Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 21-12-2016 Uruchomiony przez Mateusz (28-12-2016 14:05:13) Run:1 Uruchomiony z C:\Users\Mateusz\Desktop\Logi\frst\nowe Załadowane profile: Mateusz (Dostępne profile: Mateusz) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: GroupPolicy: Ograniczenia - Chrome <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191&q={searchTerms} HKU\S-1-5-21-1394664871-1245148921-295335108-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191 HKU\S-1-5-21-1394664871-1245148921-295335108-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191 SearchScopes: HKU\S-1-5-21-1394664871-1245148921-295335108-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191&q={searchTerms} SearchScopes: HKU\S-1-5-21-1394664871-1245148921-295335108-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191&q={searchTerms} Edge HomeButtonPage: HKU\S-1-5-21-1394664871-1245148921-295335108-1001 -> hxxp://www.amisites.com/?type=hp&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191 CHR HomePage: Default -> hxxp://www.amisites.com/?type=hp&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191 CHR StartupUrls: Default -> "hxxp://www.amisites.com/?type=hp&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191" CHR DefaultSearchURL: Default -> hxxp://www.amisites.com/search/?type=ds&ts=1482918985&z=3be66eed87322d615669afegfz8b0o3tbgeb3t6b7z&from=che0812&uid=GOODRAM_8EFA076603E704651191&q={searchTerms} CHR DefaultSearchKeyword: Default -> amisites S3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [877056 2016-12-28] () [Brak podpisu cyfrowego] <==== UWAGA R2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== UWAGA R2 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [788480 2016-12-27] () [Brak podpisu cyfrowego] R2 Convxxxx; C:\Users\Mateusz\AppData\Roaming\behae\UvConverter.exe [393216 2016-12-27] (Copyright © 2016) [Brak podpisu cyfrowego] C:\Program Files (x86)\WinArcher C:\Users\Mateusz\AppData\Roaming\behae C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash\Wrye Bash - Extra 1.lnk C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash\Wrye Bash - Extra 1 (Debug Log).lnk DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Users\Mateusz\AppData\Local\Mozilla C:\Users\Mateusz\AppData\Roaming\Mozilla C:\Users\Mateusz\AppData\Roaming\Profiles Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-21\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files\System" CMD: dir /a "C:\Program Files (x86)\Common Files\System" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Mateusz\AppData\Local CMD: dir /a C:\Users\Mateusz\AppData\LocalLow CMD: dir /a C:\Users\Mateusz\AppData\Roaming Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\Themes /s EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-1394664871-1245148921-295335108-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-1394664871-1245148921-295335108-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-1394664871-1245148921-295335108-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKU\S-1-5-21-1394664871-1245148921-295335108-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-1394664871-1245148921-295335108-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => Wartość pomyślnie usunięto Chrome HomePage => pomyślnie usunięto Chrome StartupUrls => pomyślnie usunięto Chrome DefaultSearchURL => pomyślnie usunięto Chrome DefaultSearchKeyword => pomyślnie usunięto iThemes5 => serwis pomyślnie usunięto hklm\System\CurrentControlSet\Services\Themes\\DependOnService => Wartość pomyślnie usunięto Archer => serwis pomyślnie usunięto Convxxxx => serwis pomyślnie usunięto C:\Program Files (x86)\WinArcher => pomyślnie przeniesiono C:\Users\Mateusz\AppData\Roaming\behae => pomyślnie przeniesiono C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash\Wrye Bash - Extra 1.lnk => pomyślnie przeniesiono C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash\Wrye Bash - Extra 1 (Debug Log).lnk => pomyślnie przeniesiono HKCU\Software\Mozilla => niepowodzenie przy usuwaniu klucz.: incorrect path. HKCU\Software\MozillaPlugins => niepowodzenie przy usuwaniu klucz.: incorrect path. HKLM\SOFTWARE\Mozilla => niepowodzenie przy usuwaniu klucz. ErrorCode: 0xC000000D HKLM\SOFTWARE\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Mozilla => niepowodzenie przy usuwaniu klucz. ErrorCode: 0xC000000D HKLM\SOFTWARE\Wow6432Node\mozilla.org => niepowodzenie przy usuwaniu klucz. ErrorCode: 0xC000000D HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => klucz pomyślnie usunięto "C:\Users\Mateusz\AppData\Local\Mozilla" => nie znaleziono. "C:\Users\Mateusz\AppData\Roaming\Mozilla" => nie znaleziono. C:\Users\Mateusz\AppData\Roaming\Profiles => pomyślnie przeniesiono ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-21\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= dir /a "C:\Program Files" ========= Volume in drive C is SSD Volume Serial Number is E40B-19CD Directory of C:\Program Files 20.12.2016 11:39 . 20.12.2016 11:39 .. 16.07.2016 10:35 CCleaner 16.07.2016 09:05 cFosSpeed 15.10.2016 11:07 Common Files 16.07.2016 08:14 CPUID 16.07.2016 12:45 174 desktop.ini 16.07.2016 08:54 Intel 11.12.2016 01:54 Internet Explorer 16.07.2016 03:25 Java 15.07.2016 22:02 KMSpico 19.10.2016 14:55 Microsoft Office 16.07.2016 03:24 Microsoft Silverlight 11.11.2016 11:41 MotioninJoy 23.09.2016 09:54 MSBuild 16.07.2016 03:21 Nahimic 25.11.2016 15:53 Nexus Mod Manager 15.12.2016 18:43 NVIDIA Corporation 20.12.2016 11:47 Rainmeter 23.09.2016 09:01 Realtek 23.09.2016 09:54 Reference Assemblies 15.07.2016 21:55 SteelSeries 23.07.2016 18:18 SumatraPDF 15.07.2016 22:29 TeamSpeak 3 Client 13.02.2016 18:48 Uninstall Information 16.07.2016 03:26 VideoLAN 23.09.2016 09:57 Windows Defender 12.10.2016 22:55 Windows Mail 28.10.2016 14:54 Windows Media Player 16.07.2016 12:47 Windows Multimedia Platform 23.09.2016 09:05 Windows NT 12.10.2016 22:55 Windows Photo Viewer 16.07.2016 12:47 Windows Portable Devices 16.07.2016 12:47 Windows Sidebar 23.12.2016 11:01 WindowsApps 16.07.2016 12:47 WindowsPowerShell 02.12.2016 11:50 WinRAR 1 File(s) 174 bytes 36 Dir(s) 56˙616˙075˙264 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Volume in drive C is SSD Volume Serial Number is E40B-19CD Directory of C:\Program Files (x86) 28.12.2016 14:05 . 28.12.2016 14:05 .. 15.12.2016 19:41 Adobe 15.12.2016 19:41 ASM104xUSB3 28.12.2016 10:36 Battle.net 15.12.2016 19:41 Battlelog Web Plugins 15.12.2016 19:41 Common Files 16.07.2016 12:45 174 desktop.ini 15.12.2016 19:41 foobar2000 15.12.2016 19:41 GIGABYTE 27.12.2016 13:41 gmvtdc3g 22.12.2016 21:06 Google 15.12.2016 19:41 GPU-Z 27.12.2016 13:43 Gubed 24.12.2016 12:22 Hi-Rez Studios 15.12.2016 19:41 HP 15.12.2016 23:46 InstallShield Installation Information 15.12.2016 19:41 Intel 15.12.2016 19:41 Internet Explorer 15.12.2016 19:41 JAM Software 15.12.2016 19:41 Java 15.12.2016 19:41 K-Lite Codec Pack 15.12.2016 19:41 Livestreamer 15.12.2016 19:41 Malwarebytes Anti-Malware 15.12.2016 19:41 Microsoft Analysis Services 15.12.2016 19:41 Microsoft Office 15.12.2016 19:41 Microsoft Silverlight 15.12.2016 19:41 Microsoft SQL Server Compact Edition 15.12.2016 19:41 Microsoft Synchronization Services 15.12.2016 19:41 Microsoft.NET 15.12.2016 19:41 MSBuild 15.12.2016 19:41 MSI 15.12.2016 19:41 MSI Afterburner 15.12.2016 19:41 NapiProjekt 15.12.2016 19:41 NCH Software 15.12.2016 19:41 NVIDIA Corporation 15.12.2016 19:41 Origin Games 15.12.2016 19:41 qBittorrent 15.12.2016 19:41 Realtek 15.12.2016 19:41 Reference Assemblies 27.12.2016 13:41 Sheregh 15.12.2016 19:41 Stardock 28.12.2016 12:07 Steam 15.12.2016 19:41 Temp 15.12.2016 19:41 Uninstall Information 28.12.2016 10:56 UvConverter 15.12.2016 19:41 VulkanRT 23.09.2016 09:57 Windows Defender 15.12.2016 19:41 Windows Mail 15.12.2016 19:41 Windows Media Player 15.12.2016 19:41 Windows Multimedia Platform 15.12.2016 19:41 Windows NT 15.12.2016 19:41 Windows Photo Viewer 15.12.2016 19:41 Windows Portable Devices 15.12.2016 19:41 Windows Sidebar 15.12.2016 19:41 WindowsPowerShell 1 File(s) 174 bytes 55 Dir(s) 56˙616˙071˙168 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files\Common Files\System" ========= Volume in drive C is SSD Volume Serial Number is E40B-19CD Directory of C:\Program Files\Common Files\System 16.07.2016 23:04 . 16.07.2016 23:04 .. 16.07.2016 23:04 ado 16.07.2016 12:43 32˙256 DirectDB.dll 16.07.2016 23:04 en-US 16.07.2016 23:04 msadc 16.07.2016 23:04 Ole DB 16.07.2016 23:04 pl-PL 16.07.2016 12:42 867˙840 wab32.dll 16.07.2016 12:42 964˙096 wab32res.dll 3 File(s) 1˙864˙192 bytes 7 Dir(s) 56˙616˙071˙168 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files\System" ========= Volume in drive C is SSD Volume Serial Number is E40B-19CD Directory of C:\Program Files (x86)\Common Files\System 16.07.2016 23:04 . 16.07.2016 23:04 .. 16.07.2016 23:04 ado 16.07.2016 12:43 28˙160 DirectDB.dll 16.07.2016 23:04 en-US 16.07.2016 23:04 msadc 19.10.2016 14:55 Ole DB 16.07.2016 23:04 pl-PL 16.07.2016 12:42 753˙152 wab32.dll 16.07.2016 12:42 964˙096 wab32res.dll 3 File(s) 1˙745˙408 bytes 7 Dir(s) 56˙616˙071˙168 bytes free ========= Koniec CMD: ========= ========= dir /a C:\ProgramData ========= Volume in drive C is SSD Volume Serial Number is E40B-19CD Directory of C:\ProgramData 28.12.2016 14:05 . 28.12.2016 14:05 .. 20.08.2016 21:22 .mono 16.07.2016 03:24 Adobe 15.08.2016 16:11 Battle.net 15.08.2016 16:21 Blizzard Entertainment 16.07.2016 09:01 cFos 16.07.2016 12:47 Comms 04.11.2016 16:13 Conexant 16.07.2016 01:02 Dane aplikacji [C:\ProgramData] 16.07.2016 01:02 Dokumenty [C:\Users\Public\Documents] 23.09.2016 09:01 0 DP45977C.lfl 15.10.2016 12:19 Electronic Arts 29.07.2016 23:30 Futuremark 15.12.2016 23:47 Hi-Rez Studios 30.11.2016 17:06 HP 30.11.2016 17:07 367 hpzinstall.log 16.07.2016 08:53 Intel 23.07.2016 18:14 Malwarebytes 16.07.2016 01:02 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 19.10.2016 14:55 Microsoft 19.10.2016 14:55 Microsoft Help 23.09.2016 09:09 Microsoft OneDrive 09.08.2016 20:31 NCH Software 15.12.2016 19:40 266 ntuser.pol 28.12.2016 14:05 NVIDIA 15.12.2016 18:55 NVIDIA Corporation 28.12.2016 14:05 0 NvTelemetryContainer.log 28.12.2016 10:27 7˙936 NvTelemetryContainer.log_backup1 16.07.2016 03:25 Oracle 27.12.2016 01:01 Origin 15.12.2016 23:46 Package Cache 16.07.2016 01:02 Pulpit [C:\Users\Public\Desktop] 23.09.2016 09:01 regid.1991-06.com.microsoft 06.08.2016 17:48 Socialclub 16.07.2016 12:47 SoftwareDistribution 20.11.2016 01:20 Stardock 06.08.2016 17:48 Steam 15.07.2016 21:55 SteelSeries 16.07.2016 01:02 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 23.09.2016 09:09 USOPrivate 23.09.2016 09:09 USOShared 28.12.2016 10:56 WinSAPSvc 11.11.2016 11:45 X360CE 5 File(s) 8˙569 bytes 39 Dir(s) 56˙616˙067˙072 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Mateusz\AppData\Local ========= Volume in drive C is SSD Volume Serial Number is E40B-19CD Directory of C:\Users\Mateusz\AppData\Local 28.12.2016 10:28 . 28.12.2016 10:28 .. 15.08.2016 16:12 ActiveSync 19.08.2016 22:33 Apps 28.12.2016 13:57 Battle.net 25.11.2016 16:23 Black_Tree_Gaming 20.08.2016 21:22 Blizzard 15.07.2016 21:48 Blizzard Entertainment 16.07.2016 03:26 CEF 16.07.2016 09:05 cFos 15.12.2016 18:44 Chromium 16.07.2016 09:53 Clover 16.07.2016 02:13 Comms 23.09.2016 09:09 ConnectedDevicesPlatform 01.11.2016 00:39 CrashDumps 23.09.2016 09:02 Dane aplikacji [C:\Users\Mateusz\AppData\Local] 25.12.2016 22:29 Deployment 09.12.2016 11:10 Diagnostics 10.09.2016 13:08 Discord 30.11.2016 16:58 ElevatedDiagnostics 15.07.2016 21:40 FluxSoftware 29.07.2016 23:30 Futuremark 01.11.2016 01:04 GIGABYTE 22.12.2016 21:34 Google 15.12.2016 23:46 HirezLauncherUI 23.09.2016 09:02 Historia [C:\Users\Mateusz\AppData\Local\Microsoft\Windows\History] 28.12.2016 02:29 86˙675 IconCache.db 15.12.2016 19:41 Lvireerse 30.11.2016 17:08 Microsoft 15.12.2016 16:04 Microsoft Help 16.07.2016 03:22 MicrosoftEdge 17.07.2016 11:18 NahimicMSI1.2.12 10.08.2016 16:26 NVIDIA 15.12.2016 18:43 NVIDIA Corporation 25.10.2016 15:56 Origin 02.12.2016 11:12 Packages 15.07.2016 21:37 Programs 16.07.2016 02:12 Publishers 16.07.2016 09:11 qBittorrent 18.07.2016 20:37 17 resmon.resmoncfg 06.08.2016 17:48 Rockstar Games 16.11.2016 18:42 SimulationCraft 25.11.2016 16:21 Skyrim 01.10.2016 14:41 speech 27.12.2016 17:22 Spotify 10.09.2016 13:08 SquirrelTemp 20.11.2016 01:20 Stardock 15.12.2016 19:42 Steam 28.12.2016 14:07 Temp 23.09.2016 09:02 Temporary Internet Files [C:\Users\Mateusz\AppData\Local\Microsoft\Windows\INetCache] 16.07.2016 01:07 TileDataLayer 16.07.2016 01:07 VirtualStore 2 File(s) 86˙692 bytes 50 Dir(s) 56˙616˙062˙976 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Mateusz\AppData\LocalLow ========= Volume in drive C is SSD Volume Serial Number is E40B-19CD Directory of C:\Users\Mateusz\AppData\LocalLow 20.08.2016 21:22 . 20.08.2016 21:22 .. 20.08.2016 21:22 Blizzard Entertainment 06.08.2016 17:54 Microsoft 16.07.2016 03:25 Oracle 16.07.2016 03:25 Sun 23.07.2016 11:34 Temp 0 File(s) 0 bytes 7 Dir(s) 56˙616˙067˙072 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Mateusz\AppData\Roaming ========= Volume in drive C is SSD Volume Serial Number is E40B-19CD Directory of C:\Users\Mateusz\AppData\Roaming 28.12.2016 14:07 . 28.12.2016 14:07 .. 20.08.2016 21:22 .mono 15.08.2016 15:25 Adobe 15.08.2016 16:21 Battle.net 19.08.2016 22:35 Curse Advertising 06.12.2016 20:18 discord 28.12.2016 10:57 foobar2000 15.12.2016 20:06 Gerlspgerwoght 08.12.2016 23:16 JAM Software 12.08.2016 20:31 livestreamer 16.07.2016 03:24 Macromedia 15.07.2016 22:47 MAXON 19.12.2016 19:51 Microsoft 02.11.2016 18:54 MPC-HC 17.09.2016 20:47 NapiProjekt 11.08.2016 18:59 NCH Software 26.07.2016 13:28 NVIDIA 27.12.2016 00:57 Origin 26.12.2016 20:59 qBittorrent 20.12.2016 11:47 Rainmeter 14.12.2016 22:40 SimulationCraft 23.09.2016 09:10 Skype 27.12.2016 17:20 Spotify 20.11.2016 01:20 Stardock 24.12.2016 12:37 steelseries-engine-3-client 23.07.2016 18:19 SumatraPDF 16.07.2016 03:25 Sun 09.08.2016 20:32 1˙167 trace_FilterInstaller.1.txt 11.08.2016 18:59 905 trace_FilterInstaller.txt 11.08.2016 18:59 0 trace_FilterInstaller.txt-CRT.txt 28.12.2016 01:39 TS3Client 26.12.2016 17:12 vlc 15.07.2016 21:54 WinRAR 3 File(s) 2˙072 bytes 31 Dir(s) 56˙616˙058˙880 bytes free ========= Koniec CMD: ========= ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\Themes /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes Start REG_DWORD 0x2 DisplayName REG_SZ @%SystemRoot%\System32\themeservice.dll,-8192 ErrorControl REG_DWORD 0x1 Group REG_SZ ProfSvc_Group ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs Type REG_DWORD 0x20 Description REG_SZ @%SystemRoot%\System32\themeservice.dll,-8193 ObjectName REG_SZ LocalSystem RequiredPrivileges REG_MULTI_SZ SeAssignPrimaryTokenPrivilege\0SeDebugPrivilege\0SeImpersonatePrivilege FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\themeservice.dll ServiceDllUnloadOnStop REG_DWORD 0x1 ServiceMain REG_SZ ThemeServiceMain ========= Koniec Reg: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 283108711 B Java, Flash, Steam htmlcache => 703333945 B Windows/system/drivers => 8409981 B Edge => 8001571 B Chrome => 787463870 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 148674 B Mateusz => 2130208609 B RecycleBin => 206509 B EmptyTemp: => 3.7 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 14:08:15 ====