3-3C3A-4B4E-96B7-B1E41ACE79AB}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{737B4C31-B272-4499-8954-B95D8747B0A7}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{574114B2-D332-44D3-A506-221D4F7DCF46}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{59AD8EFF-6F96-4AE6-9327-5F9BF450C0B7}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) FirewallRules: [{F5C60B77-8878-45A4-BA56-4223D78A9167}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{30273B23-B785-4AF2-B0D6-27E78BE3FA61}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{46CAC50F-139C-4C45-A084-DB6D8B24A59F}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation) HKLM-x32\...\Run: [] => [X] AppInit_DLLs: C:\ProgramData\Tolnix\Indigolax.dll => Brak pliku AppInit_DLLs-x32: C:\ProgramData\Tolnix\Daltit.dll => Brak pliku RemoveDirectory: C:\ProgramData\Tolnixs RemoveDirectory: C:\ProgramData\Tolnix Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\atdciudr.lnk [2019-03-29] ShortcutTarget: atdciudr.lnk -> C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) Tcpip\Parameters: [NameServer] 82.163.142.9 95.211.158.137 Tcpip\..\Interfaces\{AC40A031-B3C4-4206-8821-9D665965B23E}: [NameServer] 82.163.142.9 95.211.158.137 Tcpip\..\Interfaces\{AC40A031-B3C4-4206-8821-9D665965B23E}: [DhcpNameServer] 82.163.142.9 Tcpip\..\Interfaces\{C6E2CDE2-7AE7-4BEF-92A4-9384AEBC3F35}: [NameServer] 82.163.142.9 95.211.158.137 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1430923060&z=6c933e66f126b113b2fc0abgazacbe9t7o8cee9w4t&from=cor&uid=ST3500418AS_5VMK5KSWXXXX5VMK5KSW&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1430923060&z=6c933e66f126b113b2fc0abgazacbe9t7o8cee9w4t&from=cor&uid=ST3500418AS_5VMK5KSWXXXX5VMK5KSW&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1430923060&z=6c933e66f126b113b2fc0abgazacbe9t7o8cee9w4t&from=cor&uid=ST3500418AS_5VMK5KSWXXXX5VMK5KSW&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1430923060&z=6c933e66f126b113b2fc0abgazacbe9t7o8cee9w4t&from=cor&uid=ST3500418AS_5VMK5KSWXXXX5VMK5KSW&q={searchTerms} HKU\S-1-5-21-2235225777-535561683-332804176-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBD8Dduob2PoDPzepbK0F-EUdpL3BIjl_D0w8MqEsw1Vhmu9D3yLY03wDTEcSpv_-agZCqLCFsF1krjoDd-blXHqvQ53R2nwKvTBJOxEEG9JDojFsj_h2qhP8OSilhC_umomiX4-_8eKxVlLnqjIJfIRmnjp2Vu-6jAZoBT8kj4DkB0Drk,&q={searchTerms} HKU\S-1-5-21-2235225777-535561683-332804176-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBD8Dduob2PoDPzepbK0F-EUdpL3BIjl_D0w8MqEsw1Vhmu9D3yLY03wDTEcSpv_-agZCqLCFsF1krjoDd-blXHplNdS6j-VMAd-M0lCN-CAilL_JayDHepl6q4KduTwuB0UMDB5Hf9KBigCShjNKjRxgdo3kWcKbOLv1jF_o3tp-ADK9A, SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBD8Dduob2PoDPzepbK0F-EUdpL3BIjl_D0w8MqEsw1Vhmu9D3yLY03wDTEcSpv_-agZCqLCFsF1krjoDd-blXHqvQ53R2nwKvTBJOxEEG9JDojFsj_h2qhP8OSilhC_umomiX4-_8eKxVlLnqjIJfIRmnjp2Vu-6jAZoBT8kj4DkB0Drk,&q={searchTerms} SearchScopes: HKU\S-1-5-21-2235225777-535561683-332804176-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBD8Dduob2PoDPzepbK0F-EUdpL3BIjl_D0w8MqEsw1Vhmu9D3yLY03wDTEcSpv_-agZCqLCFsF1krjoDd-blXHqvQ53R2nwKvTBJOxEEG9JDojFsj_h2qhP8OSilhC_umomiX4-_8eKxVlLnqjIJfIRmnjp2Vu-6jAZoBT8kj4DkB0Drk,&q={searchTerms} SearchScopes: HKU\S-1-5-21-2235225777-535561683-332804176-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBD8Dduob2PoDPzepbK0F-EUdpL3BIjl_D0w8MqEsw1Vhmu9D3yLY03wDTEcSpv_-agZCqLCFsF1krjoDd-blXHqvQ53R2nwKvTBJOxEEG9JDojFsj_h2qhP8OSilhC_umomiX4-_8eKxVlLnqjIJfIRmnjp2Vu-6jAZoBT8kj4DkB0Drk,&q={searchTerms} Toolbar: HKU\S-1-5-21-2235225777-535561683-332804176-1000 -> Brak nazwy - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Brak pliku FF NewTab: Mozilla\Firefox\Profiles\r6n9kskh.default-1448621829598 -> file:///C:/ProgramData/Tolnixs/ff.NT FF NewTabOverride: Mozilla\Firefox\Profiles\r6n9kskh.default-1448621829598 -> Enabled: newtaboverride@agenedia.com FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r6n9kskh.default-1448621829598\searchplugins\findit.xml [2015-12-23] S2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2019-03-03] () [Brak podpisu cyfrowego] <==== UWAGA RemoveDirectory: C:\ProgramData\Logic Cramble S2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2019-03-03] () [Brak podpisu cyfrowego] <==== UWAGA C:\ProgramData\PrefsSecure\Nettrans.exe S2 Tolnix; C:\ProgramData\\Tolnix\\Tolnix.exe shuz -f "C:\ProgramData\\Tolnix\\Tolnix.dat" -l -a S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] RemoveDirectory: C:\ProgramData\JPWDAOEPIX6JB44XAXDY C:\ProgramData\TDBSRNB9KBH2J12A3U78 2019-03-23 10:26 - 2019-03-23 10:26 - 000000000 ____D C:\ProgramData\{8DE6279C-27E2-AE90-9A3A-13229ADD4A73} 2019-03-23 10:26 - 2019-03-23 10:26 - 000000000 ____D C:\ProgramData\{7B99FB46-FB38-58EF-40E6-6CD440013585} 2019-03-23 10:26 - 2019-03-23 10:26 - 000000000 ____D C:\ProgramData\{720C2205-227B-517A-033F-F9DD03D8A08C} 2019-03-18 10:11 - 2019-03-23 10:27 - 000000000 ____D C:\ProgramData\{E6DD82EA-8294-C5AB-EC9F-2849EC787118} 2019-03-18 10:11 - 2019-03-23 10:27 - 000000000 ____D C:\ProgramData\{3C8C9690-96EE-1FFA-968B-7993966C20C2} 2019-03-13 02:36 - 2019-03-18 10:12 - 000000000 ____D C:\ProgramData\{C042B334-B34A-E334-32AE-B76F3249EE3E} 2019-03-13 02:36 - 2019-03-18 10:12 - 000000000 ____D C:\ProgramData\{89F75C99-5CE7-AA81-9F41-02269FA65B77} 2019-03-13 02:36 - 2019-03-18 10:12 - 000000000 ____D C:\ProgramData\{7D0CBCBA-BCC4-5E7A-BCA1-F9D2BC46A083} 2019-03-13 02:36 - 2019-03-18 10:12 - 000000000 ____D C:\ProgramData\{7B39B068-B016-584F-6EAD-CCD46E4A9585} 2019-03-13 02:36 - 2019-03-13 02:36 - 000000000 ____D C:\Program Files (x86)\DreamTrips 2019-03-13 02:36 - 2019-03-13 02:36 - 000000000 ____D C:\Program Files (x86)\Amigo Trend 2019-03-13 02:35 - 2019-03-13 02:36 - 000000000 ____D C:\Users\user\AppData\Local\WhiteClick 2019-03-13 02:35 - 2019-03-13 02:35 - 007888384 _____ C:\Users\user\AppData\Local\agent.dat 2019-03-13 02:35 - 2019-03-13 02:35 - 002035993 _____ C:\Users\user\AppData\Local\Lamcof.tst 2019-03-13 02:35 - 2019-03-13 02:35 - 001895383 _____ C:\Users\user\AppData\Local\Sollight.bin 2019-03-13 02:35 - 2019-03-13 02:35 - 000278509 _____ C:\Users\user\AppData\Local\StatStock.bin 2019-03-13 02:35 - 2019-03-13 02:35 - 000126464 _____ C:\Users\user\AppData\Local\noah.dat 2019-03-13 02:35 - 2019-03-13 02:35 - 000070896 _____ C:\Users\user\AppData\Local\Config.xml 2019-03-13 02:35 - 2019-03-13 02:35 - 000018432 _____ C:\Users\user\AppData\Local\Main.dat 2019-03-13 02:35 - 2019-03-13 02:35 - 000005568 _____ C:\Users\user\AppData\Local\md.xml 2019-03-13 02:35 - 2019-03-13 02:35 - 000000003 _____ C:\Users\user\AppData\Local\wbem.ini 2019-03-13 02:35 - 2019-03-13 02:35 - 000000000 ____D C:\Users\user\AppData\Roaming\4pjivukcouv 2019-03-13 02:35 - 2019-03-13 02:35 - 000000000 ____D C:\ProgramData\PrefsSecure 2019-03-13 02:35 - 2019-03-13 02:35 - 000000000 ____D C:\ProgramData\Logic Cramble 2019-03-13 02:35 - 2019-03-13 02:35 - 000000000 ____D C:\ProgramData\localNETService 2019-03-13 02:35 - 2019-03-13 02:35 - 000000000 ____D C:\Program Files\AD5GDEDUDY 2019-03-13 02:35 - 2019-03-13 02:35 - 000000000 ____D C:\Program Files (x86)\Zabour 2019-03-13 02:35 - 2019-03-13 02:35 - 000000000 ____D C:\Program Files (x86)\Multitimer 2019-03-13 02:35 - 2019-03-13 02:35 - 000000000 ____D C:\Program Files (x86)\lightcleaner 2019-03-13 02:35 - 2019-03-13 02:34 - 001632256 _____ (TODO: ) C:\Users\user\AppData\Local\Lamcof.exe 2019-03-13 02:34 - 2019-03-13 02:36 - 000722944 _____ C:\Users\user\AppData\Local\sha.db 2019-03-13 02:34 - 2019-03-13 02:35 - 000017520 _____ C:\Users\user\AppData\Local\InstallationConfiguration.xml 2019-03-13 02:34 - 2019-03-13 02:34 - 000140800 _____ C:\Users\user\AppData\Local\installer.dat 2019-03-06 20:35 - 2019-03-15 21:09 - 000000000 ____D C:\Program Files (x86)\ProxyGate 2019-03-06 20:35 - 2019-03-06 20:35 - 000000000 _____ C:\Users\user\AppData\Roaming\FC29FA0894FE.ini Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3661E9DC-15A8-4CE0-8F73-1B8E2B76DC31}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3661E9DC-15A8-4CE0-8F73-1B8E2B76DC31}" => pomyślnie usunięto C:\Windows\System32\Tasks\{7C43039F-868D-2B2D-6F56-96BCFE1D923C} => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C43039F-868D-2B2D-6F56-96BCFE1D923C}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3382C5BE-304B-4AE7-86A9-8ED83C2A4332}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3382C5BE-304B-4AE7-86A9-8ED83C2A4332}" => pomyślnie usunięto C:\Windows\System32\Tasks\One System Care Monitor => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06D4F777-E5C2-4DFF-B77C-C658ADE23922}" => nie znaleziono C:\Windows\System32\Tasks\Opera scheduled Autoupdate 711520318 => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 711520318" => pomyślnie usunięto C:\Users\user\AppData\Roaming\Microsoft\Windows\atdciudr\vvsjbjiv.exe => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8D4E625-6C6F-45C0-8C28-40DB4D99A1C3}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8D4E625-6C6F-45C0-8C28-40DB4D99A1C3}" => pomyślnie usunięto C:\Windows\System32\Tasks\{14A53F9D-1CC7-44CE-93C0-305185110475} => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{14A53F9D-1CC7-44CE-93C0-305185110475}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D56A2AF2-418D-4F64-9A45-D5D6EA9C9402}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D56A2AF2-418D-4F64-9A45-D5D6EA9C9402}" => pomyślnie usunięto C:\Windows\System32\Tasks\{0580CD35-433F-CED3-4F61-3D8278FF8688} => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0580CD35-433F-CED3-4F61-3D8278FF8688}" => pomyślnie usunięto C:\Users\user\VeOIcpuyeqim.exe => pomyślnie przeniesiono C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto C:\Windows\notepad.exe => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\aaclient.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\basesrv.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\bcryptprimitives.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\catsrvut.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\ccdcmbwux64.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\cewmdm.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\COLORCNV.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\comctl32.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\comsvcs.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\CPFilters.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\d3d10level9.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\d3d10warp.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\devenum.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\els.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\EncDec.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\fixmapi.exe => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\FwRemoteSvr.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\gpapi.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\gpprefcl.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\gpscript.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\gpscript.exe => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\gpsvc.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\InkEd.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\IPSECSVC.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\jnwmon.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\ksproxy.ax => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\ksuser.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\mapi32.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\mapistub.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\mcmde.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\mcupdate_GenuineIntel.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\mfds.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\mfvdsp.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\MFWMAAEC.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\MP3DMOD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\MP43DECD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\MP4SDECD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\MPG4DECD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\msmpeg2adec.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\MSMPEG2ENC.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\msmpeg2vdec.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\mstscax.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\mswsock.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\msxml6.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\msxml6r.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\mtxoci.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\nmwcdcoclsx64.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\notepad.exe => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\polstore.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\qasf.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\qedit.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\RESAMPLEDMO.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\schedsvc.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\seclogon.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\services.exe => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\StructuredQuery.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\SysFxUI.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\sysmain.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\tsgqec.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\VIDRESZR.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\WindowsCodecs.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\winhttp.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\winipsec.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\winresume.exe => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\WMADMOD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\WMADMOE.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\WMALFXGFXDSP.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\wmpmde.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\WMSPDMOD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\WMSPDMOE.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\WMVDECOD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\WMVENCOD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\WMVSDECD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\WMVSENCD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\WMVXENCD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\ws2_32.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\wshrm.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\aaclient.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\bcryptprimitives.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\catsrvut.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\cewmdm.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\COLORCNV.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\comctl32.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\comsvcs.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\CPFilters.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\d3d10level9.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\d3d10warp.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\devenum.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\els.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\EncDec.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\fixmapi.exe => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\FwRemoteSvr.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\gpapi.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\gpprefcl.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\gpscript.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\gpscript.exe => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\InkEd.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\javaws.exe => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\ksproxy.ax => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\ksuser.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\mapi32.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\mapistub.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\mfds.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\mfvdsp.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\MFWMAAEC.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\MP3DMOD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\MP43DECD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\MP4SDECD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\MPG4DECD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\msmpeg2adec.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\MSMPEG2ENC.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\msmpeg2vdec.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\msorcl32.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\mstscax.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\MSVCP50.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\mswsock.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\msxml6.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\msxml6r.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\mtxoci.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\notepad.exe => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\polstore.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\qasf.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\qedit.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\RESAMPLEDMO.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\StructuredQuery.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\tsgqec.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\VIDRESZR.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\WindowsCodecs.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\winhttp.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\winipsec.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\WMADMOD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\WMADMOE.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\wmpmde.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\WMSPDMOD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\WMSPDMOE.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\WMVDECOD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\WMVENCOD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\WMVSDECD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\WMVSENCD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\WMVXENCD.DLL => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\ws2_32.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\SysWOW64\wshrm.dll => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\Drivers\drmk.sys => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\Drivers\drmkaud.sys => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\Drivers\ndis.sys => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\Drivers\nmwcdnsux64.sys => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\Drivers\portcls.sys => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\Drivers\rmcast.sys => ":$CmdTcID" ADS pomyślnie usunięto C:\Windows\system32\Drivers\USBSTOR.SYS => ":$CmdTcID" ADS pomyślnie usunięto C:\Users\karo\Desktop\FontViewer.exe => ":$CmdTcID" ADS pomyślnie usunięto C:\Users\karo\Desktop\FontViewer.exe => ":$CmdZnID" ADS pomyślnie usunięto HKU\S-1-5-21-2235225777-535561683-332804176-1000\Software\Classes\.exe => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E911B7AB-84F9-436A-A561-29A7BFB159B1}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7CB3CA27-0D15-4F05-BE3A-CCA84172B444}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CA94F369-3C29-4DC4-8BA3-532A34C04D74}C:\program files (x86)\soulseekqt\soulseekqt.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3006BD86-ECA7-470A-85F7-2F99597ECAED}C:\program files (x86)\soulseekqt\soulseekqt.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C3B0CD5D-5014-4D39-8EC3-1A1DE6C03217}C:\program files (x86)\soulseekqt\soulseekqt.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{44562EF9-A25B-4D22-9952-8B27B11BA59A}C:\program files (x86)\soulseekqt\soulseekqt.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A14C4B5-E5C7-464F-9906-D302E5B55975}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91B77E4B-97B9-493F-A19B-2D24308226BB}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{90C0FC46-34B1-49BE-9B5A-C6CEAE23AA93}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{864EE2E8-8B87-4493-B0F4-86AD3EDB837E}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{34198088-1087-4D30-BB7C-2EC5733E504E}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4DEF2152-CD56-40F0-8E2E-63B406893732}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B0E673AD-A5A5-4ABE-B90F-662316AE6FB5}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D04524C9-6CC1-479A-950F-E9735B30CBB7}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{90364810-8753-4BED-A12D-1B45C727FD06}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FDFDA379-D586-4516-99F8-7B59F8E9A483}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF9089C9-D4AA-4A33-A757-237E64689DC9}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5163BCAD-DD57-4F37-9C42-082F46B72E82}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A5276312-E7AD-4D8A-A1B8-5B06BB05E8B1}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D35F66E-3B72-4303-A2F2-ADEA9CC258E3}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{300C8872-3157-4B70-9F14-97A25DCA0556}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E41461D8-9DF5-471C-B1D5-D2673D3050B7}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B96C2BD-4D9D-4B68-AE97-0075771A1FCC}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FAED70E2-8D43-4F1E-959B-05DBE82DA277}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B81E2377-0023-4320-8BD0-CD4751DE8878}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE1CD19A-C236-4CBA-AE95-6706F15C8E7D}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DBAA7435-50C3-44C0-B13F-17D17B04051E}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4890B4A0-67C2-444E-9C6E-B401E49EFC79}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93691619-3758-4A11-8D6F-649FA53B17AE}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3BA033E9-2DE0-432B-BA44-D8DA302F5327}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A4032CC-7849-461A-8D44-E2F94C9D4E50}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DAF52FDF-F031-4140-A407-1F55715502BA}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{248E85E9-85B5-4A84-A523-8FB25E906050}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADDB3B1D-D6ED-443E-81AB-B8CE408497CA}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F5DDF0D2-6927-40EC-B812-89810F2190CB}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{281C973F-935D-4377-8814-7B68FE7D668E}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7836DB9E-8D85-431F-9DF5-3F29D9AB01C5}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8BDD7F73-2582-41B9-B514-C820DF5FF2AB}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82A64EA0-EFD2-4F0A-9113-D695184CCD4F}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{631CA928-EAEF-437F-A9BE-40A483E0E75E}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0DDBECF-16EE-4651-B248-ED5DC683A895}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64818208-3E0C-4358-8740-171BFE634C39}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{324E459C-D0DF-44A7-B9CA-3AB111F812D8}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E342D27F-D9FC-4D8A-A11C-F5A5AA723142}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33365278-6494-4EBB-AF6B-39D2752E5F29}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A86E1DD9-13D7-441E-84FF-D894DDAD1518}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9BD77420-C354-4628-8BC9-A5831E14C453}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5461DEF3-3C3A-4B4E-96B7-B1E41ACE79AB}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{737B4C31-B272-4499-8954-B95D8747B0A7}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{574114B2-D332-44D3-A506-221D4F7DCF46}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59AD8EFF-6F96-4AE6-9327-5F9BF450C0B7}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F5C60B77-8878-45A4-BA56-4223D78A9167}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30273B23-B785-4AF2-B0D6-27E78BE3FA61}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46CAC50F-139C-4C45-A084-DB6D8B24A59F}" => pomyślnie usunięto "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => pomyślnie usunięto "C:\ProgramData\Tolnix\Indigolax.dll" => Dane wartości pomyślnie usunięto "C:\ProgramData\Tolnix\Daltit.dll" => Dane wartości pomyślnie usunięto "C:\ProgramData\Tolnixs" => nie znaleziono "C:\ProgramData\Tolnix" => nie znaleziono C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\atdciudr.lnk => pomyślnie przeniesiono C:\Windows\System32\cmd.exe => pomyślnie przeniesiono "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AC40A031-B3C4-4206-8821-9D665965B23E}\\NameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AC40A031-B3C4-4206-8821-9D665965B23E}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C6E2CDE2-7AE7-4BEF-92A4-9384AEBC3F35}\\NameServer" => pomyślnie usunięto HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-2235225777-535561683-332804176-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-2235225777-535561683-332804176-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\ielnksrch => nie znaleziono "HKU\S-1-5-21-2235225777-535561683-332804176-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => pomyślnie usunięto HKU\S-1-5-21-2235225777-535561683-332804176-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{ielnksrch} => nie znaleziono "HKU\S-1-5-21-2235225777-535561683-332804176-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => nie znaleziono "Firefox newtab" => pomyślnie usunięto "Firefox NewTabOverride (newtaboverride@agenedia.com) " => pomyślnie usunięto C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r6n9kskh.default-1448621829598\searchplugins\findit.xml => pomyślnie przeniesiono HKLM\System\CurrentControlSet\Services\backlh => pomyślnie usunięto backlh => serwis pomyślnie usunięto "C:\ProgramData\Logic Cramble" => pomyślnie usunięto HKLM\System\CurrentControlSet\Services\Nettrans => pomyślnie usunięto Nettrans => serwis pomyślnie usunięto C:\ProgramData\PrefsSecure\Nettrans.exe => pomyślnie przeniesiono HKLM\System\CurrentControlSet\Services\Tolnix => pomyślnie usunięto Tolnix => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible => pomyślnie usunięto nvvad_WaveExtensible => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\pccsmcfd => pomyślnie usunięto pccsmcfd => serwis pomyślnie usunięto "C:\ProgramData\JPWDAOEPIX6JB44XAXDY" => pomyślnie usunięto C:\ProgramData\TDBSRNB9KBH2J12A3U78 => pomyślnie przeniesiono C:\ProgramData\{8DE6279C-27E2-AE90-9A3A-13229ADD4A73} => pomyślnie przeniesiono C:\ProgramData\{7B99FB46-FB38-58EF-40E6-6CD440013585} => pomyślnie przeniesiono C:\ProgramData\{720C2205-227B-517A-033F-F9DD03D8A08C} => pomyślnie przeniesiono C:\ProgramData\{E6DD82EA-8294-C5AB-EC9F-2849EC787118} => pomyślnie przeniesiono C:\ProgramData\{3C8C9690-96EE-1FFA-968B-7993966C20C2} => pomyślnie przeniesiono C:\ProgramData\{C042B334-B34A-E334-32AE-B76F3249EE3E} => pomyślnie przeniesiono C:\ProgramData\{89F75C99-5CE7-AA81-9F41-02269FA65B77} => pomyślnie przeniesiono C:\ProgramData\{7D0CBCBA-BCC4-5E7A-BCA1-F9D2BC46A083} => pomyślnie przeniesiono C:\ProgramData\{7B39B068-B016-584F-6EAD-CCD46E4A9585} => pomyślnie przeniesiono C:\Program Files (x86)\DreamTrips => pomyślnie przeniesiono C:\Program Files (x86)\Amigo Trend => pomyślnie przeniesiono C:\Users\user\AppData\Local\WhiteClick => pomyślnie przeniesiono C:\Users\user\AppData\Local\agent.dat => pomyślnie przeniesiono C:\Users\user\AppData\Local\Lamcof.tst => pomyślnie przeniesiono C:\Users\user\AppData\Local\Sollight.bin => pomyślnie przeniesiono C:\Users\user\AppData\Local\StatStock.bin => pomyślnie przeniesiono C:\Users\user\AppData\Local\noah.dat => pomyślnie przeniesiono C:\Users\user\AppData\Local\Config.xml => pomyślnie przeniesiono C:\Users\user\AppData\Local\Main.dat => pomyślnie przeniesiono C:\Users\user\AppData\Local\md.xml => pomyślnie przeniesiono C:\Users\user\AppData\Local\wbem.ini => pomyślnie przeniesiono C:\Users\user\AppData\Roaming\4pjivukcouv => pomyślnie przeniesiono C:\ProgramData\PrefsSecure => pomyślnie przeniesiono "C:\ProgramData\Logic Cramble" => nie znaleziono C:\ProgramData\localNETService => pomyślnie przeniesiono C:\Program Files\AD5GDEDUDY => pomyślnie przeniesiono C:\Program Files (x86)\Zabour => pomyślnie przeniesiono C:\Program Files (x86)\Multitimer => pomyślnie przeniesiono C:\Program Files (x86)\lightcleaner => pomyślnie przeniesiono C:\Users\user\AppData\Local\Lamcof.exe => pomyślnie przeniesiono C:\Users\user\AppData\Local\sha.db => pomyślnie przeniesiono C:\Users\user\AppData\Local\InstallationConfiguration.xml => pomyślnie przeniesiono C:\Users\user\AppData\Local\installer.dat => pomyślnie przeniesiono C:\Program Files (x86)\ProxyGate => pomyślnie przeniesiono C:\Users\user\AppData\Roaming\FC29FA0894FE.ini => pomyślnie przeniesiono ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12694338 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 1 B Edge => 0 B Chrome => 0 B Firefox => 94903556 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 83720 B systemprofile32 => 66356 B LocalService => 66228 B NetworkService => 0 B user => 82840607 B karo => 1169762250 B Gość => 310219 B RecycleBin => 0 B EmptyTemp: => 1.3 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 14:25:37 ====