Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:09-12-2015 Uruchomiony przez Halina (2015-12-12 10:11:27) Run:1 Uruchomiony z Y:\Nowy folder Załadowane profile: Halina (Dostępne profile: Halina) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dark Orbit.lnk -> C:\Program Files (x86)\WildTangent Games\Web Link - Dark Orbit\launcher.exe (WildTangent) -> hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjongg Dark Dimensions.lnk -> C:\Program Files (x86)\WildTangent Games\Web Link - Mahjongg Dark Dimensions\launcher.exe (WildTangent) -> hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Warcraft.lnk -> C:\Program Files (x86)\WildTangent Games\Web Link - World of Warcraft\launcher.exe (WildTangent) -> hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S ShortcutWithArgument: C:\Users\Halina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S ShortcutWithArgument: C:\Users\Halina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S ShortcutWithArgument: C:\Users\Halina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S ShortcutWithArgument: C:\Users\Halina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S ShortcutWithArgument: C:\Users\Halina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S&q={searchTerms} HKU\S-1-5-21-3778980704-3545967183-931079211-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S HKU\S-1-5-21-3778980704-3545967183-931079211-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3778980704-3545967183-931079211-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S&q={searchTerms} SearchScopes: HKU\S-1-5-21-3778980704-3545967183-931079211-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S&q={searchTerms} BHO-x32: Brak nazwy -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> Brak pliku Toolbar: HKLM-x32 - Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Halina\AppData\Roaming\Mozilla\Firefox\Profiles\h48fcbie.default\extensions\default_newtabff@gmail.com FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Halina\AppData\Roaming\Mozilla\Firefox\Profiles\h48fcbie.default\extensions\yahooprotected@gmail.com StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-09] StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449833397&z=2ff8a7f138abb63b1fd056cgbz1zbt4b5cbcfc9bfe&from=ient07021&uid=TOSHIBAXMQ01ABD075_543FS0Y1SXX543FS0Y1S Task: {C7AA5242-396C-4F30-85A7-28045E9AE9D8} - System32\Tasks\PFExe => C:\Users\Halina\AppData\Local\PriceFountain\pricefountain.exe <==== UWAGA HKLM\...\Run: [] => [X] HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-3778980704-3545967183-931079211-1001\...\RunOnce: [Application Restart #2] => C:\Users\Halina\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cl (dane wartości zawierają 551 znaków więcej). R2 IhPul; C:\Users\Halina\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com) S2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [X] S2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe -s [X] S2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [X] <==== UWAGA DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\WarThunder DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v AvgUi /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v AVG_UI /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f CMD: netsh advfirewall reset RemoveDirectory: C:\Users\Halina\AppData\Roaming\TSv RemoveDirectory: C:\Users\Halina\AppData\Roaming\WarThunder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk C:\Users\Halina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk C:\Users\Halina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragons of Atlantis.lnk C:\Users\Halina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Edgeworld.lnk C:\Users\Halina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk C:\Users\Halina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Groupon.lnk C:\Users\Halina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk C:\Users\Halina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk C:\Windows\SysWOW64\pl.html C:\Windows\SysWOW64\pl8.exe EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dark Orbit.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjongg Dark Dimensions.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Warcraft.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Halina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Halina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Halina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Halina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Halina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-3778980704-3545967183-931079211-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-3778980704-3545967183-931079211-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => klucz pomyślnie usunięto HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono. HKU\S-1-5-21-3778980704-3545967183-931079211-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKU\S-1-5-21-3778980704-3545967183-931079211-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => klucz pomyślnie usunięto "HKCR\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Wartość pomyślnie usunięto HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => klucz nie znaleziono. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sp@avast.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\default_newtabff@gmail.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\yahooprotected@gmail.com => Wartość pomyślnie usunięto HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => klucz pomyślnie usunięto Nie można przenieść "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Zaplanowany do przeniesienia przy restarcie. HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7AA5242-396C-4F30-85A7-28045E9AE9D8}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7AA5242-396C-4F30-85A7-28045E9AE9D8}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\PFExe => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PFExe" => klucz pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Wartość pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Logitech Download Assistant => Wartość pomyślnie usunięto HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvgUi => Wartość pomyślnie usunięto HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wartość pomyślnie usunięto HKU\S-1-5-21-3778980704-3545967183-931079211-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #2 => Wartość pomyślnie usunięto IhPul => serwis pomyślnie usunięto IHProtect Service => serwis pomyślnie usunięto SSFK => serwis pomyślnie usunięto winzipersvc => serwis pomyślnie usunięto HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz pomyślnie usunięto HKCU\Software\dobreprogramy => klucz pomyślnie usunięto HKLM\SOFTWARE\WarThunder => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\yoursites123Software => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\Wow6432Node\yoursites123Software => klucz pomyślnie usunięto ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v AvgUi /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v AVG_UI /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= "C:\Users\Halina\AppData\Roaming\TSv" => pomyślnie usunięto. "C:\Users\Halina\AppData\Roaming\WarThunder" => pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk => pomyślnie przeniesiono C:\Users\Halina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk => pomyślnie przeniesiono C:\Users\Halina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragons of Atlantis.lnk => pomyślnie przeniesiono C:\Users\Halina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Edgeworld.lnk => pomyślnie przeniesiono C:\Users\Halina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk => pomyślnie przeniesiono C:\Users\Halina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Groupon.lnk => pomyślnie przeniesiono C:\Users\Halina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk => pomyślnie przeniesiono C:\Users\Halina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk => pomyślnie przeniesiono C:\Windows\SysWOW64\pl.html => pomyślnie przeniesiono C:\Windows\SysWOW64\pl8.exe => pomyślnie przeniesiono EmptyTemp: => 4 GB danych tymczasowych Usunięto. Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 2015-12-12 10:21:23) "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Nie można przenieść ==== Koniec Fixlog 10:21:24 ====