Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 20-09-2017 Uruchomiony przez Julietta Stepaniak (21-09-2017 18:04:03) Run:1 Uruchomiony z C:\Users\media\Desktop Załadowane profile: Julietta Stepaniak (Dostępne profile: Julietta Stepaniak) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-204455593-1543837664-2498303104-1001\...\ChromeHTML: -> "C:\Program Files (x86)\Doeye\Application\chrome.exe" "%1" <==== UWAGA Task: {2431548D-8098-462D-B275-F2D973A589D2} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe C:\Program Files (x86)\Doeye C:\Users\media\AppData\Roaming\Doeye C:\Users\media\AppData\Local\Doeye HKU\S-1-5-21-204455593-1543837664-2498303104-1001\...\Run: [background_fault] => C:\Users\media\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-27] (AVAST Software) <==== UWAGA HKU\S-1-5-21-204455593-1543837664-2498303104-1001\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i hxxp://point.ltdmsjq.com/?data=zDlkMj8xFkEdFUM8NkVLNTF1MYUdRWZSOWM3RYYxOUUyFTY1RH== /q <==== UWAGA C:\Users\media\AppData\Local\background_fault IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe IFEO\taskmgr.exe: [Debugger] HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492615606&z=89b2548e3c8f5097e107c97gbz4teofqeg7w2q2e8z&from=che0812&uid=SAMSUNGXMZMTD128HAFV-000_S15MNYBD726571 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492615606&z=89b2548e3c8f5097e107c97gbz4teofqeg7w2q2e8z&from=che0812&uid=SAMSUNGXMZMTD128HAFV-000_S15MNYBD726571 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492615606&z=89b2548e3c8f5097e107c97gbz4teofqeg7w2q2e8z&from=che0812&uid=SAMSUNGXMZMTD128HAFV-000_S15MNYBD726571&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492615606&z=89b2548e3c8f5097e107c97gbz4teofqeg7w2q2e8z&from=che0812&uid=SAMSUNGXMZMTD128HAFV-000_S15MNYBD726571&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492615606&z=89b2548e3c8f5097e107c97gbz4teofqeg7w2q2e8z&from=che0812&uid=SAMSUNGXMZMTD128HAFV-000_S15MNYBD726571 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492615606&z=89b2548e3c8f5097e107c97gbz4teofqeg7w2q2e8z&from=che0812&uid=SAMSUNGXMZMTD128HAFV-000_S15MNYBD726571 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492615606&z=89b2548e3c8f5097e107c97gbz4teofqeg7w2q2e8z&from=che0812&uid=SAMSUNGXMZMTD128HAFV-000_S15MNYBD726571&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492615606&z=89b2548e3c8f5097e107c97gbz4teofqeg7w2q2e8z&from=che0812&uid=SAMSUNGXMZMTD128HAFV-000_S15MNYBD726571&q={searchTerms} HKU\S-1-5-21-204455593-1543837664-2498303104-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492615606&z=89b2548e3c8f5097e107c97gbz4teofqeg7w2q2e8z&from=che0812&uid=SAMSUNGXMZMTD128HAFV-000_S15MNYBD726571 HKU\S-1-5-21-204455593-1543837664-2498303104-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492615606&z=89b2548e3c8f5097e107c97gbz4teofqeg7w2q2e8z&from=che0812&uid=SAMSUNGXMZMTD128HAFV-000_S15MNYBD726571 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-204455593-1543837664-2498303104-1001 -> {306586E7-F494-4E28-96D7-E8E9E9F6C4E5} URL = SearchScopes: HKU\S-1-5-21-204455593-1543837664-2498303104-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = HKU\S-1-5-21-204455593-1543837664-2498303104-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Doeye\Application\chrome.exe <==== UWAGA S2 EastnessSU; "C:\Users\media\AppData\Local\Temp\f1510.tmp\BaofengUpdate_U.exe" /i [X] <==== UWAGA S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X] <==== UWAGA S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X] <==== UWAGA C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk C:\Users\media\AppData\Local\Microsoft\Windows\Application Shortcuts\SAMSUNGELECTRONICSCO.LTD.SamsungStory_3c1yjt4zspk6g\App.lnk C:\Users\media\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Calendar.lnk C:\Users\media\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Mail.lnk C:\Users\media\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.People.lnk C:\Users\media\AppData\Local\Microsoft\Windows\Application Shortcuts\A0762F4C.tvnplayer_h009t4rdk3q9m\App.lnk C:\Users\media\AppData\Local\Microsoft\Windows\Application Shortcuts\8A47CE85.SPlayer_8qmkzsjdagxzj\TMTMetroApp.lnk DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Users\media\AppData\Local\Mozilla C:\Users\media\AppData\Roaming\Mozilla C:\Users\media\AppData\Roaming\Profiles C:\Program Files (x86)\Mozilla Firefox C:\ProgramData\Mozilla CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files\System" CMD: dir /a "C:\Program Files (x86)\Common Files\System" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\media\AppData\Local CMD: dir /a C:\Users\media\AppData\LocalLow CMD: dir /a C:\Users\media\AppData\Roaming CMD: netsh advfirewall reset Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} Hosts: EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKU\S-1-5-21-204455593-1543837664-2498303104-1001_Classes\ChromeHTML => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2431548D-8098-462D-B275-F2D973A589D2} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2431548D-8098-462D-B275-F2D973A589D2} => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateChoiceProcessTask => klucz pomyślnie usunięto "C:\Program Files (x86)\Doeye" => nie znaleziono. "C:\Users\media\AppData\Roaming\Doeye" => nie znaleziono. "C:\Users\media\AppData\Local\Doeye" => nie znaleziono. HKU\S-1-5-21-204455593-1543837664-2498303104-1001\Software\Microsoft\Windows\CurrentVersion\Run\\background_fault => Wartość pomyślnie usunięto HKU\S-1-5-21-204455593-1543837664-2498303104-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\Shell => Wartość pomyślnie usunięto C:\Users\media\AppData\Local\background_fault => pomyślnie przeniesiono HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GoogleUpdate.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GoogleUpdaterService.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe => klucz pomyślnie usunięto HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-204455593-1543837664-2498303104-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-204455593-1543837664-2498303104-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-204455593-1543837664-2498303104-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{306586E7-F494-4E28-96D7-E8E9E9F6C4E5} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{306586E7-F494-4E28-96D7-E8E9E9F6C4E5} => klucz nie znaleziono. HKU\S-1-5-21-204455593-1543837664-2498303104-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-204455593-1543837664-2498303104-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML => klucz pomyślnie usunięto HKLM\System\CurrentControlSet\Services\EastnessSU => klucz pomyślnie usunięto EastnessSU => serwis pomyślnie usunięto iSafeKrnlBoot => serwis nie znaleziono. iSafeNetFilter => serwis nie znaleziono. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => pomyślnie przeniesiono C:\Users\media\AppData\Local\Microsoft\Windows\Application Shortcuts\SAMSUNGELECTRONICSCO.LTD.SamsungStory_3c1yjt4zspk6g\App.lnk => pomyślnie przeniesiono C:\Users\media\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Calendar.lnk => pomyślnie przeniesiono C:\Users\media\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Mail.lnk => pomyślnie przeniesiono C:\Users\media\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.People.lnk => pomyślnie przeniesiono C:\Users\media\AppData\Local\Microsoft\Windows\Application Shortcuts\A0762F4C.tvnplayer_h009t4rdk3q9m\App.lnk => pomyślnie przeniesiono C:\Users\media\AppData\Local\Microsoft\Windows\Application Shortcuts\8A47CE85.SPlayer_8qmkzsjdagxzj\TMTMetroApp.lnk => pomyślnie przeniesiono HKCU\Software\Mozilla => klucz pomyślnie usunięto HKCU\Software\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Mozilla => klucz pomyślnie usunięto HKLM\SOFTWARE\MozillaPlugins => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Mozilla => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\mozilla.org => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => klucz pomyślnie usunięto "C:\Users\media\AppData\Local\Mozilla" => nie znaleziono. C:\Users\media\AppData\Roaming\Mozilla => pomyślnie przeniesiono "C:\Users\media\AppData\Roaming\Profiles" => nie znaleziono. "C:\Program Files (x86)\Mozilla Firefox" => nie znaleziono. "C:\ProgramData\Mozilla" => nie znaleziono. ========= dir /a "C:\Program Files" ========= Volume in drive C has no label. Volume Serial Number is 2C17-11ED Directory of C:\Program Files 2017-09-21 13:53 . 2017-09-21 13:53 .. 2016-06-23 22:32 AMD 2013-07-23 18:05 AMD Quick Stream 2013-07-23 18:04 ATI 2016-06-23 22:33 ATI Technologies 2016-09-28 02:28 AVAST Software 2013-07-23 18:10 Bitcasa 2016-11-09 21:54 Common Files 2013-08-22 17:35 174 desktop.ini 2016-06-23 22:32 Elantech 2015-02-12 12:40 Google 2017-05-17 11:55 Internet Explorer 2016-10-02 15:33 Microsoft Office 15 2016-06-23 22:00 MSBuild 2016-06-23 22:32 Realtek 2016-06-23 22:00 Reference Assemblies 2013-07-23 18:25 Samsung 2012-07-26 09:22 Uninstall Information 2017-04-12 13:48 Windows Defender 2016-06-23 23:01 Windows Mail 2016-06-23 22:49 Windows Media Player 2014-11-21 11:03 Windows Multimedia Platform 2016-06-23 23:02 Windows NT 2016-06-23 23:01 Windows Photo Viewer 2014-11-21 11:03 Windows Portable Devices 2016-06-23 22:49 Windows Sidebar 2017-08-16 19:50 WindowsApps 2014-11-21 11:02 WindowsPowerShell 1 File(s) 174 bytes 28 Dir(s) 53˙150˙466˙048 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Volume in drive C has no label. Volume Serial Number is 2C17-11ED Directory of C:\Program Files (x86) 2017-09-21 17:51 . 2017-09-21 17:51 .. 2013-07-23 18:23 Absolute Software 2013-07-23 18:22 Adobe 2013-07-23 18:05 AMD AVT 2016-06-23 22:33 ATI Technologies 2013-07-23 18:06 Bluetooth Suite 2017-09-21 13:56 Common Files 2015-02-08 14:34 D-Link Connection Manager 2013-08-22 17:34 174 desktop.ini 2017-08-14 21:56 Firefox 2015-02-12 12:39 Google 2013-07-23 18:19 InstallShield Installation Information 2017-05-17 11:55 Internet Explorer 2017-09-21 17:44 Microsoft Office 2016-10-02 17:59 Microsoft OneDrive 2016-10-02 17:51 Microsoft.NET 2017-04-17 19:13 MIO 2016-06-23 22:00 MSBuild 2016-10-02 17:15 OpenOffice 4 2013-07-23 18:22 PopCap Games 2013-07-23 15:05 Qualcomm Atheros 2013-07-23 18:08 Realtek 2016-06-23 22:00 Reference Assemblies 2014-03-23 19:40 Samsung 2017-04-02 11:45 ScreenShot 2017-09-20 02:29 Skype 2013-07-23 18:23 SymSilent 2016-05-31 20:32 T-Mobile 2013-07-23 15:03 Temp 2017-04-12 13:48 Windows Defender 2016-06-23 23:01 Windows Mail 2016-06-23 22:49 Windows Media Player 2014-11-21 11:02 Windows Multimedia Platform 2013-08-22 17:36 Windows NT 2016-06-23 23:01 Windows Photo Viewer 2014-11-21 11:02 Windows Portable Devices 2016-06-23 22:49 Windows Sidebar 2013-08-22 17:36 WindowsPowerShell 1 File(s) 174 bytes 38 Dir(s) 53˙150˙466˙048 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files\Common Files\System" ========= Volume in drive C has no label. Volume Serial Number is 2C17-11ED Directory of C:\Program Files\Common Files\System 2016-06-23 22:49 . 2016-06-23 22:49 .. 2017-05-17 11:55 ado 2013-12-03 10:52 de-DE 2014-11-21 07:00 32˙256 DirectDB.dll 2016-06-23 23:01 en-US 2013-12-03 10:53 fr-FR 2014-11-21 11:03 msadc 2013-12-03 10:53 nl-NL 2014-11-21 11:03 Ole DB 2014-11-21 06:07 pl-PL 2014-11-21 07:00 887˙296 wab32.dll 2013-08-22 13:42 988˙160 wab32res.dll 3 File(s) 1˙907˙712 bytes 10 Dir(s) 53˙150˙461˙952 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files\System" ========= Volume in drive C has no label. Volume Serial Number is 2C17-11ED Directory of C:\Program Files (x86)\Common Files\System 2016-06-23 22:49 . 2016-06-23 22:49 .. 2017-05-17 11:55 ado 2014-11-21 07:00 27˙648 DirectDB.dll 2016-06-23 23:01 en-US 2013-12-03 10:53 fr-FR 2014-11-21 11:02 msadc 2013-12-03 10:53 nl-NL 2016-06-23 22:12 Ole DB 2014-11-21 06:07 pl-PL 2014-11-21 07:00 760˙320 wab32.dll 2013-08-22 06:17 988˙160 wab32res.dll 3 File(s) 1˙776˙128 bytes 9 Dir(s) 53˙150˙466˙048 bytes free ========= Koniec CMD: ========= ========= dir /a C:\ProgramData ========= Volume in drive C has no label. Volume Serial Number is 2C17-11ED Directory of C:\ProgramData 2017-09-21 14:39 . 2017-09-21 14:39 .. 2014-09-28 13:58 Adobe 2013-07-23 18:05 AMD 2017-04-25 19:53 Apple 2013-08-22 16:45 Application Data [C:\ProgramData] 2017-07-05 17:24 Atheros 2013-07-23 18:06 ATI 2017-07-06 11:17 AVAST Software 2017-06-06 20:07 BIT 2013-07-23 15:06 ColorMode 2016-06-23 23:02 Dane aplikacji [C:\ProgramData] 2016-05-31 20:41 DatacardService 2013-08-22 16:45 Desktop [C:\Users\Public\Desktop] 2013-08-22 16:45 Documents [C:\Users\Public\Documents] 2016-06-23 23:02 Dokumenty [C:\Users\Public\Documents] 2015-02-12 12:40 Google 2016-05-31 20:34 Internet Manager 2017-07-26 18:23 log 2013-02-19 09:34 2˙064˙264 MakeMarkerFile.exe 2013-01-12 16:51 3˙004 MakeMarkerFile.xml 2016-06-23 23:02 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 2016-10-02 17:56 Microsoft 2016-10-02 17:58 Microsoft OneDrive 2016-11-14 19:26 MobileBrServ 2016-11-09 21:57 Norton 2013-07-23 18:17 NortonInstaller 2017-09-16 20:33 OnlineUpdate 2017-03-15 13:00 Package Cache 2014-06-05 12:44 PopCap Games 2016-06-23 22:49 PRICache 2016-06-23 23:02 Pulpit [C:\Users\Public\Desktop] 2013-07-23 15:05 Qualcomm Atheros 2017-09-21 13:57 regid.1991-06.com.microsoft 2016-06-06 22:39 Samsung 2017-09-20 02:27 Skype 2013-08-22 16:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2017-09-21 14:39 SWCUTemp 2016-06-23 23:02 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 2013-08-22 16:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2014-09-28 13:56 The Creative Engine Limited 2017-09-21 17:45 WinClon 2 File(s) 2˙067˙268 bytes 40 Dir(s) 53˙150˙461˙952 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\media\AppData\Local ========= Volume in drive C has no label. Volume Serial Number is 2C17-11ED Directory of C:\Users\media\AppData\Local 2017-09-21 18:06 . 2017-09-21 18:06 .. 2013-12-02 18:23 Absolute_Software 2014-09-28 13:58 Adobe 2016-06-24 04:27 AMD 2015-02-12 12:26 Apps 2013-12-02 18:25 ATI 2015-11-22 16:46 Axialis 2013-12-02 18:26 BMExplorer 2016-10-03 17:11 CEF 2016-05-31 20:57 CrashDumps 2016-06-23 22:44 Dane aplikacji [C:\Users\media\AppData\Local] 2017-03-16 20:54 Diagnostics 2017-09-21 17:53 ElevatedDiagnostics 2017-04-25 19:53 Firefox 2017-06-11 23:02 glory 2017-04-02 11:45 Google 2016-06-29 05:22 GWX 2016-06-23 22:44 Historia [C:\Users\media\AppData\Local\Microsoft\Windows\History] 2017-09-21 14:52 41˙902 IconCache.db 2017-04-20 09:16 Kitty 2017-05-17 17:02 Microsoft 2017-06-18 15:46 Packages 2017-04-02 11:46 Programs 2014-04-17 16:19 7˙615 Resmon.ResmonCfg 2014-05-30 16:19 Samsung 2017-09-21 18:04 Temp 2016-06-23 22:44 Temporary Internet Files [C:\Users\media\AppData\Local\Microsoft\Windows\INetCache] 2014-10-23 17:30 VirtualStore 2 File(s) 49˙517 bytes 27 Dir(s) 53˙150˙457˙856 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\media\AppData\LocalLow ========= Volume in drive C has no label. Volume Serial Number is 2C17-11ED Directory of C:\Users\media\AppData\LocalLow 2017-04-25 19:53 . 2017-04-25 19:53 .. 2014-09-28 13:58 Adobe 2013-12-03 19:53 Microsoft 2017-08-08 13:29 Mozilla 0 File(s) 0 bytes 5 Dir(s) 53˙150˙461˙952 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\media\AppData\Roaming ========= Volume in drive C has no label. Volume Serial Number is 2C17-11ED Directory of C:\Users\media\AppData\Roaming 2017-09-21 18:07 . 2017-09-21 18:07 .. 2017-03-30 23:26 114˙255 AbsoluteReminder.xml 2015-11-22 16:47 Adobe 2017-07-08 17:18 Atheros 2013-12-02 18:25 ATI 2015-02-12 12:40 AVAST Software 2017-06-21 11:51 Google 2016-06-24 04:18 Identities 2014-09-28 13:56 Intel 2013-12-05 17:20 Macromedia 2017-05-17 23:29 Microsoft 2016-10-02 17:18 OpenOffice 2014-03-23 19:40 Samsung 2017-04-13 16:59 ScreenShot 2017-09-21 17:45 Skype 1 File(s) 114˙255 bytes 15 Dir(s) 53˙150˙457˙856 bytes free ========= Koniec CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18640273 B Java, Flash, Steam htmlcache => 2164 B Windows/system/drivers => 60933563 B Edge => 0 B Chrome => 48900751 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 5991 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 183088 B systemprofile32 => 73371729 B LocalService => 1244658 B NetworkService => 1056 B media => 210256694 B RecycleBin => 0 B EmptyTemp: => 402.4 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 18:11:06 ====