Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 25-08-2023 Uruchomiony przez rafal (25-08-2023 21:17:21) Run:1 Uruchomiony z C:\Users\rafal\Downloads Załadowane profile: rafal & rafal_2pz6a8w Tryb startu: Normal ============================================== fixlist - zawartość: ***************** SystemRestore: On CreateRestorePoint: CloseProcesses: EmptyTemp: File: C:\Users\rafal\AppData\Local\ypsx_cloud_v2\rhc.exe File: C:\Users\rafal\AppData\Local\ypsx_cloud_v2\wdcloud_v2.exe Task: {0ADCFFAC-CD2A-42D1-9A12-21D4D2FFD6EE} - System32\Tasks\WDNA => rhc.exe -> php.exe index.php Task: {AD1F90C4-8886-4868-97E8-20F5A9EBAB57} - System32\Tasks\WDNA_LG => Command(1): rhc.exe -> php.exe include.php <==== UWAGA Task: {AD1F90C4-8886-4868-97E8-20F5A9EBAB57} - System32\Tasks\WDNA_LG => Command(2): rhc.exe -> php.exe index.php <==== UWAGA Task: {419AE415-FEB6-4E09-9536-1E45E821212C} - System32\Tasks\YTPX Cloud LG => C:\Users\rafal\AppData\Local\ypsx_cloud_v2\rhc.exe [1536 2023-08-14] () [Brak podpisu cyfrowego] -> wdcloud_v2.exe <==== UWAGA Task: {64AF9DDC-91DA-4745-B8B9-21D83DD94936} - System32\Tasks\YTPXCheck => rhc.exe -> php.exe keep_play.php Task: {F4B695B7-72AA-44C0-AAF2-B3AFBF743588} - System32\Tasks\YTPXCheck LG => rhc.exe -> php.exe keep_play.php AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10292] HKU\S-1-5-21-1705589361-728360065-3321163868-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.gazeta.pl/0,0.html?p=190 2023-08-14 14:51 - 2023-08-14 14:51 - 000003820 _____ C:\Windows\system32\Tasks\YTPXCheck 2023-08-14 14:51 - 2023-08-14 14:51 - 000003382 _____ C:\Windows\system32\Tasks\YTPX Cloud LG 2023-08-14 14:51 - 2023-08-14 14:51 - 000003364 _____ C:\Windows\system32\Tasks\YTPXCheck LG 2023-08-14 14:51 - 2023-08-14 14:51 - 000000000 ____D C:\Users\rafal\AppData\Local\ypsx_cloud_v2 2023-08-12 14:48 - 2023-08-15 18:13 - 000003796 _____ C:\Windows\system32\Tasks\WDNA 2023-08-12 14:48 - 2023-08-12 14:48 - 000003758 _____ C:\Windows\system32\Tasks\WDNA_LG 2023-08-12 14:48 - 2023-08-12 14:48 - 000000000 ____D C:\Users\rafal\AppData\Roaming\johnsadventures.com 2023-08-12 14:48 - 2023-08-12 14:48 - 000000000 ____D C:\Users\rafal\AppData\Local\johnsadventures.com FirewallRules: [TCP Query User{FC5837F3-3A2D-4AA5-BFFE-A2453655A952}C:\users\rafal\appdata\local\discord\app-1.0.9010\discord.exe] => (Allow) C:\users\rafal\appdata\local\discord\app-1.0.9010\discord.exe => Brak pliku FirewallRules: [UDP Query User{A0BEB211-34A8-45BC-8760-C398B88D773D}C:\users\rafal\appdata\local\discord\app-1.0.9010\discord.exe] => (Allow) C:\users\rafal\appdata\local\discord\app-1.0.9010\discord.exe => Brak pliku FirewallRules: [TCP Query User{CDEF4D75-D8FB-4104-B346-C277478DAFEB}D:\diablo iv - beta\diablo iv.exe] => (Allow) D:\diablo iv - beta\diablo iv.exe => Brak pliku FirewallRules: [UDP Query User{D19502E7-034F-433C-BEC5-EE21983E51BE}D:\diablo iv - beta\diablo iv.exe] => (Allow) D:\diablo iv - beta\diablo iv.exe => Brak pliku FirewallRules: [{197F71DA-303B-44BA-AE15-ACCD7E670693}] => (Block) D:\diablo iv - beta\diablo iv.exe => Brak pliku FirewallRules: [{1192CD11-1EF0-4A2A-9880-6D722304EBAB}] => (Block) D:\diablo iv - beta\diablo iv.exe => Brak pliku FirewallRules: [TCP Query User{1558D4D5-EE42-4C35-B906-04618F7DD3C6}D:\pobrane pliki\frozenheim archetypes-goldberg\frozenheim.archetypes-goldberg\frozenheim\binaries\win64\frozenheim-win64-shipping.exe] => (Allow) D:\pobrane pliki\frozenheim archetypes-goldberg\frozenheim.archetypes-goldberg\frozenheim\binaries\win64\frozenheim-win64-shipping.exe => Brak pliku FirewallRules: [UDP Query User{564F229B-7D29-4586-ADDB-FBB3E47456CD}D:\pobrane pliki\frozenheim archetypes-goldberg\frozenheim.archetypes-goldberg\frozenheim\binaries\win64\frozenheim-win64-shipping.exe] => (Allow) D:\pobrane pliki\frozenheim archetypes-goldberg\frozenheim.archetypes-goldberg\frozenheim\binaries\win64\frozenheim-win64-shipping.exe => Brak pliku FirewallRules: [{A3E4B43B-DABA-47E9-8436-A110B444BD75}] => (Block) D:\pobrane pliki\frozenheim archetypes-goldberg\frozenheim.archetypes-goldberg\frozenheim\binaries\win64\frozenheim-win64-shipping.exe => Brak pliku FirewallRules: [{086B864E-DEB8-4AB5-8CD3-9D9793C24D9E}] => (Block) D:\pobrane pliki\frozenheim archetypes-goldberg\frozenheim.archetypes-goldberg\frozenheim\binaries\win64\frozenheim-win64-shipping.exe => Brak pliku FirewallRules: [TCP Query User{10FC3551-5069-4C80-9EF6-C9F5B9BEE432}D:\uncharted 4 legacy of thieves collection\u4.exe] => (Allow) D:\uncharted 4 legacy of thieves collection\u4.exe => Brak pliku FirewallRules: [UDP Query User{4DBD4122-160E-4547-9A11-53E7A957C1F2}D:\uncharted 4 legacy of thieves collection\u4.exe] => (Allow) D:\uncharted 4 legacy of thieves collection\u4.exe => Brak pliku FirewallRules: [{83765A1C-D2EB-4A0D-9973-E64823F925D8}] => (Block) D:\uncharted 4 legacy of thieves collection\u4.exe => Brak pliku FirewallRules: [{52E796DC-BD50-4DDE-8D6B-7D587556F88F}] => (Block) D:\uncharted 4 legacy of thieves collection\u4.exe => Brak pliku FirewallRules: [TCP Query User{89497D87-B253-46AA-AD40-F9E0AABAB2F2}D:\uncharted 4 legacy of thieves collection\tll.exe] => (Allow) D:\uncharted 4 legacy of thieves collection\tll.exe => Brak pliku FirewallRules: [UDP Query User{CDA31E25-D102-4E09-8C79-BCEAC132643A}D:\uncharted 4 legacy of thieves collection\tll.exe] => (Allow) D:\uncharted 4 legacy of thieves collection\tll.exe => Brak pliku FirewallRules: [{E44671D5-990B-4CA2-A8B7-D5ABDAD28A04}] => (Block) D:\uncharted 4 legacy of thieves collection\tll.exe => Brak pliku FirewallRules: [{71F124AB-E2D6-402D-BDCA-79F4EB234114}] => (Block) D:\uncharted 4 legacy of thieves collection\tll.exe => Brak pliku FirewallRules: [TCP Query User{F0485304-89C6-4B26-97E8-3C398A8D41B6}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => Brak pliku FirewallRules: [UDP Query User{9EEB7FE8-0DB3-4D34-8318-62E44055B3A8}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => Brak pliku FirewallRules: [{EC71C1A5-D4A6-4931-AAC2-EDE588207C8A}] => (Block) C:\riot games\riot client\riotclientservices.exe => Brak pliku FirewallRules: [{59AFA6C3-9CC4-4500-A560-96581E57F9DB}] => (Block) C:\riot games\riot client\riotclientservices.exe => Brak pliku HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\Run: [ProductAuthenticationService] => C:\Users\rafal\AppData\Roaming\ProductAuthenticationService\pas.exe [1003024 2023-02-18] (DVJ LIMITED -> DVJ LIMITED) <==== UWAGA HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (Brak pliku) HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\MountPoints2: {aaeb104a-938f-11ed-aca6-806e6f6e6963} - "K:\LaunchU3.exe" -a HKU\S-1-5-21-1705589361-728360065-3321163868-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\rafal_2pz6a8w\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (Brak pliku) HKU\S-1-5-21-1705589361-728360065-3321163868-1002\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rafal_2pz6a8w\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" [0 2023-01-25] () <==== UWAGA [zerobajtowy plik/folder] HKU\S-1-5-21-1705589361-728360065-3321163868-1002\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rafal_2pz6a8w\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" [0 2023-01-25] () <==== UWAGA [zerobajtowy plik/folder] Task: {190BB177-41AC-400D-A81F-E1BE6908F024} - System32\Tasks\svcupdater => C:\Users\rafal\AppData\Roaming\Win32Sync\svcupdater.exe [1617454080 2023-02-18] (A˜uslogics) [Brak podpisu cyfrowego] <==== UWAGA Task: {AD1F90C4-8886-4868-97E8-20F5A9EBAB57} - System32\Tasks\WDNA_LG => Command(1): rhc.exe -> php.exe include.php <==== UWAGA Task: {AD1F90C4-8886-4868-97E8-20F5A9EBAB57} - System32\Tasks\WDNA_LG => Command(2): rhc.exe -> php.exe index.php <==== UWAGA Task: {419AE415-FEB6-4E09-9536-1E45E821212C} - System32\Tasks\YTPX Cloud LG => C:\Users\rafal\AppData\Local\ypsx_cloud_v2\rhc.exe [1536 2023-08-14] () [Brak podpisu cyfrowego] -> wdcloud_v2.exe <==== UWAGA Tcpip\..\Interfaces\{d092d774-d3a5-4913-9cd6-1e89324e5aa5}: [DhcpNameServer] 192.168.1.1 S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X] CMD: dir /a "C:\Users\rafal\AppData\Roaming" CMD: dir /a "C:\Users\rafal\AppData\Local" ***************** SystemRestore: On => ukończone Punkt przywracania został pomyślnie utworzony. Procesy zostały pomyślnie zamknięte. ========================= File: C:\Users\rafal\AppData\Local\ypsx_cloud_v2\rhc.exe ======================== C:\Users\rafal\AppData\Local\ypsx_cloud_v2\rhc.exe Brak podpisu cyfrowego MD5: ABC6379205DE2618851C4FCBF72112EB Data utworzenia i modyfikacji: 2023-08-14 14:51 - 2023-08-14 14:51 Rozmiar: 000001536 Atrybuty: ----A Firma: Wewnętrzna nazwa: Oryginalna nazwa: Produkt: Opis: Plik Wersja: Produkt Wersja: Prawa autorskie: VirusTotal: https://www.virustotal.com/gui/file/22e7528e56dffaa26cfe722994655686c90824b13eb51184abfe44d4e95d473f/detection/f-22e7528e56dffaa26cfe722994655686c90824b13eb51184abfe44d4e95d473f-1692907270 ====== Koniec File: ====== ========================= File: C:\Users\rafal\AppData\Local\ypsx_cloud_v2\wdcloud_v2.exe ======================== C:\Users\rafal\AppData\Local\ypsx_cloud_v2\wdcloud_v2.exe Brak podpisu cyfrowego MD5: C84930BC2DF64E1D5224C801E4C1A4A9 Data utworzenia i modyfikacji: 2023-08-14 14:51 - 2023-07-13 21:06 Rozmiar: 004970496 Atrybuty: ----A Firma: Wewnętrzna nazwa: Oryginalna nazwa: Produkt: Opis: Plik Wersja: Produkt Wersja: Prawa autorskie: VirusTotal: https://www.virustotal.com/gui/file/54dd4efe8dd16699cdcf2d718a63172e75dfe46064688536a19604d1c94d5574/detection/f-54dd4efe8dd16699cdcf2d718a63172e75dfe46064688536a19604d1c94d5574-1692914901 ====== Koniec File: ====== "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0ADCFFAC-CD2A-42D1-9A12-21D4D2FFD6EE}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ADCFFAC-CD2A-42D1-9A12-21D4D2FFD6EE}" => pomyślnie usunięto C:\Windows\System32\Tasks\WDNA => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WDNA" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD1F90C4-8886-4868-97E8-20F5A9EBAB57}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD1F90C4-8886-4868-97E8-20F5A9EBAB57}" => pomyślnie usunięto C:\Windows\System32\Tasks\WDNA_LG => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WDNA_LG" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD1F90C4-8886-4868-97E8-20F5A9EBAB57}" => nie znaleziono "C:\Windows\System32\Tasks\WDNA_LG" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WDNA_LG" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{419AE415-FEB6-4E09-9536-1E45E821212C}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{419AE415-FEB6-4E09-9536-1E45E821212C}" => pomyślnie usunięto C:\Windows\System32\Tasks\YTPX Cloud LG => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTPX Cloud LG" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64AF9DDC-91DA-4745-B8B9-21D83DD94936}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64AF9DDC-91DA-4745-B8B9-21D83DD94936}" => pomyślnie usunięto C:\Windows\System32\Tasks\YTPXCheck => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTPXCheck" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F4B695B7-72AA-44C0-AAF2-B3AFBF743588}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4B695B7-72AA-44C0-AAF2-B3AFBF743588}" => pomyślnie usunięto C:\Windows\System32\Tasks\YTPXCheck LG => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTPXCheck LG" => pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => ":B1DA6C571C" ADS pomyślnie usunięto C:\Users\Public\Shared Files => ":VersionCache" ADS pomyślnie usunięto HKU\S-1-5-21-1705589361-728360065-3321163868-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono "C:\Windows\system32\Tasks\YTPXCheck" => nie znaleziono "C:\Windows\system32\Tasks\YTPX Cloud LG" => nie znaleziono "C:\Windows\system32\Tasks\YTPXCheck LG" => nie znaleziono "C:\Users\rafal\AppData\Local\ypsx_cloud_v2" folder - przenoszenie: C:\Users\rafal\AppData\Local\ypsx_cloud_v2 => pomyślnie przeniesiono "C:\Windows\system32\Tasks\WDNA" => nie znaleziono "C:\Windows\system32\Tasks\WDNA_LG" => nie znaleziono "C:\Users\rafal\AppData\Roaming\johnsadventures.com" folder - przenoszenie: C:\Users\rafal\AppData\Roaming\johnsadventures.com => pomyślnie przeniesiono "C:\Users\rafal\AppData\Local\johnsadventures.com" folder - przenoszenie: C:\Users\rafal\AppData\Local\johnsadventures.com => pomyślnie przeniesiono "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FC5837F3-3A2D-4AA5-BFFE-A2453655A952}C:\users\rafal\appdata\local\discord\app-1.0.9010\discord.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A0BEB211-34A8-45BC-8760-C398B88D773D}C:\users\rafal\appdata\local\discord\app-1.0.9010\discord.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CDEF4D75-D8FB-4104-B346-C277478DAFEB}D:\diablo iv - beta\diablo iv.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D19502E7-034F-433C-BEC5-EE21983E51BE}D:\diablo iv - beta\diablo iv.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{197F71DA-303B-44BA-AE15-ACCD7E670693}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1192CD11-1EF0-4A2A-9880-6D722304EBAB}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1558D4D5-EE42-4C35-B906-04618F7DD3C6}D:\pobrane pliki\frozenheim archetypes-goldberg\frozenheim.archetypes-goldberg\frozenheim\binaries\win64\frozenheim-win64-shipping.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{564F229B-7D29-4586-ADDB-FBB3E47456CD}D:\pobrane pliki\frozenheim archetypes-goldberg\frozenheim.archetypes-goldberg\frozenheim\binaries\win64\frozenheim-win64-shipping.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A3E4B43B-DABA-47E9-8436-A110B444BD75}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{086B864E-DEB8-4AB5-8CD3-9D9793C24D9E}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{10FC3551-5069-4C80-9EF6-C9F5B9BEE432}D:\uncharted 4 legacy of thieves collection\u4.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4DBD4122-160E-4547-9A11-53E7A957C1F2}D:\uncharted 4 legacy of thieves collection\u4.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{83765A1C-D2EB-4A0D-9973-E64823F925D8}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{52E796DC-BD50-4DDE-8D6B-7D587556F88F}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{89497D87-B253-46AA-AD40-F9E0AABAB2F2}D:\uncharted 4 legacy of thieves collection\tll.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CDA31E25-D102-4E09-8C79-BCEAC132643A}D:\uncharted 4 legacy of thieves collection\tll.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E44671D5-990B-4CA2-A8B7-D5ABDAD28A04}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71F124AB-E2D6-402D-BDCA-79F4EB234114}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F0485304-89C6-4B26-97E8-3C398A8D41B6}C:\riot games\riot client\riotclientservices.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9EEB7FE8-0DB3-4D34-8318-62E44055B3A8}C:\riot games\riot client\riotclientservices.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC71C1A5-D4A6-4931-AAC2-EDE588207C8A}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59AFA6C3-9CC4-4500-A560-96581E57F9DB}" => pomyślnie usunięto "HKU\S-1-5-21-1705589361-728360065-3321163868-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ProductAuthenticationService" => pomyślnie usunięto "HKU\S-1-5-21-1705589361-728360065-3321163868-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RiotClient" => pomyślnie usunięto HKU\S-1-5-21-1705589361-728360065-3321163868-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aaeb104a-938f-11ed-aca6-806e6f6e6963} => pomyślnie usunięto "HKU\S-1-5-21-1705589361-728360065-3321163868-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => pomyślnie usunięto "HKU\S-1-5-21-1705589361-728360065-3321163868-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 21.220.1024.0005\amd64" => pomyślnie usunięto "HKU\S-1-5-21-1705589361-728360065-3321163868-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 21.220.1024.0005" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{190BB177-41AC-400D-A81F-E1BE6908F024}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{190BB177-41AC-400D-A81F-E1BE6908F024}" => pomyślnie usunięto C:\Windows\System32\Tasks\svcupdater => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\svcupdater" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD1F90C4-8886-4868-97E8-20F5A9EBAB57}" => nie znaleziono "C:\Windows\System32\Tasks\WDNA_LG" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WDNA_LG" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD1F90C4-8886-4868-97E8-20F5A9EBAB57}" => nie znaleziono "C:\Windows\System32\Tasks\WDNA_LG" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WDNA_LG" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{419AE415-FEB6-4E09-9536-1E45E821212C}" => nie znaleziono "C:\Windows\System32\Tasks\YTPX Cloud LG" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTPX Cloud LG" => nie znaleziono "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d092d774-d3a5-4913-9cd6-1e89324e5aa5}\\DhcpNameServer" => pomyślnie usunięto HKLM\System\CurrentControlSet\Services\EAAntiCheat => pomyślnie usunięto EAAntiCheat => serwis pomyślnie usunięto ========= dir /a "C:\Users\rafal\AppData\Roaming" ========= Volume in drive C has no label. Volume Serial Number is DE06-EB2D Directory of C:\Users\rafal\AppData\Roaming 25.08.2023 21:17 . 25.08.2023 21:17 .. 01.04.2023 10:42 11bitstudios 08.07.2023 21:25 2Dynamic 14.01.2023 00:21 Adobe 14.01.2023 11:29 AMD 23.03.2023 20:27 Battle.net 21.07.2023 20:46 Brackets 21.07.2023 20:45 brackets.io 25.08.2023 21:17 discord 20.08.2023 00:07 EA 16.06.2023 20:54 EasyAntiCheat 05.08.2023 18:10 Eidos Montreal 12.08.2023 14:50 FileZilla 06.05.2023 22:03 FiraxisLive 03.05.2023 13:25 FLT 31.03.2023 14:41 Goldberg SteamEmu Saves 11.06.2023 20:38 Microsoft 21.07.2023 19:27 Notepad++ 03.05.2023 13:24 Paradox Interactive 25.03.2023 19:21 Path of Exile 18.02.2023 11:22 ProductAuthenticationService 17.04.2023 20:37 RapidCRC 11.06.2023 15:36 Soldat 08.04.2023 14:17 Star Stable Online 06.05.2023 22:03 T2GP Launcher 29.05.2023 18:15 TeraBox 04.02.2023 15:26 Valve Corporation 16.01.2023 20:07 Wargaming.net 06.05.2023 17:05 WeMod 18.02.2023 12:10 Win32Sync 29.01.2023 13:04 WinRAR 0 File(s) 0 bytes 32 Dir(s) 28 976 816 128 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Users\rafal\AppData\Local" ========= Volume in drive C has no label. Volume Serial Number is DE06-EB2D Directory of C:\Users\rafal\AppData\Local 25.08.2023 21:17 . 25.08.2023 21:17 .. 17.02.2023 21:07 Adaware 06.08.2023 14:35 AMD 14.01.2023 00:40 AMDSoftwareInstaller 20.08.2023 14:06 AMD_Common 06.08.2023 14:33 ATI 16.06.2023 22:12 Battle.net 25.03.2023 18:36 Blizzard Entertainment 14.01.2023 12:13 BY-COMBO2 14.01.2023 01:02 cache 14.01.2023 12:18 CEF 14.01.2023 12:24 Comms 14.01.2023 00:23 ConnectedDevicesPlatform 24.08.2023 23:43 CrashDumps 14.01.2023 14:20 CrashReportClient 22.08.2023 22:18 D3DSCache 06.07.2023 21:37 Daedalic Entertainment GmbH 14.01.2023 00:19 Dane aplikacji [C:\Users\rafal\AppData\Local] 22.01.2023 00:20 DBG 30.07.2023 19:06 Desperados III 21.07.2023 21:10 Diagnostics 25.08.2023 21:14 Discord 20.08.2023 00:18 EADesktop 20.08.2023 12:31 EALaunchHelper 20.08.2023 00:13 Electronic Arts 05.02.2023 20:15 EOSUserHelper 22.01.2023 18:55 Epic Games 14.01.2023 17:10 EpicGamesLauncher 24.07.2023 19:57 FileZilla 06.05.2023 13:44 Firaxis Games 14.01.2023 14:20 FortniteGame 17.07.2023 20:06 Frontier Developments 02.04.2023 14:47 Frozenheim 29.05.2023 16:01 GameAnalytics 08.07.2023 21:25 Godot 14.01.2023 00:19 Historia [C:\Users\rafal\AppData\Local\Microsoft\Windows\History] 18.02.2023 12:42 Hogwarts Legacy 25.08.2023 00:38 49 136 IconCache.db 14.01.2023 12:23 INetHistory 20.08.2023 00:13 Link2EA 24.08.2023 23:48 Malwarebytes 24.08.2023 23:43 mbam 24.08.2023 23:57 Microsoft 29.06.2023 20:14 mod.io 14.01.2023 00:21 NhNotifSys 14.01.2023 14:20 NVIDIA Corporation 14.01.2023 01:11 OneDrive 20.08.2023 00:49 Origin 24.08.2023 21:46 Packages 14.01.2023 12:18 PeerDistRepub 30.07.2023 17:41 PlaceholderTileLogoFolder 14.01.2023 01:22 Programs 14.01.2023 11:39 Publishers 11.06.2023 11:44 Riot Games 15.01.2023 15:27 Rockstar Games 14.01.2023 11:29 setup 11.06.2023 20:38 speech 06.05.2023 16:59 SquirrelTemp 08.04.2023 14:13 Star Stable 08.04.2023 14:08 starstableonline-updater 12.08.2023 13:15 Steam 23.02.2023 21:33 SwGame 06.05.2023 22:03 T2GP Launcher 26.06.2023 20:52 TAART_UI 25.08.2023 21:17 Temp 14.01.2023 00:19 Tymczasowe pliki internetowe [C:\Users\rafal\AppData\Local\Microsoft\Windows\INetCache] 16.06.2023 20:54 UnrealEngine 14.01.2023 12:38 UnrealEngineLauncher 11.06.2023 11:44 VALORANT 14.01.2023 00:21 VirtualStore 06.05.2023 16:59 WeMod 30.01.2023 13:14 WRSH 1 File(s) 49 136 bytes 72 Dir(s) 28 976 685 056 bytes free ========= Koniec CMD: ========= =========== EmptyTemp: ========== FlushDNS => ukończone BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 92235872 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 717085245 B Windows/system/drivers => 144745 B Edge => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 134 B LocalService => 17106 B NetworkService => 28910 B rafal => 3143267291 B rafal_2pz6a8w => 3245854618 B RecycleBin => 62807 B EmptyTemp: => 6.7 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 21:17:55 ====