Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015 02 Ran by Wujo at 2015-01-14 18:06:17 Run:1 Running from F:\Zawirusowania konkretne Loaded Profile: Wujo (Available profiles: Wujo) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: S4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{ac61f76f-e3bf-090c-101a-0e87fecfa713}\ \...\???\{ac61f76f-e3bf-090c-101a-0e87fecfa713}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) HKU\S-1-5-21-3326234350-4050991087-374296464-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Wujo\AppData\Local\Google\Desktop\Install\{ac61f76f-e3bf-090c-101a-0e87fecfa713}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{ac61f76f-e3bf-090c-101a-0e87fecfa713}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-3326234350-4050991087-374296464-1000\...\Policies\Explorer\Run: [Wistron] => C:\Users\Wujo\AppData\Roaming\CAD8B9\CAD8B9.exe S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X] S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] U2 wuaserv; No ImagePath GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM-x32 -> {2F3F70DB-19ED-4AE2-829E-ED7ABDD6D638} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={71AE8812-1669-4581-B398-F540214F14E5} SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://search.certified-toolbar.com?si=44393&st=bs&tid=3820&ver=4.9&ts=1369248523355.000003&tguid=44393-3820-1369248523355-DA54B3E4B3DA9B82F6E7C5AAB0157A9E&q={searchTerms} SearchScopes: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> {1DD5C10A-E446-4FEC-8511-6F13CDC8C221} URL = http://startsear.ch/?aff=1&src=sp&cf=52e8ba86-3711-11e1-bd44-001d6073c963&q={searchTerms} SearchScopes: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> {2F3F70DB-19ED-4AE2-829E-ED7ABDD6D638} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={71AE8812-1669-4581-B398-F540214F14E5} SearchScopes: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> {76893B59-8604-4843-9B97-7ECDADBE8CA8} URL = http://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms} SearchScopes: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> {D55E9BF4-1D7D-4C25-B1FD-C51D19102329} URL = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=40e7c0cae985426988648692520b0dbe BHO: webSAive -> {2E3EFEDB-1DF5-5E5B-C5D7-630462260742} -> C:\Program Files (x86)\webSAive\nUkS3p.x64.dll No File BHO-x32: No Name -> {19a395c9-823b-4700-b817-396fc84ffb16} -> No File BHO-x32: webSAive -> {2E3EFEDB-1DF5-5E5B-C5D7-630462260742} -> C:\Program Files (x86)\webSAive\nUkS3p.dll No File BHO-x32: HomeTab -> {ca2fbf11-ffbb-49f8-b2fa-345f226e3a74} -> C:\Program Files (x86)\HomeTab\IE\HomeTab.dll No File Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKLM-x32 - HomeTab - {ca2fbf11-ffbb-49f8-b2fa-345f226e3a74} - C:\Program Files (x86)\HomeTab\IE\HomeTab.dll No File Toolbar: HKLM-x32 - No Name - {19a395c9-823b-4700-b817-396fc84ffb16} - No File Toolbar: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Task: {07770E9D-F3B7-4B25-874D-3D6F3F3CBDC6} - \Funmoods No Task File <==== ATTENTION Task: {0CF3B116-DA65-430F-9FA1-7EAE2435E3F5} - System32\Tasks\{C26B5E61-26B9-47FD-AFE4-265FA498E912} => pcalua.exe -a "C:\z Rector\_CD\02 dotnet 01 i 02\dotnet2.0_polish_lang_pack.exe" -d "C:\z Rector\_CD\02 dotnet 01 i 02" Task: {0DAACB83-A04B-49B5-8315-0CD0A3024430} - \WS.Enabler-S-71009536 No Task File <==== ATTENTION Task: {105353A9-C15A-405A-9D8A-B889A9F5E576} - System32\Tasks\{6B62769A-FB6F-4B36-B81B-10076155899C} => pcalua.exe -a "D:\[PL] Gothic 3 Zmierzch Bogow\g3fg_106_pl.exe" -d "D:\[PL] Gothic 3 Zmierzch Bogow" Task: {14A661C3-358B-44FF-9415-0BAC9EA4E4B2} - System32\Tasks\{22116563-108C-42c0-A7CE-60161B75E508} => C:\Users\Wujo\AppData\Local\Temp\Ivj.exe <==== ATTENTION Task: {16A2D09C-C155-4D67-A276-2577E63ABA87} - System32\Tasks\nvbinif => C:\Windows\TEMP\wxsgcum.exe Task: {811D8666-AB43-4EBB-A3AF-68CBE1987A13} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION Task: {848E651E-3F94-437E-A939-3C5D9D3C3FCE} - System32\Tasks\{948FD25D-A0F4-4257-AE25-56927B4C82F3} => pcalua.exe -a D:\setup.exe -d D:\ Task: {8A50D08D-C7D8-4E89-A512-BA89703FFD7C} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION Task: {92B73987-47CF-42AA-B2B0-8AAF466CBFED} - System32\Tasks\{4CE54CF7-CD67-49E1-9ABE-A168E0913C58} => pcalua.exe -a "C:\z Rector\_CD\02 dotnet 01 i 02\dotnetfx2.0.exe" -d "C:\z Rector\_CD\02 dotnet 01 i 02" Task: {B67CFFE1-7813-46ED-9F33-81F9CF1C3788} - System32\Tasks\{DC334AC1-DE93-43DE-B655-5F406268D5E4} => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe Task: {C2A96D23-B831-4880-BB2C-1285BF313F1A} - System32\Tasks\{EBE60C5D-F0A2-4DD7-B8AA-D4CA3A683DE0} => pcalua.exe -a "C:\z Rector\_CD\02 dotnet 01 i 02\dotnetfx1.0.exe" -d "C:\z Rector\_CD\02 dotnet 01 i 02" Task: {E61AD748-BC3D-4ABD-AF8F-EA28EEB737CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {F0A7FF05-933F-4750-8006-433AAC7661E6} - System32\Tasks\{E4DBABE4-396F-467D-BBB3-8B4B4BC021E8} => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe Task: {F474537D-3A24-4C8E-AB4F-78874B488DE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {F98EDEAE-7418-499C-8EC5-4C28DEA6EE65} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\ClickPotatoLite\bin\11.0.19.0\ClickPotatoLiteSA.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\WS.Enabler-S-71009536.job => c:\programdata\setapp\ws.enabler\WS.Enabler.exe <==== ATTENTION DeleteJunctionsIndirectory: C:\Program Files\Windows Defender C:\$AVG C:\how_decrypt.html C:\shldr C:\shldr.mbr C:\spyhunter.fix C:\Program Files\Enigma Software Group C:\Program Files (x86)\Enigma Software Group C:\Program Files (x86)\Gadu-Gadu 10 C:\Program Files (x86)\Google C:\Program Files (x86)\Mozilla Firefox C:\Program Files (x86)\Opera C:\Program Files (x86)\PokerStars.EU C:\ProgramData\APN C:\ProgramData\efywb C:\ProgramData\Temp C:\ProgramData\Video Strip Poker Supreme C:\Users\Wujo\SSYPV C:\Users\Wujo\AppData\Local\Google C:\Users\Wujo\AppData\Local\Mozilla C:\Users\Wujo\AppData\Local\PokerStars.EU C:\Users\Wujo\AppData\Roaming\41710310.reg C:\Users\Wujo\AppData\Roaming\DAEMON Tools Lite C:\Users\Wujo\AppData\Roaming\ipla C:\Users\Wujo\AppData\Roaming\PhotoScape C:\Users\Wujo\AppData\Roaming\Mozilla C:\Users\Wujo\AppData\Roaming\Fosyryg C:\Users\Wujo\AppData\Roaming\Onbilo C:\Users\Wujo\AppData\Roaming\Microsoft\Office\Niedawny\*.LNK C:\Users\Wujo\Desktop\SpyHunter4.exe — skrót.lnk C:\Users\Wujo\Desktop\programy\DAEMON Tools Lite.lnk C:\Users\Wujo\Desktop\programy\Packard Bell\Norton Internet Security.lnk C:\Users\Wujo\Documents\Decrypt All Files itqjnld.bmp C:\Users\Wujo\Documents\Decrypt All Files itqjnld.txt C:\Users\Wujo\Downloads\Extras.TXT.itqjnld C:\Windows\46B04D534E344388B6EE80FAB66AEF9B.TMP C:\Windows\system32\%LocalAppData% C:\Windows\system32\log Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SpyHunter 4 Service" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /f CMD: ipconfig /flushdns CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files" CMD: dir /a "C:\Program Files (x86)\Common Files" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Wujo\AppData\Local CMD: dir /a C:\Users\Wujo\AppData\LocalLow CMD: dir /a C:\Users\Wujo\AppData\Roaming EmptyTemp: ***************** Processes closed successfully. *etadpug => Service deleted successfully. HKU\S-1-5-21-3326234350-4050991087-374296464-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update**.d<*> => Value Deleted Successfully. HKU\S-1-5-21-3326234350-4050991087-374296464-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Wistron => Value not found. esgiguard => Service deleted successfully. gupdate => Service deleted successfully. gupdatem => Service deleted successfully. RtsUIR => Service deleted successfully. USBCCID => Service deleted successfully. wuaserv => Service deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2F3F70DB-19ED-4AE2-829E-ED7ABDD6D638}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{2F3F70DB-19ED-4AE2-829E-ED7ABDD6D638} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found. "HKU\S-1-5-21-3326234350-4050991087-374296464-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1DD5C10A-E446-4FEC-8511-6F13CDC8C221}" => Key deleted successfully. HKCR\CLSID\{1DD5C10A-E446-4FEC-8511-6F13CDC8C221} => Key not found. "HKU\S-1-5-21-3326234350-4050991087-374296464-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F3F70DB-19ED-4AE2-829E-ED7ABDD6D638}" => Key deleted successfully. HKCR\CLSID\{2F3F70DB-19ED-4AE2-829E-ED7ABDD6D638} => Key not found. "HKU\S-1-5-21-3326234350-4050991087-374296464-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76893B59-8604-4843-9B97-7ECDADBE8CA8}" => Key deleted successfully. HKCR\CLSID\{76893B59-8604-4843-9B97-7ECDADBE8CA8} => Key not found. "HKU\S-1-5-21-3326234350-4050991087-374296464-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}" => Key deleted successfully. HKCR\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key not found. "HKU\S-1-5-21-3326234350-4050991087-374296464-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D55E9BF4-1D7D-4C25-B1FD-C51D19102329}" => Key deleted successfully. HKCR\CLSID\{D55E9BF4-1D7D-4C25-B1FD-C51D19102329} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E3EFEDB-1DF5-5E5B-C5D7-630462260742}" => Key deleted successfully. "HKCR\CLSID\{2E3EFEDB-1DF5-5E5B-C5D7-630462260742}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19a395c9-823b-4700-b817-396fc84ffb16}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{19a395c9-823b-4700-b817-396fc84ffb16} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E3EFEDB-1DF5-5E5B-C5D7-630462260742}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{2E3EFEDB-1DF5-5E5B-C5D7-630462260742}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca2fbf11-ffbb-49f8-b2fa-345f226e3a74}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{ca2fbf11-ffbb-49f8-b2fa-345f226e3a74}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value deleted successfully. HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ca2fbf11-ffbb-49f8-b2fa-345f226e3a74} => value deleted successfully. HKCR\Wow6432Node\CLSID\{ca2fbf11-ffbb-49f8-b2fa-345f226e3a74} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{19a395c9-823b-4700-b817-396fc84ffb16} => value deleted successfully. HKCR\Wow6432Node\CLSID\{19a395c9-823b-4700-b817-396fc84ffb16} => Key not found. HKU\S-1-5-21-3326234350-4050991087-374296464-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKU\S-1-5-21-3326234350-4050991087-374296464-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value deleted successfully. HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found. Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5 entry 000000000008\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5-x64 entry 000000000008\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07770E9D-F3B7-4B25-874D-3D6F3F3CBDC6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07770E9D-F3B7-4B25-874D-3D6F3F3CBDC6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CF3B116-DA65-430F-9FA1-7EAE2435E3F5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CF3B116-DA65-430F-9FA1-7EAE2435E3F5}" => Key deleted successfully. C:\Windows\System32\Tasks\{C26B5E61-26B9-47FD-AFE4-265FA498E912} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C26B5E61-26B9-47FD-AFE4-265FA498E912}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0DAACB83-A04B-49B5-8315-0CD0A3024430}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DAACB83-A04B-49B5-8315-0CD0A3024430}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WS.Enabler-S-71009536" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{105353A9-C15A-405A-9D8A-B889A9F5E576}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{105353A9-C15A-405A-9D8A-B889A9F5E576}" => Key deleted successfully. C:\Windows\System32\Tasks\{6B62769A-FB6F-4B36-B81B-10076155899C} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B62769A-FB6F-4B36-B81B-10076155899C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{14A661C3-358B-44FF-9415-0BAC9EA4E4B2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14A661C3-358B-44FF-9415-0BAC9EA4E4B2}" => Key deleted successfully. C:\Windows\System32\Tasks\{22116563-108C-42c0-A7CE-60161B75E508} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{22116563-108C-42c0-A7CE-60161B75E508}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{16A2D09C-C155-4D67-A276-2577E63ABA87}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16A2D09C-C155-4D67-A276-2577E63ABA87}" => Key deleted successfully. C:\Windows\System32\Tasks\nvbinif => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nvbinif" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{811D8666-AB43-4EBB-A3AF-68CBE1987A13}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{811D8666-AB43-4EBB-A3AF-68CBE1987A13}" => Key deleted successfully. C:\Windows\System32\Tasks\GoforFilesUpdate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{848E651E-3F94-437E-A939-3C5D9D3C3FCE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{848E651E-3F94-437E-A939-3C5D9D3C3FCE}" => Key deleted successfully. C:\Windows\System32\Tasks\{948FD25D-A0F4-4257-AE25-56927B4C82F3} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{948FD25D-A0F4-4257-AE25-56927B4C82F3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A50D08D-C7D8-4E89-A512-BA89703FFD7C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A50D08D-C7D8-4E89-A512-BA89703FFD7C}" => Key deleted successfully. C:\Windows\System32\Tasks\YourFile Update => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92B73987-47CF-42AA-B2B0-8AAF466CBFED}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92B73987-47CF-42AA-B2B0-8AAF466CBFED}" => Key deleted successfully. C:\Windows\System32\Tasks\{4CE54CF7-CD67-49E1-9ABE-A168E0913C58} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4CE54CF7-CD67-49E1-9ABE-A168E0913C58}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B67CFFE1-7813-46ED-9F33-81F9CF1C3788}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B67CFFE1-7813-46ED-9F33-81F9CF1C3788}" => Key deleted successfully. C:\Windows\System32\Tasks\{DC334AC1-DE93-43DE-B655-5F406268D5E4} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DC334AC1-DE93-43DE-B655-5F406268D5E4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2A96D23-B831-4880-BB2C-1285BF313F1A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2A96D23-B831-4880-BB2C-1285BF313F1A}" => Key deleted successfully. C:\Windows\System32\Tasks\{EBE60C5D-F0A2-4DD7-B8AA-D4CA3A683DE0} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EBE60C5D-F0A2-4DD7-B8AA-D4CA3A683DE0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E61AD748-BC3D-4ABD-AF8F-EA28EEB737CA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E61AD748-BC3D-4ABD-AF8F-EA28EEB737CA}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0A7FF05-933F-4750-8006-433AAC7661E6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0A7FF05-933F-4750-8006-433AAC7661E6}" => Key deleted successfully. C:\Windows\System32\Tasks\{E4DBABE4-396F-467D-BBB3-8B4B4BC021E8} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E4DBABE4-396F-467D-BBB3-8B4B4BC021E8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F474537D-3A24-4C8E-AB4F-78874B488DE2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F474537D-3A24-4C8E-AB4F-78874B488DE2}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F98EDEAE-7418-499C-8EC5-4C28DEA6EE65}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F98EDEAE-7418-499C-8EC5-4C28DEA6EE65}" => Key deleted successfully. C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => Key deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. C:\Windows\Tasks\WS.Enabler-S-71009536.job => Moved successfully. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\pl-PL" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. C:\$AVG => Moved successfully. C:\how_decrypt.html => Moved successfully. C:\shldr => Moved successfully. C:\shldr.mbr => Moved successfully. C:\spyhunter.fix => Moved successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Program Files (x86)\Enigma Software Group => Moved successfully. C:\Program Files (x86)\Gadu-Gadu 10 => Moved successfully. C:\Program Files (x86)\Google => Moved successfully. C:\Program Files (x86)\Mozilla Firefox => Moved successfully. C:\Program Files (x86)\Opera => Moved successfully. C:\Program Files (x86)\PokerStars.EU => Moved successfully. C:\ProgramData\APN => Moved successfully. C:\ProgramData\efywb => Moved successfully. C:\ProgramData\Temp => Moved successfully. C:\ProgramData\Video Strip Poker Supreme => Moved successfully. C:\Users\Wujo\SSYPV => Moved successfully. C:\Users\Wujo\AppData\Local\Google => Moved successfully. C:\Users\Wujo\AppData\Local\Mozilla => Moved successfully. C:\Users\Wujo\AppData\Local\PokerStars.EU => Moved successfully. C:\Users\Wujo\AppData\Roaming\41710310.reg => Moved successfully. C:\Users\Wujo\AppData\Roaming\DAEMON Tools Lite => Moved successfully. C:\Users\Wujo\AppData\Roaming\ipla => Moved successfully. C:\Users\Wujo\AppData\Roaming\PhotoScape => Moved successfully. C:\Users\Wujo\AppData\Roaming\Mozilla => Moved successfully. C:\Users\Wujo\AppData\Roaming\Fosyryg => Moved successfully. C:\Users\Wujo\AppData\Roaming\Onbilo => Moved successfully. C:\Users\Wujo\AppData\Roaming\Microsoft\Office\Niedawny\*.LNK => Moved successfully. C:\Users\Wujo\Desktop\SpyHunter4.exe — skrót.lnk => Moved successfully. C:\Users\Wujo\Desktop\programy\DAEMON Tools Lite.lnk => Moved successfully. C:\Users\Wujo\Desktop\programy\Packard Bell\Norton Internet Security.lnk => Moved successfully. C:\Users\Wujo\Documents\Decrypt All Files itqjnld.bmp => Moved successfully. C:\Users\Wujo\Documents\Decrypt All Files itqjnld.txt => Moved successfully. C:\Users\Wujo\Downloads\Extras.TXT.itqjnld => Moved successfully. C:\Windows\46B04D534E344388B6EE80FAB66AEF9B.TMP => Moved successfully. C:\Windows\system32\%LocalAppData% => Moved successfully. C:\Windows\system32\log => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SpyHunter 4 Service" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= ipconfig /flushdns ========= Konfiguracja IP systemu Windows Pomylnie oprniono pami podrczn programu rozpoznawania nazw DNS. ========= End of CMD: ========= ========= dir /a "C:\Program Files" ========= Wolumin w stacji C to Packard Bell Numer seryjny woluminu: 98CA-D8B9 Katalog: C:\Program Files 15-01-14 18:06 . 15-01-14 18:06 .. 14-03-26 08:35 AdTrustMedia 11-03-20 21:04 Apoint2K 15-01-03 15:55 AVAST Software 15-01-04 17:47 Common Files 11-03-20 21:01 CONEXANT 09-07-14 05:54 174 desktop.ini 11-10-16 12:27 DivX 11-07-12 23:53 DVD Maker 11-11-03 10:56 Google 13-08-16 13:03 Internet Explorer 11-03-21 05:27 Microsoft Games 09-08-22 06:59 Microsoft Office 14-12-21 08:42 Microsoft Silverlight 09-07-14 06:32 MSBuild 11-03-20 21:08 Packard Bell 09-07-14 06:32 Reference Assemblies 09-07-14 06:09 Uninstall Information 11-03-20 21:02 WIDCOMM 13-07-12 06:14 Windows Defender 13-07-12 06:14 Windows Journal 11-03-24 18:55 Windows Live 11-07-12 23:53 Windows Mail 11-07-12 23:53 Windows Media Player 11-03-20 20:54 Windows NT 11-07-12 23:53 Windows Photo Viewer 11-07-12 23:53 Windows Portable Devices 11-07-12 23:53 Windows Sidebar 15-01-01 14:42 WinRAR 1 plik(w) 174 bajtw 29 katalog(w) 104545349632 bajtw wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Wolumin w stacji C to Packard Bell Numer seryjny woluminu: 98CA-D8B9 Katalog: C:\Program Files (x86) 15-01-14 18:06 . 15-01-14 18:06 .. 12-05-20 11:46 1ClickDownload 14-03-25 16:43 AdBlocknWatchu 14-03-25 16:53 Adobe 15-01-01 14:42 AGEIA Technologies 11-04-24 08:39 Ahead 12-05-26 23:22 ALLConverter PRO 14-03-25 15:05 ALLMediaServer 14-03-25 15:05 ALLPlayer 14-04-08 13:20 Common Files 11-03-20 21:06 CyberLink 12-11-28 00:22 Damian Pasternak 09-07-14 05:54 174 desktop.ini 11-10-16 12:27 DivX 15-01-01 14:42 Dziobas Rar Player 12-11-21 08:17 EA GAMES 15-01-04 20:34 ESET 14-03-25 15:25 ExxsTriaSaviungs 13-11-07 14:55 GameSpy Arcade 15-01-13 12:51 Innovative Technologies 14-06-10 15:23 InstallShield Installation Information 09-08-16 06:45 Intel 13-08-16 13:03 Internet Explorer 14-03-25 15:44 ipla 15-01-14 17:58 Java 14-05-18 08:45 JoWooD 13-01-09 01:33 K-Lite Codec Pack 11-03-20 21:04 Launch Manager 15-01-04 21:12 Malwarebytes Anti-Malware 15-01-04 21:12 Malwarebytes' Anti-Malware 15-01-01 14:42 Metin2 14-08-13 13:21 Microsoft Office 15-01-01 14:42 Microsoft Office Suite Activation Assistant 14-12-21 08:42 Microsoft Silverlight 11-03-20 21:17 Microsoft SQL Server Compact Edition 11-03-20 21:10 Microsoft Visual Studio 8 15-01-02 11:37 Microsoft Works 15-01-08 09:40 Microsoft.NET 09-07-14 06:32 MSBuild 11-03-22 08:01 MSXML 4.0 15-01-01 14:42 NAPI-PROJEKT 09-08-16 07:00 Nero 09-08-22 07:23 NewTech Infosystems 15-01-04 12:36 Origin 13-10-08 15:56 Origin Games 09-08-22 07:23 Packard Bell 14-03-25 15:22 Packard Bell GameZone 14-06-10 15:23 Piranha Bytes 13-02-23 20:54 PlayReady 11-04-20 08:55 Quantum GIS Tethys 09-08-16 06:46 Realtek 11-03-21 09:00 Rector 09-07-14 06:32 Reference Assemblies 15-01-05 00:00 ShadowExplorer 15-01-01 14:43 Steam 09-08-16 06:55 Symantec 09-07-14 05:57 Uninstall Information 11-03-20 21:03 Video Web Camera 15-01-01 14:43 Winamp 11-12-02 20:01 Winamp Detect 13-07-12 06:14 Windows Defender 11-03-30 12:41 Windows Live 11-07-12 23:53 Windows Mail 11-07-12 23:53 Windows Media Player 09-07-14 06:32 Windows NT 11-07-12 23:53 Windows Photo Viewer 11-07-12 23:53 Windows Portable Devices 11-07-12 23:53 Windows Sidebar 15-01-01 14:43 WinRAR 15-01-03 15:23 Wise 11-03-21 09:21 WPF Toolkit 15-01-01 14:43 Xvid 12-01-30 20:55 Zealot Software 1 plik(w) 174 bajtw 73 katalog(w) 104545349632 bajtw wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files\Common Files" ========= Wolumin w stacji C to Packard Bell Numer seryjny woluminu: 98CA-D8B9 Katalog: C:\Program Files\Common Files 15-01-04 17:47 . 15-01-04 17:47 .. 14-08-13 13:20 Microsoft Shared 09-08-22 08:48 Services 09-07-14 04:20 SpeechEngines 11-11-10 16:09 System 0 plik(w) 0 bajtw 6 katalog(w) 104545349632 bajtw wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files" ========= Wolumin w stacji C to Packard Bell Numer seryjny woluminu: 98CA-D8B9 Katalog: C:\Program Files (x86)\Common Files 14-04-08 13:20 . 14-04-08 13:20 .. 15-01-14 17:56 Adobe 09-08-22 08:49 Adobe AIR 11-04-24 08:39 Ahead 11-03-20 21:06 CyberLink 11-05-16 10:23 DESIGNER 12-10-29 07:26 France Telecom 13-11-07 14:45 InstallShield 14-03-25 18:20 Java 14-08-13 13:21 microsoft shared 09-08-16 07:02 Nero 09-08-22 07:07 Oberon Media 08-06-11 16:12 776614 packardbell.ico 14-03-25 16:51 PX Storage Engine 09-08-22 08:50 Services 09-07-14 04:20 SpeechEngines 14-12-31 07:48 Steam 15-01-04 17:47 Symantec Shared 11-11-10 16:09 System 11-03-20 21:15 Windows Live 15-01-06 12:49 Wise Installation Wizard 1 plik(w) 776614 bajtw 21 katalog(w) 104545349632 bajtw wolnych ========= End of CMD: ========= ========= dir /a C:\ProgramData ========= Wolumin w stacji C to Packard Bell Numer seryjny woluminu: 98CA-D8B9 Katalog: C:\ProgramData 15-01-14 18:06 . 15-01-14 18:06 .. 14-03-25 17:18 AdBlocknWatchu 15-01-14 17:55 Adobe 14-03-26 08:35 Adtrustmedia 14-03-25 15:05 ALLPlayer 09-07-14 06:08 Application Data [C:\ProgramData] 15-01-01 14:43 Arcade Lab 15-01-03 16:28 AVAST Software 11-12-01 18:44 AWEM 09-08-22 07:24 BackupManager 14-04-24 07:51 boost_interprocess 14-05-27 11:47 Boss Media 14-03-25 16:43 c2d6b65770b43203 14-04-08 13:17 COMODO 13-05-22 15:47 CorelDRAW Graphics Suite X6 11-09-08 18:27 CyberLink 11-10-29 16:44 DAEMON Tools Lite 11-03-20 20:54 Dane aplikacji [C:\ProgramData] 09-07-14 06:08 Desktop [C:\Users\Public\Desktop] 11-10-16 12:27 DivX 09-07-14 06:08 Documents [C:\Users\Public\Documents] 11-03-20 20:54 Dokumenty [C:\Users\Public\Documents] 13-10-08 14:57 Electronic Arts 14-03-25 16:34 ExxsTriaSaviungs 11-11-25 20:04 FarmFrenzy2 09-07-14 06:08 Favorites [C:\Users\Public\Favorites] 13-01-25 12:37 FLEXnet 11-06-03 14:38 Friends Games 11-03-22 18:54 Gadu-Gadu 10 13-03-10 19:18 GG 11-11-03 10:46 Google 14-03-25 15:50 InstallMate 12-04-26 14:38 Kaspersky Lab Setup Files 15-01-04 21:10 Malwarebytes 12-12-20 07:25 McAfee 11-03-20 20:54 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 15-01-08 09:40 Microsoft 14-08-13 13:21 Microsoft Help 12-05-26 21:15 Mozilla 09-08-16 06:59 Nero 15-01-04 17:48 Norton 09-08-16 06:53 NortonInstaller 15-01-08 20:59 266 ntuser.pol 11-03-20 20:55 NVIDIA 11-03-20 21:08 OEM 11-10-30 07:51 OpenFM 14-03-25 18:20 Oracle 09-08-16 07:10 Packard Bell 11-11-27 10:06 PlayFirst 12-12-09 10:02 Playrix Entertainment 11-03-20 20:54 Pulpit [C:\Users\Public\Desktop] 13-02-23 20:50 RDRM 12-08-26 12:09 Sandlot Games 14-03-25 16:34 savensshaeRe 14-03-26 08:36 Shared Space 13-03-10 12:59 SoftSafe 11-07-16 22:11 Sports Interactive 09-07-14 06:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 11-10-08 20:33 Sun 13-05-15 01:05 Symantec 11-03-20 20:54 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 09-07-14 06:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 11-09-07 16:19 Ubisoft 11-03-20 20:54 Ulubione [C:\Users\Public\Favorites] 13-05-12 16:58 Uniblue 1 plik(w) 266 bajtw 65 katalog(w) 104545349632 bajtw wolnych ========= End of CMD: ========= ========= dir /a C:\Users\Wujo\AppData\Local ========= Wolumin w stacji C to Packard Bell Numer seryjny woluminu: 98CA-D8B9 Katalog: C:\Users\Wujo\AppData\Local 15-01-14 18:06 . 15-01-14 18:06 .. 14-12-20 19:08 Adobe 14-03-26 08:41 AdTrustMedia 12-05-26 23:22 ALLConverter 14-03-25 15:05 ALLMediaServer 12-08-22 12:49 ALLPlayer 14-08-30 07:49 Apps 14-05-27 11:47 Boss Media 11-03-20 21:03 Broadcom 12-02-04 12:37 ChomikBox 13-10-08 17:30 Chromium 11-03-20 20:54 Dane aplikacji [C:\Users\Wujo\AppData\Local] 14-01-27 16:58 7680 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 15-01-03 15:02 Deployment 14-12-01 14:24 Diagnostics 15-01-08 09:11 ElevatedDiagnostics 15-01-03 16:23 96640 GDIPFONTCACHEV1.DAT 14-02-20 19:14 GG 11-03-20 20:54 Historia [C:\Users\Wujo\AppData\Local\Microsoft\Windows\History] 15-01-14 13:35 9014267 IconCache.db 15-01-08 09:46 IDTool 14-08-16 18:50 4096 keyfile3.drm 13-11-12 20:48 Lollipop 12-06-24 12:45 Macromedia 15-01-06 19:01 Microsoft 11-11-17 16:46 Microsoft Games 11-03-20 21:10 Microsoft Help 11-11-27 21:13 Oberon Games 12-04-26 13:00 Opera 14-12-01 16:56 Opera Software 13-10-08 15:09 Origin 14-03-07 18:50 P5 14-02-04 07:43 Packages 11-03-20 21:08 Packard Bell 13-09-03 09:48 Programs 13-10-08 17:09 SKIDROW 13-11-08 17:39 Sports Interactive 15-01-02 11:47 Symantec 15-01-14 18:06 Temp 11-03-20 20:54 Temporary Internet Files [C:\Users\Wujo\AppData\Local\Microsoft\Windows\Temporary Internet Files] 13-06-02 09:53 The Witcher 11-06-01 14:25 The Witcher 2 14-02-04 07:43 Torch 15-01-01 14:44 VirtualStore 14-10-27 09:11 Windows Live 12-12-14 21:10 Windows Live Writer 12-01-30 21:12 womble 11-09-15 20:07 {08F676B2-0B2B-44BC-891E-0BAFDBDF50EF} 14-10-22 11:55 {2112F5B8-5C72-4B5F-87B9-73C790431EE9} 14-10-22 11:54 {31A07423-636A-4209-8127-F90B115DCDB7} 14-10-22 11:53 {3F649BC3-01EF-4BED-AC72-560823C85708} 14-10-27 09:05 {401FE04E-5F55-43CE-8406-734C326FBCE1} 14-10-22 11:46 {6A8825C7-4DBA-4DE1-B11E-F47FC6AC259A} 14-10-19 09:11 {6CE2377A-B7B4-4F05-AA1A-8A0B18A6E549} 14-10-27 09:09 {82E066B9-6B78-4B92-A495-CCD27B0ACE9F} 11-09-15 20:07 {A6C8D1D0-667C-43E3-A1E9-20C411D7DF9D} 12-08-11 12:48 {A7EBB501-AB2A-43C9-AFA3-A8353B2A8FB6} 14-10-22 11:45 {D9B4E311-EE2E-454E-952D-279E216C56EC} 13-01-25 12:45 {FC7D4165-1F86-40CF-A802-EC8F8486F824} 4 plik(w) 9122683 bajtw 56 katalog(w) 104545349632 bajtw wolnych ========= End of CMD: ========= ========= dir /a C:\Users\Wujo\AppData\LocalLow ========= Wolumin w stacji C to Packard Bell Numer seryjny woluminu: 98CA-D8B9 Katalog: C:\Users\Wujo\AppData\LocalLow 15-01-04 21:48 . 15-01-04 21:48 .. 13-08-16 12:11 Adobe 11-06-01 08:12 Google 15-01-03 19:30 Microsoft 14-03-25 15:58 SimplyTech 11-10-08 20:30 Sun 13-07-11 14:47 Temp 14-02-04 07:43 {2E3EFEDB-1DF5-5E5B-C5D7-630462260742} 14-03-25 15:53 {88D4D2D3-BB43-7FE1-8817-2A4D7648182C} 14-02-11 18:54 {8A3A9CF4-B927-27A2-856B-B9EF561552F4} 14-02-27 19:09 {C6BD0135-AD0F-305B-FB72-9112AA17C9B8} 0 plik(w) 0 bajtw 12 katalog(w) 104545349632 bajtw wolnych ========= End of CMD: ========= ========= dir /a C:\Users\Wujo\AppData\Roaming ========= Wolumin w stacji C to Packard Bell Numer seryjny woluminu: 98CA-D8B9 Katalog: C:\Users\Wujo\AppData\Roaming 15-01-14 18:06 . 15-01-14 18:06 .. 14-04-12 14:25 Adobe 11-04-24 08:42 Ahead 15-01-03 16:33 AVAST Software 15-01-03 16:20 BitTorrent 12-04-04 16:27 Brother 11-09-08 18:27 CyberLink 14-03-25 14:06 1 DirectX.dat 11-10-14 22:36 DivX 14-01-26 11:58 2 etc.dat 12-07-18 20:04 EurekaLog 11-05-04 13:05 Gadu-Gadu 10 14-03-25 16:38 GG 13-11-12 19:19 GoforFiles 11-03-20 21:34 Google 11-03-20 20:55 Identities 11-03-20 21:03 InstallShield 14-03-25 15:44 IrfanView 13-09-03 09:48 288 LiveSupport.exe_log.TXT.itqjnld 11-03-20 21:04 Macromedia 14-12-31 08:29 9728 mcp.ico 09-08-16 07:31 Media Center Programs 12-02-03 14:51 Media Player Classic 15-01-13 14:36 Microsoft 12-05-29 06:09 NapiProjekt 15-01-08 21:09 NathanScott Apps 11-08-30 08:50 Nero 11-03-26 10:05 OpenFM 12-04-26 13:00 Opera 14-12-01 16:56 Opera Software 13-10-08 20:34 Origin 11-11-27 10:06 PlayFirst 13-09-03 09:52 128 regsvr32.exe_log.TXT.itqjnld 12-11-20 21:39 Softland 12-12-06 09:29 Sports Interactive 14-03-25 14:06 2 System.dat 14-09-02 09:39 Template 14-03-25 14:48 uTorrent 14-12-16 14:23 Winamp 12-12-14 21:10 Windows Live Writer 11-07-12 18:50 WinRAR 15-01-03 15:38 Wise Disk Cleaner 15-01-03 15:25 Wise Registry Cleaner 14-11-03 19:57 554 wklnhst.dat 15-01-05 00:00 www.shadowexplorer.com 12-11-21 09:37 YourFileDownloader 7 plik(w) 10703 bajtw 40 katalog(w) 104545349632 bajtw wolnych ========= End of CMD: ========= EmptyTemp: => Removed 7.1 GB temporary data. The system needed a reboot. ==== End of Fixlog 18:08:23 ====