Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 13-12-2017 Uruchomiony przez Mati (13-12-2017 18:47:02) Run:2 Uruchomiony z C:\Users\Mati\Downloads Załadowane profile: Mati (Dostępne profile: Mati) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: C:\Users\Mati\Desktop\TeamSpeak 3 Client.lnk C:\Users\Mati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku Task: {111FFD10-57D0-4B76-BBE5-8A7B66D6ACBE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {1D3FC0A2-7F44-4FAE-934F-564B350A26F6} - \WPD\SqmUpload_S-1-5-21-4274788851-1844473529-1912967261-1001 -> Brak pliku <==== UWAGA Task: {20FDA149-3D59-4386-A284-03DBE43FCBBD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {27FFA7C6-6188-4E7B-B3F7-C9B31CB1BE01} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {32D5ACF2-36E6-49D5-9575-4AC521C9DCAB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {B194A4E6-7E58-409E-81E4-F2507481BBE4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {6DCC83AA-2D96-4063-BC95-3AAAFD9097F9} - System32\Tasks\iFileSpy => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\iFileSpy\iFileSpy.dll",fssYCuS <==== UWAGA Task: {84AE8503-DE98-429B-8778-0EA6B8C71673} - System32\Tasks\{5DC18CEC-A5D6-48E3-AF2E-0B0465691F15} => C:\WINDOWS\Windows\ProgramData\svchost.exe <==== UWAGA Task: {B5AB1458-A8F1-4C6E-8718-2BCACFBA970A} - System32\Tasks\iMonitor Video Converter => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\iMonitor Video Converter\iMonitor Video Converter.dll",gquqPeqWRIV <==== UWAGA Task: {F431F7EF-5702-46AE-8D7E-89B7C4A143F6} - System32\Tasks\wincore => C:\WINDOWS\Windows\ProgramData\wincore.exe <==== UWAGA C:\Program Files\iFileSpy C:\Program Files\iMonitor Video Converter C:\WINDOWS\Windows\ProgramData C:\Users\Public\Desktop\Настройки FIFA14.lnk HKLM\...\Run: [pYrVerCaM4] => C:\Program Files\vsappltlpvsPJQUf\.mAJappltlpmAJ.vbs [168 2017-12-06] () HKLM\...\RunOnce: [MRM] => C:\WINDOWS\TEMP\g767E.tmp.exe <==== UWAGA C:\Program Files\vsappltlpvsPJQUf HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-4274788851-1844473529-1912967261-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - -> Brak pliku Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.pYrappltlppYr.vbs [2017-12-06] () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.pYrappltlppYr.vbs GroupPolicy: Ograniczenia - Chrome <==== UWAGA GroupPolicy\User: Ograniczenia <==== UWAGA S2 daeaService_1092541921; C:\ProgramData\daeaService\daeaService_1092541921.exe [278528 2017-11-12] () [Brak podpisu cyfrowego] C:\ProgramData\daeaService 2017-12-09 16:21 - 2017-12-09 16:21 - 001578080 _____ (Licarelo ) C:\Users\Mati\Downloads\Odkurzacz-12322-AsystentPobierania.exe 2017-11-13 21:39 - 2017-11-13 21:39 - 000553687 _____ C:\Users\Mati\Downloads\RegCleaner(dobreprogramy.pl).exe 2017-11-13 21:37 - 2017-11-13 21:37 - 001625840 _____ ( ) C:\Users\Mati\Downloads\RegCleaner-11442-AsystentPobierania.exe 2017-12-11 19:11 - 2017-12-11 19:11 - 000000000 ____D C:\ProgramData\Reimage Protector 2017-12-09 15:58 - 2017-12-09 16:38 - 000000000 ____D C:\Program Files\Reimage 2017-12-09 15:57 - 2017-12-09 16:01 - 000000140 _____ C:\WINDOWS\Reimage.ini 2017-12-09 15:57 - 2017-12-09 16:01 - 000000000 ____D C:\rei 2017-12-09 15:57 - 2017-12-09 15:57 - 000605424 _____ (Reimage) C:\Users\Mati\Downloads\ReimageRepair.exe 2017-11-19 20:17 - 2017-11-19 20:18 - 000000000 ____D C:\Users\Mati\AppData\Local\svchost 2017-11-12 14:33 - 2017-11-12 14:33 - 000000000 ____D C:\Users\Mati\AppData\Local\UCBrowser 2017-11-12 14:15 - 2017-12-05 22:06 - 000000000 ____D C:\Program Files\LaCie Private Public 2017-11-12 14:28 - 2017-11-12 14:29 - 000000000 ____D C:\Users\Mati\AppData\LocalLow\CelGrfgXIrZdI 2017-11-12 14:14 - 2017-11-12 14:15 - 000000000 ____D C:\Program Files\8G3RQ4LFWH 2017-11-12 14:14 - 2017-11-12 14:14 - 000000000 ____D C:\Users\Mati\AppData\Roaming\pwpbc0hmgny 2017-11-12 14:14 - 2017-11-12 14:14 - 000000000 ____D C:\Users\Mati\AppData\Roaming\j4pv0swdiqw 2017-11-12 14:14 - 2017-11-12 14:14 - 000000000 ____D C:\Users\Mati\AppData\Roaming\hgecfhwssht 2017-11-12 14:14 - 2017-11-12 14:14 - 000000000 ____D C:\Users\Mati\AppData\Roaming\Easeware 2017-11-12 14:13 - 2017-11-12 14:13 - 000000000 ____D C:\Users\Mati\AppData\Roaming\yvljcf0sph5 2017-11-12 14:13 - 2017-11-12 14:13 - 000000000 ____D C:\Program Files\ESKQBFV6BL 2017-11-12 14:15 - 2017-11-12 14:15 - 000000000 ____D C:\Program Files\ZOMHLLJKCH 2017-11-12 14:14 - 2017-11-12 14:14 - 000140800 _____ C:\Users\Mati\AppData\Local\installer.dat 2017-11-12 14:15 - 2017-11-12 14:15 - 000000000 ____D C:\Disk DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Users\Mati\AppData\Local\Mozilla C:\Users\Mati\AppData\Roaming\Mozilla C:\Users\Mati\AppData\Roaming\Profiles CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files\System" CMD: dir /a "C:\Program Files (x86)\Common Files\System" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Mati\AppData\Local CMD: dir /a C:\Users\Mati\AppData\LocalLow CMD: dir /a C:\Users\Mati\AppData\Roaming VirusTotal: C:\WINDOWS\system32\Drivers\VqipJuxB.sys Hosts: Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. C:\Users\Mati\Desktop\TeamSpeak 3 Client.lnk => pomyślnie przeniesiono C:\Users\Mati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk => pomyślnie przeniesiono "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => klucz nie znaleziono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{111FFD10-57D0-4B76-BBE5-8A7B66D6ACBE} => niepowodzenie przy usuwaniu klucz. ErrorCode1: 0x00000002 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{111FFD10-57D0-4B76-BBE5-8A7B66D6ACBE}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D3FC0A2-7F44-4FAE-934F-564B350A26F6}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D3FC0A2-7F44-4FAE-934F-564B350A26F6}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4274788851-1844473529-1912967261-1001" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20FDA149-3D59-4386-A284-03DBE43FCBBD}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20FDA149-3D59-4386-A284-03DBE43FCBBD}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27FFA7C6-6188-4E7B-B3F7-C9B31CB1BE01}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27FFA7C6-6188-4E7B-B3F7-C9B31CB1BE01}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32D5ACF2-36E6-49D5-9575-4AC521C9DCAB}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32D5ACF2-36E6-49D5-9575-4AC521C9DCAB}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B194A4E6-7E58-409E-81E4-F2507481BBE4}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B194A4E6-7E58-409E-81E4-F2507481BBE4}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6DCC83AA-2D96-4063-BC95-3AAAFD9097F9}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DCC83AA-2D96-4063-BC95-3AAAFD9097F9}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\iFileSpy => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iFileSpy" => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84AE8503-DE98-429B-8778-0EA6B8C71673} => klucz nie znaleziono C:\WINDOWS\System32\Tasks\{5DC18CEC-A5D6-48E3-AF2E-0B0465691F15} => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5DC18CEC-A5D6-48E3-AF2E-0B0465691F15} => klucz nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B5AB1458-A8F1-4C6E-8718-2BCACFBA970A}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5AB1458-A8F1-4C6E-8718-2BCACFBA970A}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\iMonitor Video Converter => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iMonitor Video Converter" => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F431F7EF-5702-46AE-8D7E-89B7C4A143F6} => klucz nie znaleziono C:\WINDOWS\System32\Tasks\wincore => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wincore => klucz nie znaleziono C:\Program Files\iFileSpy => pomyślnie przeniesiono C:\Program Files\iMonitor Video Converter => pomyślnie przeniesiono "C:\WINDOWS\Windows\ProgramData" => nie znaleziono. C:\Users\Public\Desktop\Настройки FIFA14.lnk => pomyślnie przeniesiono HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pYrVerCaM4 => Wartość pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\MRM => Wartość pomyślnie usunięto C:\Program Files\vsappltlpvsPJQUf => pomyślnie przeniesiono "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A" => pomyślnie usunięto "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138" => pomyślnie usunięto "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => pomyślnie usunięto HKU\S-1-5-21-4274788851-1844473529-1912967261-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks => Wartość pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} => Wartość pomyślnie usunięto HKLM\Software\Classes\CLSID\{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} => klucz nie znaleziono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.pYrappltlppYr.vbs => pomyślnie przeniesiono "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.pYrappltlppYr.vbs" => nie znaleziono. C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\User => pomyślnie przeniesiono "HKLM\System\CurrentControlSet\Services\daeaService_1092541921" => pomyślnie usunięto daeaService_1092541921 => serwis pomyślnie usunięto C:\ProgramData\daeaService => pomyślnie przeniesiono C:\Users\Mati\Downloads\Odkurzacz-12322-AsystentPobierania.exe => pomyślnie przeniesiono C:\Users\Mati\Downloads\RegCleaner(dobreprogramy.pl).exe => pomyślnie przeniesiono C:\Users\Mati\Downloads\RegCleaner-11442-AsystentPobierania.exe => pomyślnie przeniesiono C:\ProgramData\Reimage Protector => pomyślnie przeniesiono C:\Program Files\Reimage => pomyślnie przeniesiono C:\WINDOWS\Reimage.ini => pomyślnie przeniesiono C:\rei => pomyślnie przeniesiono C:\Users\Mati\Downloads\ReimageRepair.exe => pomyślnie przeniesiono C:\Users\Mati\AppData\Local\svchost => pomyślnie przeniesiono C:\Users\Mati\AppData\Local\UCBrowser => pomyślnie przeniesiono C:\Program Files\LaCie Private Public => pomyślnie przeniesiono C:\Users\Mati\AppData\LocalLow\CelGrfgXIrZdI => pomyślnie przeniesiono C:\Program Files\8G3RQ4LFWH => pomyślnie przeniesiono C:\Users\Mati\AppData\Roaming\pwpbc0hmgny => pomyślnie przeniesiono C:\Users\Mati\AppData\Roaming\j4pv0swdiqw => pomyślnie przeniesiono C:\Users\Mati\AppData\Roaming\hgecfhwssht => pomyślnie przeniesiono C:\Users\Mati\AppData\Roaming\Easeware => pomyślnie przeniesiono C:\Users\Mati\AppData\Roaming\yvljcf0sph5 => pomyślnie przeniesiono C:\Program Files\ESKQBFV6BL => pomyślnie przeniesiono C:\Program Files\ZOMHLLJKCH => pomyślnie przeniesiono C:\Users\Mati\AppData\Local\installer.dat => pomyślnie przeniesiono C:\Disk => pomyślnie przeniesiono HKCU\Software\Mozilla => klucz nie znaleziono HKCU\Software\MozillaPlugins => klucz nie znaleziono HKLM\SOFTWARE\Mozilla => klucz nie znaleziono HKLM\SOFTWARE\MozillaPlugins => klucz nie znaleziono HKLM\SOFTWARE\Wow6432Node\Mozilla => klucz nie znaleziono HKLM\SOFTWARE\Wow6432Node\mozilla.org => klucz nie znaleziono "HKLM\SOFTWARE\Wow6432Node\MozillaPlugins" => pomyślnie usunięto "C:\Users\Mati\AppData\Local\Mozilla" => nie znaleziono. "C:\Users\Mati\AppData\Roaming\Mozilla" => nie znaleziono. "C:\Users\Mati\AppData\Roaming\Profiles" => nie znaleziono. ========= dir /a "C:\Program Files" ========= Volume in drive C has no label. Volume Serial Number is 6EAB-68A9 Directory of C:\Program Files 2017-12-13 18:48 . 2017-12-13 18:48 .. 2017-03-18 22:03 Common Files 2017-03-18 22:01 174 desktop.ini 2016-08-09 14:19 DIFX 2017-11-12 14:18 Easeware 2016-10-01 20:22 Embedded Lockdown Manager 2017-07-19 07:24 Intel 2017-09-14 01:04 Internet Explorer 2016-05-24 07:25 Microsoft Office 2017-07-19 07:54 MSBuild 2017-07-19 07:30 NVIDIA Corporation 2017-07-19 07:25 Realtek 2017-07-19 07:54 Reference Assemblies 2017-08-29 14:51 Rockstar Games 2016-02-13 18:48 Uninstall Information 2017-07-07 10:24 UNP 2017-07-19 08:15 Windows Defender 2017-09-14 01:04 Windows Mail 2017-03-20 05:00 Windows Media Player 2017-03-18 22:03 Windows Multimedia Platform 2017-07-19 07:52 Windows NT 2017-11-15 02:20 Windows Photo Viewer 2017-03-18 22:03 Windows Portable Devices 2017-03-18 22:03 Windows Security 2017-03-18 22:03 Windows Sidebar 2017-12-13 18:23 WindowsApps 2017-03-18 22:03 WindowsPowerShell 2016-05-24 07:24 WinRAR 1 File(s) 174 bytes 28 Dir(s) 166˙316˙883˙968 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Volume in drive C has no label. Volume Serial Number is 6EAB-68A9 Directory of C:\Program Files (x86) 2017-11-20 18:21 . 2017-11-20 18:21 .. 2017-04-12 21:37 ASUS 2017-07-19 07:30 Common Files 2017-03-18 22:01 174 desktop.ini 2016-06-30 14:07 directx 2017-11-20 18:21 Google 2017-07-15 00:36 InstallShield Installation Information 2016-05-23 20:28 Intel 2017-09-14 01:04 Internet Explorer 2016-08-17 12:26 Java 2016-05-24 07:26 Microsoft Analysis Services 2016-07-12 13:44 Microsoft ASP.NET 2017-07-15 00:09 Microsoft Games for Windows - LIVE 2016-05-24 07:28 Microsoft Office 2016-05-24 07:29 Microsoft SQL Server 2017-07-19 07:30 Microsoft.NET 2016-08-09 21:31 Mozilla Firefox 2017-07-19 21:06 Mr DJ 2017-07-19 07:54 MSBuild 2017-07-19 07:30 NVIDIA Corporation 2017-07-19 07:54 Reference Assemblies 2017-08-29 14:51 Rockstar Games 2017-11-12 14:44 UCBrowser 2017-07-19 07:25 Uninstall Information 2016-12-30 15:26 VulkanRT 2017-07-19 08:15 Windows Defender 2017-09-14 01:04 Windows Mail 2017-03-20 05:00 Windows Media Player 2017-03-18 22:03 Windows Multimedia Platform 2017-03-18 22:03 Windows NT 2017-11-15 02:20 Windows Photo Viewer 2017-03-18 22:03 Windows Portable Devices 2017-03-18 22:03 Windows Sidebar 2017-03-18 22:03 WindowsPowerShell 1 File(s) 174 bytes 34 Dir(s) 166˙316˙883˙968 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files\Common Files\System" ========= Volume in drive C has no label. Volume Serial Number is 6EAB-68A9 Directory of C:\Program Files\Common Files\System 2017-03-20 04:59 . 2017-03-20 04:59 .. 2017-07-19 08:04 ado 2017-03-18 21:59 32˙768 DirectDB.dll 2017-03-20 04:59 en-US 2017-03-20 04:59 msadc 2017-03-20 04:59 Ole DB 2017-03-20 04:59 pl-PL 2017-03-18 21:57 854˙528 wab32.dll 2017-03-18 21:57 964˙096 wab32res.dll 3 File(s) 1˙851˙392 bytes 7 Dir(s) 166˙316˙883˙968 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files\System" ========= Volume in drive C has no label. Volume Serial Number is 6EAB-68A9 Directory of C:\Program Files (x86)\Common Files\System 2017-07-19 07:30 . 2017-07-19 07:30 .. 2017-07-19 08:04 ado 2017-03-18 21:59 27˙648 DirectDB.dll 2017-03-20 04:59 en-US 2017-03-20 04:59 msadc 2016-05-27 09:53 MSMAPI 2017-07-19 07:30 Ole DB 2017-03-20 04:59 pl-PL 2017-03-18 21:58 741˙888 wab32.dll 2017-03-18 21:58 964˙096 wab32res.dll 3 File(s) 1˙733˙632 bytes 8 Dir(s) 166˙316˙883˙968 bytes free ========= Koniec CMD: ========= ========= dir /a C:\ProgramData ========= Volume in drive C has no label. Volume Serial Number is 6EAB-68A9 Directory of C:\ProgramData 2017-12-13 18:48 . 2017-12-13 18:48 .. 2017-12-12 22:08 ASUS Smart Gesture 2017-11-27 20:56 AVAST Software 2016-07-16 12:47 Comms 2017-11-12 14:32 CupCheck 2016-05-25 11:01 DAEMON Tools Lite 2016-05-23 20:11 Dane aplikacji [C:\ProgramData] 2016-05-23 20:11 Dokumenty [C:\Users\Public\Documents] 2017-07-19 07:25 0 DP45977C.lfl 2017-06-30 16:51 Electronic Arts 2016-06-07 19:06 HP 2016-08-07 14:06 IObit 2017-11-27 21:45 LCFApp 2016-05-23 20:11 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 2017-07-23 23:07 Microsoft 2017-12-12 19:49 Microsoft Help 2017-07-19 07:56 Microsoft OneDrive 2017-12-06 19:39 266 ntuser.pol 2017-12-13 18:47 NVIDIA 2017-07-19 07:30 NVIDIA Corporation 2016-12-30 14:37 6˙776 NvTelemetryContainer.log 2016-12-29 01:03 2˙938 NvTelemetryContainer.log_backup1 2016-08-17 12:27 Oracle 2016-06-28 15:20 Origin 2017-06-30 15:58 Package Cache 2016-12-27 13:32 PCGameBoost 2016-08-24 15:47 PearlMountain 2016-12-27 13:32 ProductData 2016-05-23 20:11 Pulpit [C:\Users\Public\Desktop] 2017-07-19 07:32 regid.1991-06.com.microsoft 2017-12-12 22:13 32 rwi.aead 2017-07-22 23:58 SecuROM 2017-04-12 21:36 SetupTPDriver 2016-05-25 13:10 Socialclub 2017-03-18 22:03 SoftwareDistribution 2016-05-25 13:10 Steam 2016-05-23 20:11 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 2017-11-12 14:32 Thunder Network 2017-07-19 07:32 USOPrivate 2017-07-19 07:32 USOShared 2017-11-12 14:37 Windows 2017-03-20 05:01 WindowsHolographicDevices 5 File(s) 10˙012 bytes 38 Dir(s) 166˙316˙879˙872 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Mati\AppData\Local ========= Volume in drive C has no label. Volume Serial Number is 6EAB-68A9 Directory of C:\Users\Mati\AppData\Local 2017-12-13 18:48 . 2017-12-13 18:48 .. 2016-05-24 07:15 ActiveSync 2016-07-17 21:06 Adobe 2017-11-19 20:17 Apple Computer 2016-05-26 11:21 Apps 2016-07-15 22:31 CEF 2016-12-29 01:00 Chromium 2016-05-24 07:13 Comms 2016-10-12 16:47 ConnectedDevicesPlatform 2017-12-09 16:37 CrashDumps 2017-06-18 21:26 CrashRpt 2017-07-19 07:26 Dane aplikacji [C:\Users\Mati\AppData\Local] 2017-07-22 23:58 DBG 2017-12-05 15:51 Diagnostics 2016-05-25 11:57 Disc_Soft_Ltd 2017-02-03 16:51 ElevatedDiagnostics 2016-05-23 20:34 EmieBrowserModeList 2016-08-17 12:27 EmieSiteList 2016-08-17 12:27 EmieUserList 2016-07-22 19:20 FrondOfter 2017-04-25 21:45 GOG.com 2016-10-29 21:46 Google 2016-05-23 20:28 GWX 2017-07-19 07:26 Historia [C:\Users\Mati\AppData\Local\Microsoft\Windows\History] 2017-11-15 02:14 190˙303 IconCache.db 2017-11-12 14:31 Microsoft 2016-10-15 14:17 Microsoft Help 2016-05-24 07:37 MicrosoftEdge 2016-05-24 07:33 NetworkTiles 2016-12-30 15:30 NVIDIA 2017-01-12 21:39 NVIDIA Corporation 2017-11-08 23:23 Packages 2016-05-25 10:58 PreysDotages 2016-05-25 11:06 Programs 2016-05-24 07:15 Publishers 2016-05-26 11:15 ReunificationsProctoscopes 2017-07-22 23:59 Rockstar Games 2016-06-30 14:12 RowdyishRosemaries 2016-08-21 21:26 Sniper3 2017-03-26 21:43 speech 2017-01-02 18:14 Steam 2017-03-11 17:38 TeamSpeak 3 2017-12-13 18:28 Temp 2017-07-19 07:26 Temporary Internet Files [C:\Users\Mati\AppData\Local\Microsoft\Windows\INetCache] 2016-05-24 07:13 TileDataLayer 2017-06-30 10:24 Ubisoft Game Launcher 2017-04-14 13:56 UNP 2017-03-08 21:52 VirtualStore 1 File(s) 190˙303 bytes 48 Dir(s) 166˙316˙875˙776 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Mati\AppData\LocalLow ========= Volume in drive C has no label. Volume Serial Number is 6EAB-68A9 Directory of C:\Users\Mati\AppData\LocalLow 2017-12-13 18:48 . 2017-12-13 18:48 .. 2016-05-23 20:35 EmieBrowserModeList 2016-08-17 12:27 EmieSiteList 2016-08-17 12:27 EmieUserList 2016-12-10 17:26 Microsoft 2016-12-27 13:32 PCGameBoost 2016-06-14 16:46 SKS 2016-08-17 12:27 Sun 2017-11-12 14:46 Temp 2017-12-03 19:41 Unity 2017-12-03 13:58 uTorrent 0 File(s) 0 bytes 12 Dir(s) 166˙316˙879˙872 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Mati\AppData\Roaming ========= Volume in drive C has no label. Volume Serial Number is 6EAB-68A9 Directory of C:\Users\Mati\AppData\Roaming 2017-12-13 18:48 . 2017-12-13 18:48 .. 2016-08-20 22:11 .minecraft 2017-11-12 15:19 Adobe 2017-12-09 16:34 Audacity 2016-05-25 11:06 DAEMON Tools Lite 2017-05-17 20:54 Google 2016-07-10 15:40 Macromedia 2017-11-12 14:13 Microsoft 2017-06-18 21:26 NVIDIA 2016-12-27 13:32 PCGameBoost 2016-08-24 15:47 PearlMountain 2016-08-24 21:35 Skype 2017-12-03 19:33 SmartSteamEmu 2016-10-15 19:06 Steam 2016-08-17 12:27 Sun 2017-11-12 14:32 Temp 2017-06-24 14:01 TS3Client 2017-12-03 23:15 uTorrent 2016-07-15 22:30 Wargaming.net 2016-07-24 23:50 110 WB.CFG 2016-05-26 12:07 Winamp 2017-12-06 19:28 Windows 2016-05-25 10:54 WinRAR 2016-07-28 16:51 {7DD994B7-175D-B430-00E0-27AFC18544CF} 1 File(s) 110 bytes 24 Dir(s) 166˙316˙871˙680 bytes free ========= Koniec CMD: ========= VirusTotal: C:\WINDOWS\system32\Drivers\VqipJuxB.sys => https://www.virustotal.com/file/292ba04d8996140255e4b6105015c2a640890befb6c022e30e0d9cbf45d5f4db/analysis/1513187311/ C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 6053888 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 130081854 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 1776948 B Edge => 20341099 B Chrome => 221332544 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 219510 B systemprofile32 => 128 B LocalService => 5790 B NetworkService => 665370 B Mati => 70059677 B RecycleBin => 0 B EmptyTemp: => 429.7 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 18:51:13 ====