Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 05-12-2016
Uruchomiony przez MAG (06-12-2016 19:16:37) Run:1
Uruchomiony z C:\Users\MAG\Desktop\usunąć
Załadowane profile: MAG (Dostępne profile: MAG)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [adva3d10] => C:\Users\MAG\AppData\Roaming\cdptcli\aeevispl.exe [524288 2015-12-04] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [advavel9] => C:\Users\MAG\AppData\Roaming\cemaider\aeevispl.exe [524288 2016-01-12] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [advp10_1] => C:\Users\MAG\AppData\Roaming\certtenc\amsiices.exe [524288 2016-02-05] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [adsncapi] => C:\Users\MAG\AppData\Roaming\capicca\advaecsp.exe [524288 2016-02-08] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [adsn3d32] => C:\Users\MAG\AppData\Roaming\catsosys\advaeter.exe [524288 2016-03-03] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [adsnGSM7] => C:\Users\MAG\AppData\Roaming\catsosys\advaeter.exe [524288 2016-03-03] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [adsnSCII] => C:\Users\MAG\AppData\Roaming\catsmapi\advabcd.exe [524288 2016-03-09] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [adsnd3d9] => C:\Users\MAG\AppData\Roaming\Certwmdm\advaperf.exe [524288 2016-04-14] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [advp0_43] => C:\Users\MAG\AppData\Roaming\cfgmdiag\amsikbox.exe [524288 2016-05-10] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [advpfCdp] => C:\Users\MAG\AppData\Roaming\ChakgIME\amsiTVID.exe [524288 2016-06-14] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [advpclen] => C:\Users\MAG\AppData\Roaming\charclb\amsianui.exe [524288 2016-07-12] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [advpider] => C:\Users\MAG\AppData\Roaming\charis-2\amsianui.exe [524288 2016-07-15] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [aeevtlib] => C:\Users\MAG\AppData\Roaming\clbonfg\amstview.exe [524288 2016-09-20] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [amsilder] => C:\Users\MAG\AppData\Roaming\cmluutil\apdsrvps.exe [524288 2016-09-24] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [adsntnet] => C:\Users\MAG\AppData\Roaming\cabitons\advaavrt.exe [524288 2016-10-17] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [advad3d9] => C:\Users\MAG\AppData\Roaming\catsosys\advprypt.exe [524288 2016-11-08] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [adva8thk] => C:\Users\MAG\AppData\Roaming\catsosys\advprypt.exe [524288 2016-11-08] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [advadxof] => C:\Users\MAG\AppData\Roaming\cdprtcli\aeevProv.exe [524288 2016-11-09] ()
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\...\Run: [advaider] => C:\Users\MAG\AppData\Roaming\certtmgr\aeevwcli.exe [524288 2016-12-06] ()
C:\Users\MAG\AppData\Roaming\cdptcli
C:\Users\MAG\AppData\Roaming\cemaider
C:\Users\MAG\AppData\Roaming\certtenc
C:\Users\MAG\AppData\Roaming\capicca
C:\Users\MAG\AppData\Roaming\catsosys
C:\Users\MAG\AppData\Roaming\catsmapi
C:\Users\MAG\AppData\Roaming\Certwmdm
C:\Users\MAG\AppData\Roaming\cfgmdiag
C:\Users\MAG\AppData\Roaming\ChakgIME\amsiTVID.exe
C:\Users\MAG\AppData\Roaming\charclb\amsianui.exe
C:\Users\MAG\AppData\Roaming\charis-2\amsianui.exe
C:\Users\MAG\AppData\Roaming\clbonfg\amstview.exe
C:\Users\MAG\AppData\Roaming\cmluutil\apdsrvps.exe
C:\Users\MAG\AppData\Roaming\cabitons\advaavrt.exe
C:\Users\MAG\AppData\Roaming\cdprtcli\aeevProv.exe
C:\Users\MAG\AppData\Roaming\certtmgr\aeevwcli.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => Brak pliku
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => Brak pliku
IFEO\MRT.exe: [Debugger] C:\Program Files (x86)\SearchesToYesbnd\_ALLOWDEL_27bfc\Gubed.exe -Yrrehs
C:\Program Files (x86)\SearchesToYesbnd
GroupPolicy: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\S-1-5-21-2999985383-601964839-3280780558-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2999985383-601964839-3280780558-1002 -> {FA9EC097-C43E-4767-866A-E31FA5272B20} URL = 
Edge HomeButtonPage: HKU\S-1-5-21-2999985383-601964839-3280780558-1002 -> hxxp://www.nuesearch.com/?type=hp&ts=1465910606&z=37c7bcedfe0fcd79fcd0425g1zfq5w1t1g7e5q4e5z&from=wpm0614&uid=TOSHIBAXMQ01ABD075_Y34TPQEDTXXY34TPQEDT
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\2263ujb8.default -> luck
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\2263ujb8.default -> luck
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\2263ujb8.default -> luck
FF DefaultSearchEngine: Firefox\Firefox\Profiles\2263ujb8.default -> nice
FF SearchEngineOrder.1: Firefox\Firefox\Profiles\2263ujb8.default -> nice
FF SelectedSearchEngine: Firefox\Firefox\Profiles\2263ujb8.default -> nice
R3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [622080 2016-11-29] () [Brak podpisu cyfrowego] <==== UWAGA
R2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== UWAGA
S2 NosemayP; C:\ProgramData\Nosemay\Nosemay.exe [400264 2016-05-30] ()
S2 NosemayU; "C:\Program Files (x86)\Nosemay\Update\NosemayUpdate.exe" [X]
C:\Program Files (x86)\Nosemay
C:\ProgramData\Nosemay
Task: {1F357729-9984-4DAB-87F8-E84F39AF8EE7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
Task: {3DD526DA-F673-45CE-9002-14D1BC99DBD4} - System32\Tasks\NosemayUpdateTaskMachineCore => C:\Program Files (x86)\Nosemay\Update\NosemayUpdate.exe <==== UWAGA
Task: {4E26A63E-55E5-48A4-9E07-B46D50710A89} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
Task: {4E77BBE4-2C07-47A4-B58F-2A23B9C6D037} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
Task: {52A92279-2FDA-4755-AAE5-DC6FE44B503B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
Task: {7617830F-3E2E-4E14-BC84-8D8F0FDDD5BD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
Task: {7E519C3A-0D56-4C31-9AE4-5B2FBBD9429D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
Task: {85097416-4841-491B-B87F-ABC07F723D5B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
Task: {8BDB08BD-4D81-4A04-9149-8E9C34024CA0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
Task: {A1314326-5C03-448B-B853-3FA02E67EE70} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
Task: {B1AD7971-CD5B-4CA2-AD61-92C25DD1FE39} - System32\Tasks\NosemayUpdateTaskMachineUA => C:\Program Files (x86)\Nosemay\Update\NosemayUpdate.exe <==== UWAGA
Task: {D03E6501-354B-426D-9A6E-FAE0898D99BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
Task: {D60BA628-7A6A-4E69-AB00-993837E0D6EB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
C:\Users\MAG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Coldjob\Application\chrome.exe (Google Inc.)
C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Coldjob\Application\chrome.exe (Google Inc.)
C:\Program Files (x86)\Coldjob
C:\Users\MAG\AppData\Local\Coldjob
C:\Users\MAG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
C:\Users\Public\Desktop\Mozilla Firefox.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
CMD: dir /a "C:\Program Files"
CMD: dir /a "C:\Program Files (x86)"
CMD: dir /a "C:\Program Files\Common Files\System"
CMD: dir /a "C:\Program Files (x86)\Common Files\System"
CMD: dir /a C:\ProgramData
CMD: dir /a C:\Users\MAG\AppData\Local
CMD: dir /a C:\Users\MAG\AppData\LocalLow
CMD: dir /a C:\Users\MAG\AppData\Roaming
Hosts:
EmptyTemp:
*****************

Procesy zostały pomyślnie zamknięte.
Punkt przywracania został pomyślnie utworzony.
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\adva3d10 => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\advavel9 => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\advp10_1 => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\adsncapi => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\adsn3d32 => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\adsnGSM7 => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\adsnSCII => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\adsnd3d9 => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\advp0_43 => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\advpfCdp => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\advpclen => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\advpider => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\aeevtlib => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\amsilder => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\adsntnet => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\advad3d9 => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\adva8thk => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\advadxof => Wartość pomyślnie usunięto
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Windows\CurrentVersion\Run\\advaider => Wartość pomyślnie usunięto
C:\Users\MAG\AppData\Roaming\cdptcli => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\cemaider => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\certtenc => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\capicca => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\catsosys => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\catsmapi => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\Certwmdm => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\cfgmdiag => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\ChakgIME\amsiTVID.exe => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\charclb\amsianui.exe => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\charis-2\amsianui.exe => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\clbonfg\amstview.exe => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\cmluutil\apdsrvps.exe => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\cabitons\advaavrt.exe => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\cdprtcli\aeevProv.exe => pomyślnie przeniesiono
C:\Users\MAG\AppData\Roaming\certtmgr\aeevwcli.exe => pomyślnie przeniesiono
"C:\Windows\system32\nvinitx.dll" => Dane wartości pomyślnie usunięto.
",C:\WINDOWS\system32\nvinitx.dll" => Dane wartości nie znaleziono.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MRT.exe" => klucz pomyślnie usunięto
"C:\Program Files (x86)\SearchesToYesbnd" => nie znaleziono.
C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono
C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto
"HKU\S-1-5-21-2999985383-601964839-3280780558-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FA9EC097-C43E-4767-866A-E31FA5272B20}" => klucz pomyślnie usunięto
HKCR\CLSID\{FA9EC097-C43E-4767-866A-E31FA5272B20} => klucz nie znaleziono. 
HKU\S-1-5-21-2999985383-601964839-3280780558-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => Wartość pomyślnie usunięto
Firefox DefaultSearchEngine pomyślnie usunięto
Firefox SearchEngineOrder.1 pomyślnie usunięto
Firefox SelectedSearchEngine pomyślnie usunięto
Firefox DefaultSearchEngine pomyślnie usunięto
Firefox SearchEngineOrder.1 pomyślnie usunięto
Firefox SelectedSearchEngine pomyślnie usunięto
iThemes5 => serwis pomyślnie usunięto
hklm\System\CurrentControlSet\Services\Themes\\DependOnService => Wartość pomyślnie usunięto
NosemayP => Nie można zatrzymać usługi.
NosemayP => serwis pomyślnie usunięto
NosemayU => serwis pomyślnie usunięto
"C:\Program Files (x86)\Nosemay" => nie znaleziono.
C:\ProgramData\Nosemay => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F357729-9984-4DAB-87F8-E84F39AF8EE7}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F357729-9984-4DAB-87F8-E84F39AF8EE7}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DD526DA-F673-45CE-9002-14D1BC99DBD4}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DD526DA-F673-45CE-9002-14D1BC99DBD4}" => klucz pomyślnie usunięto
C:\WINDOWS\System32\Tasks\NosemayUpdateTaskMachineCore => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NosemayUpdateTaskMachineCore" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E26A63E-55E5-48A4-9E07-B46D50710A89}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E26A63E-55E5-48A4-9E07-B46D50710A89}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E77BBE4-2C07-47A4-B58F-2A23B9C6D037}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E77BBE4-2C07-47A4-B58F-2A23B9C6D037}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52A92279-2FDA-4755-AAE5-DC6FE44B503B}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52A92279-2FDA-4755-AAE5-DC6FE44B503B}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7617830F-3E2E-4E14-BC84-8D8F0FDDD5BD}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7617830F-3E2E-4E14-BC84-8D8F0FDDD5BD}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E519C3A-0D56-4C31-9AE4-5B2FBBD9429D}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E519C3A-0D56-4C31-9AE4-5B2FBBD9429D}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85097416-4841-491B-B87F-ABC07F723D5B}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85097416-4841-491B-B87F-ABC07F723D5B}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BDB08BD-4D81-4A04-9149-8E9C34024CA0}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BDB08BD-4D81-4A04-9149-8E9C34024CA0}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1314326-5C03-448B-B853-3FA02E67EE70}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1314326-5C03-448B-B853-3FA02E67EE70}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1AD7971-CD5B-4CA2-AD61-92C25DD1FE39}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1AD7971-CD5B-4CA2-AD61-92C25DD1FE39}" => klucz pomyślnie usunięto
C:\WINDOWS\System32\Tasks\NosemayUpdateTaskMachineUA => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NosemayUpdateTaskMachineUA" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D03E6501-354B-426D-9A6E-FAE0898D99BC}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D03E6501-354B-426D-9A6E-FAE0898D99BC}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D60BA628-7A6A-4E69-AB00-993837E0D6EB}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D60BA628-7A6A-4E69-AB00-993837E0D6EB}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => klucz pomyślnie usunięto
"C:\Users\MAG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Coldjob\Application\chrome.exe (Google Inc.)" => nie znaleziono.
"C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Coldjob\Application\chrome.exe (Google Inc.)" => nie znaleziono.
C:\Program Files (x86)\Coldjob => pomyślnie przeniesiono
C:\Users\MAG\AppData\Local\Coldjob => pomyślnie przeniesiono
"C:\Users\MAG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk" => nie znaleziono.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => pomyślnie przeniesiono
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => pomyślnie przeniesiono

========= dir /a "C:\Program Files" =========

 Volume in drive C is TI31202900A
 Volume Serial Number is 78F4-8EAA

 Directory of C:\Program Files

2016-11-08  10:10    <DIR>          .
2016-11-08  10:10    <DIR>          ..
2016-02-29  18:23    <DIR>          Bonjour
2016-09-24  04:11    <DIR>          Common Files
2016-09-24  04:11    <DIR>          CONEXANT
2016-07-16  12:45               174 desktop.ini
2014-09-21  20:12    <DIR>          HP
2016-09-24  04:11    <DIR>          Intel
2016-10-17  11:33    <DIR>          Internet Explorer
2016-11-08  10:10    <DIR>          iPod
2016-11-08  10:12    <DIR>          iTunes
2014-09-03  01:12    <DIR>          Microsoft Analysis Services
2014-12-26  02:10    <DIR>          Microsoft Office
2016-10-17  13:50    <DIR>          Microsoft Silverlight
2016-09-24  04:10    <DIR>          MSBuild
2016-09-24  04:12    <DIR>          NVIDIA Corporation
2016-09-24  04:10    <DIR>          Reference Assemblies
2015-03-28  15:04    <DIR>          Rossmann
2016-09-24  03:59    <DIR>          Synaptics
2013-11-19  11:34    <DIR>          Toshiba
2015-07-10  13:21    <DIR>          Uninstall Information
2016-09-24  04:43    <DIR>          Windows Defender
2016-10-17  11:33    <DIR>          Windows Mail
2016-11-08  11:35    <DIR>          Windows Media Player
2016-07-16  12:47    <DIR>          Windows Multimedia Platform
2016-09-24  04:50    <DIR>          Windows NT
2016-10-17  11:33    <DIR>          Windows Photo Viewer
2016-07-16  12:47    <DIR>          Windows Portable Devices
2016-07-16  12:47    <DIR>          Windows Sidebar
2016-12-03  18:34    <DIR>          WindowsApps
2016-07-16  12:47    <DIR>          WindowsPowerShell
2015-05-05  07:14    <DIR>          WinRAR
               1 File(s)            174 bytes
              31 Dir(s)  388˙262˙051˙840 bytes free

========= Koniec  CMD: =========


========= dir /a "C:\Program Files (x86)" =========

 Volume in drive C is TI31202900A
 Volume Serial Number is 78F4-8EAA

 Directory of C:\Program Files (x86)

2016-12-06  19:16    <DIR>          .
2016-12-06  19:16    <DIR>          ..
2015-07-08  18:36    <DIR>          Adobe
2015-01-06  16:58    <DIR>          AGEIA Technologies
2016-03-30  08:14    <DIR>          Apple Software Update
2013-11-19  11:28    <DIR>          Atheros
2016-11-08  09:54    <DIR>          Bedhat
2013-11-19  11:27    <DIR>          Bluetooth Suite
2016-02-29  18:23    <DIR>          Bonjour
2015-12-28  21:05    <DIR>          CDex_140b9
2016-09-24  04:12    <DIR>          Common Files
2016-10-19  12:38    <DIR>          Cupduck
2016-07-16  12:45               174 desktop.ini
2013-11-19  11:22    <DIR>          DTS, Inc
2013-11-19  11:42    <DIR>          eBay
2016-03-24  12:59    <DIR>          Google
2016-07-12  10:59    <DIR>          InstallShield Installation Information
2013-11-19  11:12    <DIR>          Intel
2016-10-17  11:33    <DIR>          Internet Explorer
2016-12-06  17:10    <DIR>          Kaspersky Lab
2014-09-03  02:54    <DIR>          McAfee
2016-12-05  11:30                 0 metadata
2014-09-03  01:12    <DIR>          Microsoft Analysis Services
2014-10-26  20:05    <DIR>          Microsoft ASP.NET
2014-09-03  01:12    <DIR>          Microsoft Office
2016-10-17  13:50    <DIR>          Microsoft Silverlight
2016-09-24  04:12    <DIR>          Microsoft.NET
2014-12-25  17:02    <DIR>          MiniToolR Solution Ltd
2016-03-21  23:35    <DIR>          Mozilla Firefox
2016-03-21  23:35    <DIR>          Mozilla Maintenance Service
2016-09-24  04:10    <DIR>          MSBuild
2015-01-30  22:15    <DIR>          Network Print Monitor
2016-09-24  04:12    <DIR>          NVIDIA Corporation
2015-06-16  19:08    <DIR>          Opera
2016-09-24  04:10    <DIR>          Reference Assemblies
2016-12-05  11:30    <DIR>          reports
2016-07-12  11:01    <DIR>          Samsung
2016-12-05  11:30                40 settings.dat
2013-09-11  23:32    <DIR>          Spotify
2016-10-19  12:37         1˙560˙800 SSFK.exe
2014-12-25  16:52    <DIR>          The.Sims.4.2014.Digital.Deluxe.CRACKv6-UPDATEv2-3DM
2013-11-19  12:19    <DIR>          TOSHIBA
2013-11-19  12:09    <DIR>          TOSHIBA Games
2013-11-19  11:42    <DIR>          Toshiba TEMPRO
2014-09-21  20:01    <DIR>          TP-LINK
2016-09-24  03:58    <DIR>          Uninstall Information
2013-11-19  12:07    <DIR>          WildGames
2013-11-19  11:42    <DIR>          WildTangent Games
2016-09-24  04:43    <DIR>          Windows Defender
2016-09-24  04:12    <DIR>          Windows Mail
2016-11-08  11:35    <DIR>          Windows Media Player
2016-07-16  12:47    <DIR>          Windows Multimedia Platform
2016-07-16  12:47    <DIR>          Windows NT
2016-10-17  11:33    <DIR>          Windows Photo Viewer
2016-07-16  12:47    <DIR>          Windows Portable Devices
2016-07-16  12:47    <DIR>          Windows Sidebar
2016-07-16  12:47    <DIR>          WindowsPowerShell
               4 File(s)      1˙561˙014 bytes
              53 Dir(s)  388˙262˙035˙456 bytes free

========= Koniec  CMD: =========


========= dir /a "C:\Program Files\Common Files\System" =========

 Volume in drive C is TI31202900A
 Volume Serial Number is 78F4-8EAA

 Directory of C:\Program Files\Common Files\System

2016-07-16  23:04    <DIR>          .
2016-07-16  23:04    <DIR>          ..
2016-07-16  23:04    <DIR>          ado
2016-07-16  12:43            32˙256 DirectDB.dll
2016-09-24  04:30    <DIR>          en-US
2016-07-16  23:04    <DIR>          msadc
2016-09-24  04:11    <DIR>          Ole DB
2016-07-16  23:04    <DIR>          pl-PL
2016-07-16  12:42           867˙840 wab32.dll
2016-07-16  12:42           964˙096 wab32res.dll
               3 File(s)      1˙864˙192 bytes
               7 Dir(s)  388˙262˙035˙456 bytes free

========= Koniec  CMD: =========


========= dir /a "C:\Program Files (x86)\Common Files\System" =========

 Volume in drive C is TI31202900A
 Volume Serial Number is 78F4-8EAA

 Directory of C:\Program Files (x86)\Common Files\System

2016-07-16  23:04    <DIR>          .
2016-07-16  23:04    <DIR>          ..
2016-07-16  23:04    <DIR>          ado
2016-07-16  12:43            28˙160 DirectDB.dll
2016-09-24  04:30    <DIR>          en-US
2016-07-16  23:04    <DIR>          msadc
2016-10-17  11:33    <DIR>          Ole DB
2016-07-16  23:04    <DIR>          pl-PL
2016-07-16  12:42           753˙152 wab32.dll
2016-07-16  12:42           964˙096 wab32res.dll
               3 File(s)      1˙745˙408 bytes
               7 Dir(s)  388˙262˙035˙456 bytes free

========= Koniec  CMD: =========


========= dir /a C:\ProgramData =========

 Volume in drive C is TI31202900A
 Volume Serial Number is 78F4-8EAA

 Directory of C:\ProgramData

2016-12-06  19:16    <DIR>          .
2016-12-06  19:16    <DIR>          ..
2015-07-08  18:36    <DIR>          Adobe
2015-04-30  12:21    <DIR>          Apple
2015-04-30  12:23    <DIR>          Apple Computer
2016-07-16  12:47    <DIR>          Comms
2016-09-24  04:12    <DIR>          Conexant
2014-09-02  23:58    <JUNCTION>     Dane aplikacji [C:\ProgramData]
2014-09-02  23:58    <JUNCTION>     Dokumenty [C:\Users\Public\Documents]
2015-07-21  19:18    <DIR>          E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-11-08  12:39    <DIR>          fibfi
2016-12-01  11:13    <DIR>          ficfi
2016-11-08  09:53    <DIR>          hadga
2016-11-10  12:14    <DIR>          hbeha
2014-12-10  15:41    <DIR>          hps
2016-12-01  11:13    <DIR>          icfib
2013-11-19  11:20    <DIR>          Intel
2016-10-21  18:04    <DIR>          jcfic
2016-11-15  22:27    <DIR>          jdgjc
2016-12-06  19:16    <DIR>          Kaspersky Lab
2016-12-06  17:21    <DIR>          Kaspersky Lab Setup Files
2014-12-06  22:24    <DIR>          Local Settings
2014-09-03  02:54    <DIR>          McAfee
2014-09-02  23:58    <JUNCTION>     Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu]
2016-11-08  09:54    <DIR>          Microsoft
2016-11-09  11:15    <DIR>          Microsoft Help
2016-09-24  04:55    <DIR>          Microsoft OneDrive
2014-09-03  01:44    <DIR>          Mozilla
2016-12-06  16:38             8˙192 ntuser.dat
2016-12-06  16:38             8˙192 ntuser.dat.LOG1
2016-12-06  16:38                 0 ntuser.dat.LOG2
2016-12-06  16:38            65˙536 ntuser.dat{409dcc59-bb94-11e6-8620-a4db30fa5aba}.TM.blf
2016-12-06  16:38           524˙288 ntuser.dat{409dcc59-bb94-11e6-8620-a4db30fa5aba}.TMContainer00000000000000000001.regtrans-ms
2016-12-06  16:38           524˙288 ntuser.dat{409dcc59-bb94-11e6-8620-a4db30fa5aba}.TMContainer00000000000000000002.regtrans-ms
2016-09-24  11:17               266 ntuser.pol
2016-09-24  03:58    <DIR>          NVIDIA
2016-09-24  04:12    <DIR>          NVIDIA Corporation
2014-09-25  13:28    <DIR>          Origin
2015-02-12  22:43    <DIR>          Package Cache
2014-09-02  23:58    <JUNCTION>     Pulpit [C:\Users\Public\Desktop]
2013-11-19  11:28    <DIR>          Qualcomm Atheros
2016-09-24  04:18    <DIR>          regid.1991-06.com.microsoft
2016-07-12  11:01    <DIR>          Samsung
2016-07-16  12:47    <DIR>          SoftwareDistribution
2013-11-19  11:22    <DIR>          SRS Labs
2014-09-02  23:58    <JUNCTION>     Szablony [C:\ProgramData\Microsoft\Windows\Templates]
2014-12-10  15:13    <DIR>          tmp
2014-09-03  00:19    <DIR>          Toshiba
2014-09-03  00:18    <DIR>          ToshibaEurope
2016-12-01  11:14    <DIR>          ttff
2016-09-24  04:52    <DIR>          USOPrivate
2016-09-24  04:52    <DIR>          USOShared
2013-11-19  12:08    <DIR>          WildTangent
               7 File(s)      1˙130˙762 bytes
              46 Dir(s)  388˙262˙031˙360 bytes free

========= Koniec  CMD: =========


========= dir /a C:\Users\MAG\AppData\Local =========

 Volume in drive C is TI31202900A
 Volume Serial Number is 78F4-8EAA

 Directory of C:\Users\MAG\AppData\Local

2016-12-06  19:16    <DIR>          .
2016-12-06  19:16    <DIR>          ..
2016-02-07  05:11    <DIR>          ActiveSync
2016-10-16  12:21    <DIR>          Adobe
2015-04-30  12:22    <DIR>          Apple
2016-03-30  08:09    <DIR>          Apple Computer
2016-11-08  12:40    <DIR>          Bedhat
2015-07-16  10:04    <DIR>          CEF
2015-08-30  22:36    <DIR>          Comms
2016-09-24  11:24    <DIR>          ConnectedDevicesPlatform
2016-06-14  14:23    <DIR>          Cupduck
2016-09-24  04:06    <JUNCTION>     Dane aplikacji [C:\Users\MAG\AppData\Local]
2016-04-10  12:15    <DIR>          Diagnostics
2016-07-12  10:58    <DIR>          Downloaded Installations
2015-06-16  19:08    <DIR>          EmieBrowserModeList
2015-06-16  19:08    <DIR>          EmieSiteList
2015-06-16  19:08    <DIR>          EmieUserList
2016-02-12  07:41    <DIR>          F727A298-4DB4-456A-AC54-A93EA5F8554D
2016-10-19  12:44    <DIR>          Firefox
2016-11-11  07:18    <DIR>          Google
2015-06-03  06:46    <DIR>          GWX
2016-09-24  04:06    <JUNCTION>     Historia [C:\Users\MAG\AppData\Local\Microsoft\Windows\History]
2016-12-06  17:21           153˙771 IconCache.db
2015-06-10  16:07    <DIR>          Intel_Corporation
2014-09-03  03:08    <DIR>          Macromedia
2016-09-25  09:19    <DIR>          Microsoft
2014-09-03  01:12    <DIR>          Microsoft Help
2015-09-24  11:11    <DIR>          MicrosoftEdge
2014-09-03  01:44    <DIR>          Mozilla
2015-10-17  13:04    <DIR>          NetworkTiles
2014-09-21  19:03    <DIR>          NVIDIA
2014-09-21  19:02    <DIR>          NVIDIA Corporation
2015-06-16  06:59    <DIR>          Opera Software
2016-12-03  18:32    <DIR>          Packages
2014-12-25  18:10    <DIR>          Programs
2015-08-30  22:37    <DIR>          Publishers
2016-07-12  11:03    <DIR>          Samsung
2016-12-06  19:16    <DIR>          Temp
2016-09-24  04:06    <JUNCTION>     Temporary Internet Files [C:\Users\MAG\AppData\Local\Microsoft\Windows\INetCache]
2015-08-30  22:31    <DIR>          TileDataLayer
2014-09-03  00:18    <DIR>          TOSHIBA
2015-12-28  21:06    <DIR>          VirtualStore
               1 File(s)        153˙771 bytes
              41 Dir(s)  388˙262˙027˙264 bytes free

========= Koniec  CMD: =========


========= dir /a C:\Users\MAG\AppData\LocalLow =========

 Volume in drive C is TI31202900A
 Volume Serial Number is 78F4-8EAA

 Directory of C:\Users\MAG\AppData\LocalLow

2015-07-16  10:07    <DIR>          .
2015-07-16  10:07    <DIR>          ..
2015-04-10  12:17    <DIR>          Adobe
2015-01-06  17:46    <DIR>          EmieBrowserModeList
2016-07-15  09:12    <DIR>          EmieSiteList
2016-07-15  09:12    <DIR>          EmieUserList
2015-03-28  14:32    <DIR>          Microsoft
2015-07-16  10:07    <DIR>          Temp
               0 File(s)              0 bytes
               8 Dir(s)  388˙262˙027˙264 bytes free

========= Koniec  CMD: =========


========= dir /a C:\Users\MAG\AppData\Roaming =========

 Volume in drive C is TI31202900A
 Volume Serial Number is 78F4-8EAA

 Directory of C:\Users\MAG\AppData\Roaming

2016-12-06  19:16    <DIR>          .
2016-12-06  19:16    <DIR>          ..
2015-07-08  18:52    <DIR>          Adobe
2016-03-30  08:26    <DIR>          Apple Computer
2016-12-06  19:16    <DIR>          cabitons
2016-12-06  19:16    <DIR>          cdprtcli
2016-12-06  19:16    <DIR>          certtmgr
2016-12-06  19:16    <DIR>          ChakgIME
2016-12-06  19:16    <DIR>          charclb
2016-12-06  19:16    <DIR>          charis-2
2016-12-06  19:16    <DIR>          clbonfg
2016-12-06  19:16    <DIR>          cmluutil
2016-10-19  12:38    <DIR>          Firefox
2014-12-26  02:19    <DIR>          GHISLER
2016-12-01  11:13    <DIR>          ibfib
2016-02-29  17:20    <DIR>          Identities
2016-02-02  00:38    <DIR>          KasperskyUpgradeLogs
2014-09-03  01:42    <DIR>          Macromedia
2014-12-26  02:19    <DIR>          MFP and Storage Server
2016-12-05  21:36    <DIR>          Microsoft
2014-09-03  01:44    <DIR>          Mozilla
2015-04-10  12:00    <DIR>          NVIDIA
2015-06-16  06:59    <DIR>          Opera Software
2016-07-12  11:03    <DIR>          Samsung
2014-12-17  22:21    <DIR>          Se
2016-09-19  18:13    <DIR>          setup1
2016-08-27  23:28    <DIR>          Skype
2015-03-22  17:59    <DIR>          sMedio
2015-01-19  18:24    <DIR>          Tweman
2014-09-03  01:08    <DIR>          WinRAR
               0 File(s)              0 bytes
              30 Dir(s)  388˙262˙023˙168 bytes free

========= Koniec  CMD: =========

"C:\Windows\System32\Drivers\etc\hosts" => Nie można przenieść.
Nie można przywrócić Hosts.

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12262521 B
Java, Flash, Steam htmlcache => 69493 B
Windows/system/drivers => 10819984 B
Edge => 164395822 B
Chrome => 0 B
Firefox => 385569536 B
Opera => 12787136 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 850631 B
NetworkService => 15596 B
MAG => 116585084 B

RecycleBin => 0 B
EmptyTemp: => 670.8 MB danych tymczasowych Usunięto.

================================


System wymagał restartu.

==== Koniec  Fixlog 19:34:53 ====