Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 22-04-2022 Uruchomiony przez bEEExx (01-05-2022 11:59:35) Run:1 Uruchomiony z C:\Users\bEEExx\Downloads Załadowane profile: bEEExx Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CreateRestorePoint: CloseProcesses: EmptyTemp: File: C:\ProgramData\DeleteFile.exe HKLM-x32\...\Run: [kbdsprt] => [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {76d9ebfb-7f3f-11e6-8253-d07e357d2f66} - "H:\OriginSetup.exe" HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {76d9ec0d-7f3f-11e6-8253-d07e357d2f66} - "I:\SETUP.EXE" HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {79505bb4-def5-11e6-8269-448a5bf2e290} - "G:\autorun.exe" HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {95647895-d614-11e9-82e3-d07e357d2f66} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {a7b019db-9cd8-11e8-82ae-d07e357d2f66} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {ac1b431c-c5c2-11e8-82b1-d07e357d2f66} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {c72da580-475e-11e9-82d2-d07e357d2f66} - "G:\AutoRun.exe" HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {d8f14d9d-1465-11e8-829c-d07e357d2f66} - "G:\HiSuiteDownLoader.exe" GroupPolicy: Ograniczenia ? <==== UWAGA Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA Task: {046156CD-D45A-4299-BBDF-98C429BC0B85} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe (Brak pliku) Task: {1441D529-F168-4515-A848-84C3E3600B74} - System32\Tasks\{8565A12A-9E3F-4EC6-8FE4-B64B73D5E0C2} => C:\Windows\system32\pcalua.exe -a "C:\Users\bEEExx\Desktop\Uro dawida\PC-Receiver-v2.02\Software\setupstb.exe" -d "C:\Users\bEEExx\Desktop\Uro dawida\PC-Receiver-v2.02\Software" Task: {38BABE32-3327-4058-84F3-81C3CE4F59F4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Brak pliku) Task: {A05DC1F0-B6CC-4827-8410-EC86D02B9D88} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [1835112 2020-02-19] () [Brak podpisu cyfrowego] Task: {CD4E2280-B4B9-4DAC-88E7-BDB9CB1C00A2} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\bEEExx\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-04-24] (ESET, spol. s r.o. -> ESET) Task: {D8E1B9AD-3757-40F3-AC82-513B93EEEA27} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\bEEExx\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-04-24] (ESET, spol. s r.o. -> ESET) Tcpip\..\Interfaces\{63462549-4094-4D60-9AC4-8B91B82F5714}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{A038353E-B14E-4AB0-8BCC-DB0964312E58}: [DhcpNameServer] 8.8.8.8 FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => nie znaleziono FF Plugin-x32: @google.com/npwebplugin -> C:\Windows\system32\npwebplugin.dll [Brak pliku] S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X] U4 dmwappushservice; Brak ImagePath S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X] S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X] 2022-04-24 10:17 - 2022-04-24 11:13 - 000000000 ____D C:\Users\bEEExx\AppData\Local\b7ca1994-c6b6-458d-b3e8-e39e7bfc28be 2022-04-24 10:17 - 2022-04-24 11:13 - 000000000 ____D C:\Users\bEEExx\AppData\Local\8c4d3f44-be2b-419b-8118-59714f1f5794 2022-04-24 10:17 - 2022-04-24 10:17 - 000000000 ____D C:\Users\bEEExx\AppData\Local\Yandex 2022-04-24 10:17 - 2022-04-24 10:17 - 000000000 ____D C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ 2022-04-24 10:16 - 2022-04-24 11:28 - 000000000 ____D C:\Users\bEEExx\AppData\Roaming\ZYmJU 2022-04-24 10:16 - 2022-04-24 11:28 - 000000000 ____D C:\Users\bEEExx\AppData\Roaming\shftool 2022-04-24 10:16 - 2022-04-24 10:17 - 000000000 ____D C:\Users\bEEExx\AppData\Roaming\zBTjz4PLT 2022-04-24 10:16 - 2022-04-24 10:16 - 000000000 ____D C:\Users\bEEExx\AppData\Roaming\Vobaticu 2022-04-24 10:16 - 2022-04-24 10:16 - 000000000 ____D C:\Program Files (x86)\installeras 2022-04-24 10:11 - 2022-04-24 10:11 - 000000000 ____D C:\ProgramData\OLD5RBJU34LT5JAEQP4 2022-04-24 10:10 - 2022-04-24 10:10 - 000000000 ____D C:\ProgramData\FDSNSVVJ11J042CD3IY 2011-04-01 11:57 - 2011-04-01 11:57 - 000247136 _____ () C:\ProgramData\DeleteFile.exe ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku AlternateDataStreams: C:\ProgramData\TEMP:C5CC2549 [147] AlternateDataStreams: C:\Users\Public\AppData:CSM [458] HKLM\...\.scr: => <==== UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Brak nazwy -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Brak pliku Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - Brak pliku FirewallRules: [{BEC8F150-0875-412E-BABB-8FB341FE7122}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Brak pliku FirewallRules: [{B1A26C05-C74D-42E1-900A-95224E3E4637}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Brak pliku FirewallRules: [{5F90469F-3458-45E9-B2E7-871C1D8EC028}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Brak pliku FirewallRules: [{7888FA0D-44AD-4A59-A298-5BC39FB54468}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Brak pliku FirewallRules: [TCP Query User{8E621B21-BF9C-4DC4-9387-275E219DE227}C:\users\beeexx\desktop\one\anydesk.exe] => (Allow) C:\users\beeexx\desktop\one\anydesk.exe => Brak pliku FirewallRules: [UDP Query User{75F94E82-00CA-4A9E-83AC-90C482FE885B}C:\users\beeexx\desktop\one\anydesk.exe] => (Allow) C:\users\beeexx\desktop\one\anydesk.exe => Brak pliku FirewallRules: [{5ADF9B9A-160B-442B-8030-E72DEDB0B988}] => (Block) C:\users\beeexx\desktop\one\anydesk.exe => Brak pliku FirewallRules: [{705F827B-D7AD-4733-9A5E-59480592CB25}] => (Block) C:\users\beeexx\desktop\one\anydesk.exe => Brak pliku RemoveProxy: Hosts: CMD: dir /a "C:\ProgramData" CMD: dir /a "C:\Users\bEEExx\AppData\Local" CMD: dir /a "C:\Users\bEEExx\AppData\Roaming" ***************** Punkt przywracania został pomyślnie utworzony. Procesy zostały pomyślnie zamknięte. ========================= File: C:\ProgramData\DeleteFile.exe ======================== C:\ProgramData\DeleteFile.exe Plik podpisany cyfrowo MD5: 58025B77D366358EB4D73C609171FDBE Data utworzenia i modyfikacji: 2011-04-01 11:57 - 2011-04-01 11:57 Rozmiar: 000247136 Atrybuty: ----A Firma: HUAWEI Technologies Co., Ltd. -> Wewnętrzna nazwa: Oryginalna nazwa: Produkt: Opis: Plik Wersja: Produkt Wersja: Prawa autorskie: VirusTotal: https://www.virustotal.com/gui/file/9d6a0fa00c2e31962f2aad46484889f3465aab09bc7d1a829104c20f6a07e643/detection/f-9d6a0fa00c2e31962f2aad46484889f3465aab09bc7d1a829104c20f6a07e643-1649939931 ====== Koniec File: ====== "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\kbdsprt" => pomyślnie usunięto HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => pomyślnie usunięto HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76d9ebfb-7f3f-11e6-8253-d07e357d2f66} => pomyślnie usunięto HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76d9ec0d-7f3f-11e6-8253-d07e357d2f66} => pomyślnie usunięto HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79505bb4-def5-11e6-8269-448a5bf2e290} => pomyślnie usunięto HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95647895-d614-11e9-82e3-d07e357d2f66} => pomyślnie usunięto HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7b019db-9cd8-11e8-82ae-d07e357d2f66} => pomyślnie usunięto HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac1b431c-c5c2-11e8-82b1-d07e357d2f66} => pomyślnie usunięto HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c72da580-475e-11e9-82d2-d07e357d2f66} => pomyślnie usunięto HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8f14d9d-1465-11e8-829c-d07e357d2f66} => pomyślnie usunięto C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\ProgramData\NTUSER.pol => pomyślnie przeniesiono HKLM\SOFTWARE\Policies\Mozilla => pomyślnie usunięto HKLM\SOFTWARE\Policies\Google => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{046156CD-D45A-4299-BBDF-98C429BC0B85}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{046156CD-D45A-4299-BBDF-98C429BC0B85}" => pomyślnie usunięto C:\Windows\System32\Tasks\Antivirus Emergency Update => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Antivirus Emergency Update" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1441D529-F168-4515-A848-84C3E3600B74}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1441D529-F168-4515-A848-84C3E3600B74}" => pomyślnie usunięto C:\Windows\System32\Tasks\{8565A12A-9E3F-4EC6-8FE4-B64B73D5E0C2} => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8565A12A-9E3F-4EC6-8FE4-B64B73D5E0C2}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38BABE32-3327-4058-84F3-81C3CE4F59F4}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38BABE32-3327-4058-84F3-81C3CE4F59F4}" => pomyślnie usunięto C:\Windows\System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office 15 Subscription Heartbeat" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A05DC1F0-B6CC-4827-8410-EC86D02B9D88}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A05DC1F0-B6CC-4827-8410-EC86D02B9D88}" => pomyślnie usunięto C:\Windows\System32\Tasks\Avast Software\Overseer => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD4E2280-B4B9-4DAC-88E7-BDB9CB1C00A2}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD4E2280-B4B9-4DAC-88E7-BDB9CB1C00A2}" => pomyślnie usunięto C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8E1B9AD-3757-40F3-AC82-513B93EEEA27}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8E1B9AD-3757-40F3-AC82-513B93EEEA27}" => pomyślnie usunięto C:\Windows\System32\Tasks\EOSv3 Scheduler onTime => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{63462549-4094-4D60-9AC4-8B91B82F5714}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A038353E-B14E-4AB0-8BCC-DB0964312E58}\\DhcpNameServer" => pomyślnie usunięto "HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" => pomyślnie usunięto "HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" => pomyślnie usunięto HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npwebplugin => pomyślnie usunięto HKLM\System\CurrentControlSet\Services\Nero BackItUp Scheduler 4.0 => pomyślnie usunięto Nero BackItUp Scheduler 4.0 => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\dmwappushservice => pomyślnie usunięto dmwappushservice => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\IntcAzAudAddService => pomyślnie usunięto IntcAzAudAddService => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\mfesapsn => pomyślnie usunięto mfesapsn => serwis pomyślnie usunięto C:\Users\bEEExx\AppData\Local\b7ca1994-c6b6-458d-b3e8-e39e7bfc28be => pomyślnie przeniesiono C:\Users\bEEExx\AppData\Local\8c4d3f44-be2b-419b-8118-59714f1f5794 => pomyślnie przeniesiono C:\Users\bEEExx\AppData\Local\Yandex => pomyślnie przeniesiono C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ => pomyślnie przeniesiono C:\Users\bEEExx\AppData\Roaming\ZYmJU => pomyślnie przeniesiono C:\Users\bEEExx\AppData\Roaming\shftool => pomyślnie przeniesiono C:\Users\bEEExx\AppData\Roaming\zBTjz4PLT => pomyślnie przeniesiono C:\Users\bEEExx\AppData\Roaming\Vobaticu => pomyślnie przeniesiono C:\Program Files (x86)\installeras => pomyślnie przeniesiono C:\ProgramData\OLD5RBJU34LT5JAEQP4 => pomyślnie przeniesiono C:\ProgramData\FDSNSVVJ11J042CD3IY => pomyślnie przeniesiono C:\ProgramData\DeleteFile.exe => pomyślnie przeniesiono HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => pomyślnie usunięto HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => pomyślnie usunięto C:\ProgramData\TEMP => ":C5CC2549" ADS pomyślnie usunięto C:\Users\Public\AppData => ":CSM" ADS pomyślnie usunięto HKLM\Software\Classes\.scr\\"Default"="scrfile" => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => Wartość pomyślnie przywrócono HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => pomyślnie usunięto HKLM\Software\Classes\PROTOCOLS\Handler\sacore => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BEC8F150-0875-412E-BABB-8FB341FE7122}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B1A26C05-C74D-42E1-900A-95224E3E4637}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F90469F-3458-45E9-B2E7-871C1D8EC028}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7888FA0D-44AD-4A59-A298-5BC39FB54468}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8E621B21-BF9C-4DC4-9387-275E219DE227}C:\users\beeexx\desktop\one\anydesk.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{75F94E82-00CA-4A9E-83AC-90C482FE885B}C:\users\beeexx\desktop\one\anydesk.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5ADF9B9A-160B-442B-8030-E72DEDB0B988}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{705F827B-D7AD-4733-9A5E-59480592CB25}" => pomyślnie usunięto ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto "HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto ========= Koniec RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. ========= dir /a "C:\ProgramData" ========= Volume in drive C has no label. Volume Serial Number is 84D3-A39C Directory of C:\ProgramData 2022-05-01 12:00 . 2022-05-01 12:00 .. 2022-04-24 17:21 48C4687D-9760-4F5B-BAB3-60351B0841E4 2017-02-05 16:53 Adobe 2022-04-24 16:38 2 104 agent.1650811114.2808.v2.bin 2022-04-24 16:38 67 904 agent.1650811114.8312.v2.bin 2022-04-24 16:38 42 844 agent.1650811114.8976.v2.bin 2022-04-24 16:46 98 280 agent.update.1650811573.bdinstall.v2.bin 2022-04-28 06:52 AnchorFree_Inc 2013-08-22 16:45 Application Data [C:\ProgramData] 2018-04-30 21:04 ASUS Driver 2022-04-24 16:52 Atc 2019-08-01 17:46 AVAST Software 2022-03-03 20:38 Avg 2017-03-04 00:45 Battle.net 2022-04-24 16:51 BDLogging 2022-04-24 17:08 Bitdefender 2022-04-24 16:38 Bitdefender Agent 2022-04-28 06:52 Bitdefender VPN 2018-03-14 17:12 Blizzard Entertainment 2021-03-07 13:02 CCleaner Browser 2022-04-24 16:54 622 404 cl.1650811734.bdinstall.v2.bin 2022-04-24 16:54 111 268 cl.kit.1650811731.bdinstall.v2.bin 2016-09-23 14:47 Common Files 2016-09-21 15:14 DAEMON Tools Lite 2016-09-19 17:06 Dane aplikacji [C:\ProgramData] 2017-05-07 18:27 DeskShare 2013-08-22 16:45 Desktop [C:\Users\Public\Desktop] 2018-10-27 13:54 dftmp 2018-08-11 09:39 DIBsection 2013-08-22 16:45 Documents [C:\Users\Public\Documents] 2016-09-19 17:06 Dokumenty [C:\Users\Public\Documents] 2016-09-19 17:12 Downloaded Installations 2017-02-11 19:00 0 DP45977C.lfl 2022-04-30 16:31 Electronic Arts 2018-11-23 00:07 Epic 2017-03-31 14:36 EPSON 2022-04-24 13:55 F-Secure 2022-04-24 15:10 F9998B7844 2022-01-31 10:07 FileOpen 2016-12-21 23:12 Gaming Center 2022-04-24 16:52 Gemma 2016-11-28 17:28 Git 2016-09-19 17:10 Intel 2016-12-21 23:12 IsolatedStorage 2016-09-24 20:43 KONAMI 2019-10-15 21:27 LogiShrd 2018-10-03 19:39 Magix 2022-04-29 19:02 Malwarebytes 2016-12-24 00:05 McAfee 2016-09-19 17:06 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 2016-09-23 17:17 MFAData 2022-04-24 10:17 Microsoft 2016-12-17 12:54 Microsoft Help 2018-10-27 11:05 Microsoft Visual Studio 2022-04-27 22:53 mks_vir 2022-02-01 13:50 Mozilla 2017-09-29 20:20 Nefarius Software Solutions 2022-04-30 16:41 Nero 2022-05-01 12:00 NVIDIA 2019-08-01 19:00 NVIDIA Corporation 2018-04-23 19:14 17 470 NvTelemetryContainer.log 2018-04-18 00:46 67 754 NvTelemetryContainer.log_backup1 2017-06-06 21:26 Oracle 2022-04-30 16:31 Origin 2022-04-24 10:29 Package Cache 2016-11-28 15:57 phpDesigner 2016-09-19 22:34 Portrait Displays 2016-09-19 17:06 Pulpit [C:\Users\Public\Desktop] 2017-01-27 23:58 Qualcomm 2017-09-21 14:25 Ralink 2018-10-27 12:13 regid.1991-06.com.microsoft 2022-03-03 20:54 Riot Games 2016-09-19 17:10 Roaming 2017-06-20 14:08 Skype 2013-08-22 16:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2016-09-19 22:28 SteelSeries 2016-09-19 17:06 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 2017-10-15 22:06 TEMP 2013-08-22 16:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2019-09-12 23:21 TP-LINK 2022-01-31 10:06 Tracker Software 2018-10-03 19:51 VEGAS 2022-04-28 06:52 214 328 vpn.1651121364.bdinstall.v2.bin 2022-04-24 15:08 win64 2018-10-27 13:37 Windows App Certification Kit 2019-08-16 23:37 {972DC8CA-126D-23FD-11AA-92876DD12AFD} 10 File(s) 1 244 356 bytes 77 Dir(s) 13 109 870 592 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Users\bEEExx\AppData\Local" ========= Volume in drive C has no label. Volume Serial Number is 84D3-A39C Directory of C:\Users\bEEExx\AppData\Local 2022-05-01 12:00 . 2022-05-01 12:00 .. 2018-10-27 13:59 .IdentityService 2017-08-13 21:50 Adobe 2016-09-23 17:15 AvgSetupLog 2022-04-24 09:55 babl-0.1 2018-02-01 14:04 BetterDS3 2022-04-24 16:39 Bitdefender 2022-04-30 16:42 Blizzard Entertainment 2016-11-28 17:26 bower 2021-03-30 07:31 CCleaner Browser 2016-09-21 15:25 CEF 2016-09-20 14:40 ChromaTune_MSI 2016-12-18 01:12 Chromium 2022-04-27 21:47 CrashDumps 2017-08-19 15:14 CrashRpt 2016-09-19 17:07 Dane aplikacji [C:\Users\bEEExx\AppData\Local] 2017-05-07 18:49 DeskShare Data 2017-09-11 23:56 Diagnostics 2016-09-21 15:23 Disc_Soft_Ltd 2016-09-19 17:12 0 Driver_LOM_8161Present.flag 2017-03-10 10:12 eagle 2019-12-11 18:30 Electronic Arts 2020-04-27 21:11 ElevatedDiagnostics 2017-01-23 14:20 EmieSiteList 2017-01-23 14:20 EmieUserList 2019-08-10 13:21 ESET 2022-04-24 13:49 F-Secure 2018-05-20 11:10 FortniteGame 2022-04-27 21:58 FSDART 2021-01-30 14:46 gegl-0.4 2022-01-31 14:40 GHISLER 2021-01-30 14:46 GIMP 2021-10-07 18:37 Google 2022-04-24 09:55 gtk-2.0 2019-04-29 18:51 Haze1 2016-09-19 17:07 Historia [C:\Users\bEEExx\AppData\Local\Microsoft\Windows\History] 2022-04-30 22:32 361 661 IconCache.db 2018-08-11 09:40 icsxml 2016-11-28 15:34 IsolatedStorage 2019-10-15 21:24 Logitech 2017-09-12 20:46 Macromedia 2022-04-29 19:04 mbam 2018-08-11 09:41 MetaGeek,_LLC 2016-09-23 17:14 MFAData 2016-12-24 16:57 Micro-Star_International_ 2022-02-09 10:22 MicroSIP 2022-04-24 10:17 Microsoft 2016-09-21 15:19 Microsoft Help 2017-08-09 12:47 Mozilla 2018-08-11 09:39 ms-drivers 2016-12-24 15:13 MSI 2016-09-19 17:15 MSIOnlineRegister 2022-04-24 11:21 NotifyEbook 2019-08-01 19:01 NVIDIA 2021-09-21 18:10 NVIDIA Corporation 2022-03-23 19:26 Packages 2016-09-20 14:40 Portrait Displays 2022-01-31 14:45 Programs 2022-03-20 10:47 128 PUTTY.RND 2022-04-24 09:55 21 061 recently-used.xbel 2022-03-03 20:49 Riot Games 2018-10-27 11:06 ServiceHub 2022-04-30 16:30 Sony 2017-05-07 18:27 Spoon 2020-03-31 10:42 Spotify 2017-01-12 17:25 Steam 2020-06-03 19:57 TeamViewer 2022-05-01 12:00 Temp 2016-09-19 17:07 Temporary Internet Files [C:\Users\bEEExx\AppData\Local\Microsoft\Windows\INetCache] 2019-09-12 23:20 TP-Link 2022-01-31 10:12 Tracker Software 2018-08-01 22:08 Ubisoft Game Launcher 2019-04-29 18:51 UnrealEngine 2022-04-24 11:27 VirtualStore 2019-08-16 23:37 ​‌‭‬‍‏‫‎‬‌‮‎‭‌‪‍‪‍‬ 4 File(s) 382 850 bytes 72 Dir(s) 13 109 882 880 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Users\bEEExx\AppData\Roaming" ========= Volume in drive C has no label. Volume Serial Number is 84D3-A39C Directory of C:\Users\bEEExx\AppData\Roaming 2022-05-01 12:00 . 2022-05-01 12:00 .. 2017-02-05 16:53 Adobe 2020-03-16 09:13 AnyDesk 2017-05-07 18:12 app-ipw-vstarcam 2017-06-06 23:48 Azureus 2022-04-24 16:50 Bitdefender 2016-12-22 21:53 BluetoothStackSwitcher 2017-03-10 10:12 CadSoft 2016-09-30 19:32 Codeusa Software 2017-02-05 16:44 com.efile.epity 2019-08-01 17:46 DAEMON Tools Lite 2017-04-16 22:36 dvdcss 2017-02-05 16:53 e-Deklaracje 2017-02-05 16:53 e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 2019-02-17 20:37 EasyAntiCheat 2018-07-20 21:41 FlashIntegro 2017-09-26 09:10 FRLPR Manager 2022-01-31 14:42 GHISLER 2021-01-30 14:46 GIMP 2016-12-17 14:09 Identities 2016-09-19 17:10 Intel 2018-03-27 09:37 KR Monitor 2019-12-18 09:53 LGHUB 2019-10-15 20:49 Logishrd 2019-10-15 20:49 Logitech 2016-09-21 21:33 LolClient 2016-09-19 17:15 Macromedia 2020-08-24 09:39 MicroSIP 2022-04-23 16:28 Microsoft 2018-10-27 11:06 Microsoft Visual Studio 2018-02-01 13:59 MotioninJoy 2018-01-21 23:09 Mozilla 2017-01-30 00:49 NapiProjekt 2017-09-29 20:19 Nefarius Software Solutions 2016-11-28 16:03 Notepad++ 2017-01-09 16:11 npm 2016-11-28 16:32 npm-cache 2018-10-29 19:38 NuGet 2018-10-04 19:19 NVIDIA 2018-03-27 09:42 PhotoScape 2017-02-05 16:42 Podatnik.info 2016-09-20 14:40 Portrait Displays 2018-10-03 20:14 Publish Providers 2016-09-21 18:14 Riot Games 2022-01-31 09:12 Skype 2018-10-04 19:16 Sony 2020-03-31 09:37 Spotify 2018-08-19 11:55 steelseries-engine-3-client 2020-06-03 19:56 TeamViewer 2022-01-31 11:49 Tracker Software 2019-08-01 17:45 TS3Client 2022-04-30 16:30 TweakNow RegCleaner 2018-10-27 14:07 Visual Studio Setup 2022-01-11 11:09 vlc 2018-10-27 11:06 vstelemetry 2019-05-01 20:24 Warner Bros. Interactive Entertainment 2016-09-19 17:22 WinRAR 2022-02-08 16:50 128 winscp.rnd 1 File(s) 128 bytes 58 Dir(s) 13 109 755 904 bytes free ========= Koniec CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57088648 B Java, Flash, Steam htmlcache => 29205579 B Windows/system/drivers => 490423573 B Edge => 0 B Chrome => 103963702 B Firefox => 164708796 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 256 B LocalService => 1488278 B NetworkService => 2484850 B bEEExx => 1283610178 B RecycleBin => 6177719 B EmptyTemp: => 2 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 12:04:10 ====