Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:09-12-2015 Uruchomiony przez Kinga (2015-12-11 20:50:47) Run:1 Uruchomiony z C:\Users\Kinga\Desktop\FRST Załadowane profile: Kinga (Dostępne profile: Kinga) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: R2 IhPul; C:\Users\Kinga\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com) R2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [731784 2015-12-09] (Taiwan Shui Mu Chih Ching Technology Limited) R2 WdMan; C:\ProgramData\4WdM4\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] R2 WdsManPro; C:\ProgramData\2WMiniPro2\WMiniPro.exe [302592 2015-11-30] (DTools LIMITED) [Brak podpisu cyfrowego] ShortcutWithArgument: C:\Users\Kinga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449824751&z=a070925003a15e01b412f83gazfz1t0bfoazcm6z2c&from=ient07021&uid=HitachiXHTS545050A7E380_TE85113Q29B1MR29B1MRX <==== UWAGA ShortcutWithArgument: C:\Users\Kinga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449824751&z=a070925003a15e01b412f83gazfz1t0bfoazcm6z2c&from=ient07021&uid=HitachiXHTS545050A7E380_TE85113Q29B1MR29B1MRX <==== UWAGA ShortcutWithArgument: C:\Users\Kinga\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449824751&z=a070925003a15e01b412f83gazfz1t0bfoazcm6z2c&from=ient07021&uid=HitachiXHTS545050A7E380_TE85113Q29B1MR29B1MRX <==== UWAGA ShortcutWithArgument: C:\Users\Kinga\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449824751&z=a070925003a15e01b412f83gazfz1t0bfoazcm6z2c&from=ient07021&uid=HitachiXHTS545050A7E380_TE85113Q29B1MR29B1MRX <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449824751&z=a070925003a15e01b412f83gazfz1t0bfoazcm6z2c&from=ient07021&uid=HitachiXHTS545050A7E380_TE85113Q29B1MR29B1MRX <==== UWAGA Edge HomeButtonPage: HKU\S-1-5-21-996966027-1595442658-2413617871-1001 -> hxxp://www.delta-homes.com/?type=hp&ts=1442818244&z=f5b4d317fe221ba9ab66741g3z8z9o5bbg3b2odwcg&from=ient07021&uid=HitachiXHTS545050A7E380_TE85113Q29B1MR29B1MRX CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Kinga\AppData\Roaming\Mozilla\Firefox\Profiles\nra5u0rv.default\extensions\faststartff@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Kinga\AppData\Roaming\Mozilla\Firefox\Profiles\157sckfb.default-1428305416254\extensions\default_newtabff@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Kinga\AppData\Roaming\Mozilla\Firefox\Profiles\157sckfb.default-1428305416254\extensions\defsearchp@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Kinga\AppData\Roaming\Mozilla\Firefox\Profiles\157sckfb.default-1428305416254\extensions\deskCutv2@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Kinga\AppData\Roaming\Mozilla\Firefox\Profiles\157sckfb.default-1428305416254\extensions\yahooprotected@gmail.com => nie znaleziono HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-996966027-1595442658-2413617871-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-996966027-1595442658-2413617871-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPALL13/178 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1449036378&z=ecaadc7de49bc924f8fd26fg3z5zdt0e7c5q1c7beg&from=ient07021&uid=HitachiXHTS545050A7E380_TE85113Q29B1MR29B1MRX&q={searchTerms} SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1449036378&z=ecaadc7de49bc924f8fd26fg3z5zdt0e7c5q1c7beg&from=ient07021&uid=HitachiXHTS545050A7E380_TE85113Q29B1MR29B1MRX&q={searchTerms} SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKU\S-1-5-21-996966027-1595442658-2413617871-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-996966027-1595442658-2413617871-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF HKLM\...\Run: [] => [X] HKU\S-1-5-21-996966027-1595442658-2413617871-1001\...\MountPoints2: {346bc93b-495d-11e5-bed8-6c3be5f73402} - "F:\AutoRun.exe" BootExecute: autocheck autochk * sh4native Sh4Removal Task: {080D40B9-5E31-42B0-BCF7-CC7AB9E084DC} - System32\Tasks\{67424D53-A244-41BE-9F38-E7465E420BDB} => Firefox.exe hxxp://ui.skype.com/ui/0/7.6.0.105/pl/abandoninstall?source=lightinstaller&page=tsInstall Task: {0838620A-000D-4DA3-90E0-8FC0040FC283} - System32\Tasks\{4A65F31F-B51A-47E5-B38C-84E023253525} => pcalua.exe -a "C:\Users\Kinga\AppData\Roaming\0I0M0D1F2W1G1I1F1T1Q1P1C\Microsoft Office 2010 Packages\uninstaller.exe" -c /Uninstall /NM="Microsoft Office 2010 Packages" /AN="0I0M0D1F2W1G1I1F1T1Q1P1C" /MBN="Microsoft Office 2010 Packages" Task: {0CB4D8E7-742C-492D-8865-0E92E07219E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA Task: {16F1E6E6-D208-4420-AC52-B4671838459A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA Task: {19FF550D-6800-490D-9E44-BAFF4CD4795A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA Task: {219B870D-4B75-41EA-A693-ED1C74BA453E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA Task: {282A81FA-7D6D-440A-AEBD-E4D6E2CB9100} - System32\Tasks\{B6F69843-C909-402C-88FC-18F31E66D638} => Firefox.exe hxxp://ui.skype.com/ui/0/7.5.64.102/pl/abandoninstall?page=tsProgressBar Task: {37A52E26-E8E9-4898-B466-E3ADCE7EFB88} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {46B06F2E-CBA3-4639-9BE5-0BBCB0AA8932} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {4807D6CF-B5ED-40FA-AD22-EC715154D226} - System32\Tasks\{2E39F39B-4DEB-46C8-B267-8384ED6A3D6F} => Firefox.exe hxxp://ui.skype.com/ui/0/7.13.0.101/pl/abandoninstall?page=tsProgressBar Task: {525D0721-BD5A-4F5D-87F9-90042AF63C2C} - System32\Tasks\{6AD76E91-99B1-40D5-B3E8-DFF8304107FF} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.0.102/pl/abandoninstall?page=tsProgressBar Task: {538B39C0-61D8-4626-91DA-0E4F0D5ACCEE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA Task: {5D306454-B865-4F11-95C8-4DD9EDBB591C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA Task: {7AE40CDE-29E9-49EF-A2FF-A11C86E4B818} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {7BC5E866-3CB5-4B48-B7B8-C1A39BF297A9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {9A65C296-1F84-4150-808C-00D51B35E3E3} - System32\Tasks\{A1146FE8-D321-401E-A299-14BA462BF369} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.6.0.105&LastError=12002 Task: {A97A4198-0F0A-43B0-95AA-4CD98A30E47E} - System32\Tasks\{0456FC49-E446-464B-A1BA-320251A30F4F} => pcalua.exe -a C:\Users\Kinga\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor Task: {B7581A53-3192-4A44-B222-19D90A363791} - System32\Tasks\{7A991B6E-5337-4E3C-B4BA-8DBBDA4016D9} => Firefox.exe hxxp://ui.skype.com/ui/0/7.6.0.105/pl/abandoninstall?source=lightinstaller&page=tsInstall Task: {D56813A2-FE65-48BC-A310-1F5B42E18A91} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {D8894160-37D8-432F-86A1-5EC7EA10D3E1} - System32\Tasks\{C60132EA-3BA0-4E3A-8540-83C3D11D342E} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.6.0.105&LastError=12002 Task: {DB119BF1-0F29-4B58-9264-8AF96F684AAD} - System32\Tasks\{A7FEC81D-122F-4C7E-B45F-D269C1CF3CBB} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.0.102/pl/abandoninstall?page=tsProgressBar Task: {E85AE5E9-F4C0-4B60-BD25-E4391EF4BA7E} - System32\Tasks\{B259622C-302E-490B-AE3C-5EEFFE7C9DBA} => pcalua.exe -a C:\Users\Kinga\Downloads\forge-1.7.2-10.12.2.1121-installer-win.exe -d C:\Users\Kinga\Downloads Task: {E8ACFF89-B1B1-4725-A8B3-B76C3212F5E0} - System32\Tasks\{5C899B0C-6F6F-4BCE-97CE-345214A25F69} => Firefox.exe hxxp://ui.skype.com/ui/0/7.1.59.105/pl/abandoninstall?page=tsMain Task: {F6D76E06-0212-4745-9244-0580E4B97B82} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== UWAGA DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Adobe ARM" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SunJavaUpdateSched /f RemoveDirectory: C:\Program Files (x86)\Picexa RemoveDirectory: C:\Program Files (x86)\WinZipper RemoveDirectory: C:\ProgramData\2WMiniPro2 RemoveDirectory: C:\ProgramData\4WdM4 RemoveDirectory: C:\ProgramData\UWMiniProU RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa RemoveDirectory: C:\Users\Kinga\AppData\Local\Microsoft\Windows\GameExplorer\{4D5D7E46-058A-41B4-AA44-4E6BF4F8C22B} RemoveDirectory: C:\Users\Kinga\AppData\Roaming\Picexa Viewer RemoveDirectory: C:\Users\Kinga\AppData\Roaming\TSv RemoveDirectory: C:\Users\Kinga\AppData\Roaming\WinZipper RemoveDirectory: C:\Users\Kinga\Downloads\SpyHunter 4.17.6.4336 RemoveDirectory: C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal\Counter-Strike Source\Counter-Strike Source.lnk C:\Users\Kinga\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa.lnk C:\Users\Kinga\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa (2).lnk C:\Users\Kinga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\obrazy.lnk C:\Users\Kinga\Desktop\AKINGA\TATA\Counter-Strike Source.lnk C:\Users\Kinga\Desktop\Linux\ZDJĘCIA\GRY\HCA - Brzydkie Książątko.lnk C:\Users\Kinga\Downloads\SpyHunter*.* C:\Users\Public\Desktop\Picexa.lnk CMD: netsh advfirewall reset EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. IhPul => serwis pomyślnie usunięto PicexaService => serwis pomyślnie usunięto WdMan => serwis pomyślnie usunięto WdsManPro => serwis pomyślnie usunięto C:\Users\Kinga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Kinga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Kinga\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Kinga\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. HKU\S-1-5-21-996966027-1595442658-2413617871-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => Wartość pomyślnie usunięto "HKLM\SOFTWARE\Policies\Google" => klucz pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\faststartff@gmail.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\default_newtabff@gmail.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\defsearchp@gmail.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\yahooprotected@gmail.com => Wartość pomyślnie usunięto HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-996966027-1595442658-2413617871-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-996966027-1595442658-2413617871-1001\Software\Microsoft\Internet Explorer\Main\\First Home Page => Wartość pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => klucz pomyślnie usunięto HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => klucz nie znaleziono. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => klucz nie znaleziono. HKU\S-1-5-21-996966027-1595442658-2413617871-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKU\S-1-5-21-996966027-1595442658-2413617871-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => klucz pomyślnie usunięto HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => klucz nie znaleziono. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Wartość nie znaleziono. "HKU\S-1-5-21-996966027-1595442658-2413617871-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{346bc93b-495d-11e5-bed8-6c3be5f73402}" => klucz pomyślnie usunięto HKCR\CLSID\{346bc93b-495d-11e5-bed8-6c3be5f73402} => klucz nie znaleziono. hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{080D40B9-5E31-42B0-BCF7-CC7AB9E084DC}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{080D40B9-5E31-42B0-BCF7-CC7AB9E084DC}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\{67424D53-A244-41BE-9F38-E7465E420BDB} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{67424D53-A244-41BE-9F38-E7465E420BDB}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0838620A-000D-4DA3-90E0-8FC0040FC283}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0838620A-000D-4DA3-90E0-8FC0040FC283}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\{4A65F31F-B51A-47E5-B38C-84E023253525} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4A65F31F-B51A-47E5-B38C-84E023253525}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CB4D8E7-742C-492D-8865-0E92E07219E6}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CB4D8E7-742C-492D-8865-0E92E07219E6}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16F1E6E6-D208-4420-AC52-B4671838459A}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16F1E6E6-D208-4420-AC52-B4671838459A}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19FF550D-6800-490D-9E44-BAFF4CD4795A}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19FF550D-6800-490D-9E44-BAFF4CD4795A}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{219B870D-4B75-41EA-A693-ED1C74BA453E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{219B870D-4B75-41EA-A693-ED1C74BA453E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{282A81FA-7D6D-440A-AEBD-E4D6E2CB9100}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{282A81FA-7D6D-440A-AEBD-E4D6E2CB9100}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\{B6F69843-C909-402C-88FC-18F31E66D638} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B6F69843-C909-402C-88FC-18F31E66D638}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{37A52E26-E8E9-4898-B466-E3ADCE7EFB88}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37A52E26-E8E9-4898-B466-E3ADCE7EFB88}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46B06F2E-CBA3-4639-9BE5-0BBCB0AA8932}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46B06F2E-CBA3-4639-9BE5-0BBCB0AA8932}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4807D6CF-B5ED-40FA-AD22-EC715154D226}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4807D6CF-B5ED-40FA-AD22-EC715154D226}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\{2E39F39B-4DEB-46C8-B267-8384ED6A3D6F} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2E39F39B-4DEB-46C8-B267-8384ED6A3D6F}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{525D0721-BD5A-4F5D-87F9-90042AF63C2C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{525D0721-BD5A-4F5D-87F9-90042AF63C2C}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\{6AD76E91-99B1-40D5-B3E8-DFF8304107FF} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6AD76E91-99B1-40D5-B3E8-DFF8304107FF}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{538B39C0-61D8-4626-91DA-0E4F0D5ACCEE}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{538B39C0-61D8-4626-91DA-0E4F0D5ACCEE}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D306454-B865-4F11-95C8-4DD9EDBB591C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D306454-B865-4F11-95C8-4DD9EDBB591C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AE40CDE-29E9-49EF-A2FF-A11C86E4B818}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AE40CDE-29E9-49EF-A2FF-A11C86E4B818}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BC5E866-3CB5-4B48-B7B8-C1A39BF297A9}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BC5E866-3CB5-4B48-B7B8-C1A39BF297A9}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A65C296-1F84-4150-808C-00D51B35E3E3}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A65C296-1F84-4150-808C-00D51B35E3E3}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\{A1146FE8-D321-401E-A299-14BA462BF369} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A1146FE8-D321-401E-A299-14BA462BF369}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A97A4198-0F0A-43B0-95AA-4CD98A30E47E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A97A4198-0F0A-43B0-95AA-4CD98A30E47E}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\{0456FC49-E446-464B-A1BA-320251A30F4F} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0456FC49-E446-464B-A1BA-320251A30F4F}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7581A53-3192-4A44-B222-19D90A363791}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7581A53-3192-4A44-B222-19D90A363791}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\{7A991B6E-5337-4E3C-B4BA-8DBBDA4016D9} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7A991B6E-5337-4E3C-B4BA-8DBBDA4016D9}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D56813A2-FE65-48BC-A310-1F5B42E18A91}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D56813A2-FE65-48BC-A310-1F5B42E18A91}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8894160-37D8-432F-86A1-5EC7EA10D3E1}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8894160-37D8-432F-86A1-5EC7EA10D3E1}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\{C60132EA-3BA0-4E3A-8540-83C3D11D342E} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C60132EA-3BA0-4E3A-8540-83C3D11D342E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB119BF1-0F29-4B58-9264-8AF96F684AAD}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB119BF1-0F29-4B58-9264-8AF96F684AAD}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\{A7FEC81D-122F-4C7E-B45F-D269C1CF3CBB} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A7FEC81D-122F-4C7E-B45F-D269C1CF3CBB}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E85AE5E9-F4C0-4B60-BD25-E4391EF4BA7E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E85AE5E9-F4C0-4B60-BD25-E4391EF4BA7E}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\{B259622C-302E-490B-AE3C-5EEFFE7C9DBA} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B259622C-302E-490B-AE3C-5EEFFE7C9DBA}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8ACFF89-B1B1-4725-A8B3-B76C3212F5E0}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8ACFF89-B1B1-4725-A8B3-B76C3212F5E0}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\{5C899B0C-6F6F-4BCE-97CE-345214A25F69} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5C899B0C-6F6F-4BCE-97CE-345214A25F69}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6D76E06-0212-4745-9244-0580E4B97B82}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6D76E06-0212-4745-9244-0580E4B97B82}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => klucz pomyślnie usunięto HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz pomyślnie usunięto HKCU\Software\dobreprogramy => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\yoursites123Software => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\Wow6432Node\yoursites123Software => klucz pomyślnie usunięto ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Adobe ARM" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SunJavaUpdateSched /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= "C:\Program Files (x86)\Picexa" => pomyślnie usunięto. "C:\Program Files (x86)\WinZipper" => pomyślnie usunięto. "C:\ProgramData\2WMiniPro2" => pomyślnie usunięto. "C:\ProgramData\4WdM4" => pomyślnie usunięto. "C:\ProgramData\UWMiniProU" => pomyślnie usunięto. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa" => pomyślnie usunięto. "C:\Users\Kinga\AppData\Local\Microsoft\Windows\GameExplorer\{4D5D7E46-058A-41B4-AA44-4E6BF4F8C22B}" => pomyślnie usunięto. "C:\Users\Kinga\AppData\Roaming\Picexa Viewer" => pomyślnie usunięto. "C:\Users\Kinga\AppData\Roaming\TSv" => pomyślnie usunięto. "C:\Users\Kinga\AppData\Roaming\WinZipper" => pomyślnie usunięto. "C:\Users\Kinga\Downloads\SpyHunter 4.17.6.4336" => pomyślnie usunięto. "C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP" => pomyślnie usunięto. C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal\Counter-Strike Source\Counter-Strike Source.lnk => pomyślnie przeniesiono C:\Users\Kinga\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa.lnk => pomyślnie przeniesiono C:\Users\Kinga\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa (2).lnk => pomyślnie przeniesiono C:\Users\Kinga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\obrazy.lnk => pomyślnie przeniesiono C:\Users\Kinga\Desktop\AKINGA\TATA\Counter-Strike Source.lnk => pomyślnie przeniesiono C:\Users\Kinga\Desktop\Linux\ZDJĘCIA\GRY\HCA - Brzydkie Książątko.lnk => pomyślnie przeniesiono =========== "C:\Users\Kinga\Downloads\SpyHunter*.*" ========== C:\Users\Kinga\Downloads\SpyHunter 4.17.6.4336.rar => pomyślnie przeniesiono C:\Users\Kinga\Downloads\SpyHunter-Installer.exe => pomyślnie przeniesiono ========= Koniec -> "C:\Users\Kinga\Downloads\SpyHunter*.*" ======== C:\Users\Public\Desktop\Picexa.lnk => pomyślnie przeniesiono ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= EmptyTemp: => 1.4 GB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 20:54:36 ====