Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:12-12-2015 01 Uruchomiony przez Artur (2015-12-13 13:05:03) Run:1 Uruchomiony z C:\Users\Artur\Downloads Załadowane profile: UpdatusUser & Artur (Dostępne profile: UpdatusUser & Artur) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: R2 WdMan; C:\ProgramData\pWdMp\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] S2 IhPul; C:\Users\Artur\AppData\Roaming\TSv\TSvr.exe [X] U0 avc3; Brak ImagePath HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\...\Run: [BingSvc] => C:\Users\Artur\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) ShortcutWithArgument: C:\Users\Artur\Desktop\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 <==== UWAGA ShortcutWithArgument: C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 <==== UWAGA ShortcutWithArgument: C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Ad.Block Plus.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 <==== UWAGA ShortcutWithArgument: C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 <==== UWAGA ShortcutWithArgument: C:\Users\Artur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 <==== UWAGA ShortcutWithArgument: C:\Users\Artur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 <==== UWAGA ShortcutWithArgument: C:\Users\Artur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 <==== UWAGA ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 <==== UWAGA ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 <==== UWAGA Edge HomeButtonPage: HKU\S-1-5-21-1525185845-3506830205-1325651090-1002 -> hxxp://www.yoursites123.com/?type=hp&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812&q={searchTerms} SearchScopes: HKU\S-1-5-21-1525185845-3506830205-1325651090-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812&q={searchTerms} SearchScopes: HKU\S-1-5-21-1525185845-3506830205-1325651090-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812&q={searchTerms} SearchScopes: HKU\S-1-5-21-1525185845-3506830205-1325651090-1002 -> {C8BC5C67-50D5-455C-9A18-7389BC1530BF} URL = hxxps://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms} SearchScopes: HKU\S-1-5-21-1525185845-3506830205-1325651090-1002 -> {F7F335BC-323F-41BB-9F2F-E58813898A19} URL = StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1447162945&z=21f49c60f992770d87c436bg4zfzcm0g2q4o9q6w8z&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 FF Plugin HKU\S-1-5-21-1525185845-3506830205-1325651090-1002: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\Artur\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-09-24] (Innovative Digital Technologies) FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\g2061wnk.default\extensions\defsearchp@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\g2061wnk.default\extensions\deskCutv2@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\g2061wnk.default\extensions\default_newtabff@gmail.com FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\g2061wnk.default\extensions\yahooprotected@gmail.com FF HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\...\Firefox\Extensions: [acewebextension@acestream.org] - C:\Users\Artur\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 CHR HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 Task: {06B43CF2-C825-4002-A939-456AE172F11B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {0D94FBDB-79AB-4D9F-93DB-EFD452FA24A2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA Task: {1A18EF33-8129-4287-8DCB-14116DB60F7C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe Task: {2B72ACDA-DE71-472D-9C57-BB0370B24281} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA Task: {31E2641C-A476-4411-9802-50ACCD51F838} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA Task: {339F9EA0-C7F6-4099-8745-B8D5EA8C1CB9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo) Task: {47D4E24B-5569-46EE-B321-5C7188A7264F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {60513713-09A5-4DD5-9A6C-82D04856B092} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA Task: {6D90ABCC-48A5-4A59-A4C2-26C22D3D1479} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe Task: {7151D214-8775-426F-8BF3-5703F9D41297} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA Task: {8A5317E8-42B7-4D9C-9AAE-E621E12EE6CE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {A711A505-8F49-4B23-A505-554F70D76FDD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {ACA3DAAE-EC65-4B5F-8D2E-F476D2EF7A1C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA Task: {B0B513C4-F250-4EE9-A082-130510417571} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {B87AA305-76D3-4A67-92CB-8C0C7D0C2038} - System32\Tasks\Microsoft Office 15 Sync Maintenance for IDEA-PC-Artur idea-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe Task: {D662445C-BDB9-4F6C-96B9-3AC540494ED5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {F0917E5B-6D47-41EA-84C9-3CBE35ADD595} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f RemoveDirectory: C:\Program Files (x86)\Picexa RemoveDirectory: C:\ProgramData\5WdM5 RemoveDirectory: C:\ProgramData\5WMiniPro5 RemoveDirectory: C:\ProgramData\pWdMp RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa RemoveDirectory: C:\Users\Artur\AppData\Local\Microsoft\BingSvc RemoveDirectory: C:\Users\Artur\AppData\Roaming\Picexa Viewer RemoveDirectory: C:\Users\Artur\AppData\Roaming\TSv C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\Artur\AppData\Local\69ff07055291669bb2b218.72821112 C:\Users\Artur\AppData\Local\70149b02515b3bb20dd492.47983420 C:\WINDOWS\SysWOW64\data.bin CMD: netsh advfirewall reset EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. WdMan => serwis pomyślnie usunięto IhPul => serwis pomyślnie usunięto avc3 => serwis pomyślnie usunięto HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => Wartość pomyślnie usunięto C:\Users\Artur\Desktop\Program uruchamiający aplikacje Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Ad.Block Plus.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Artur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Artur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Artur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => Wartość pomyślnie usunięto HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. "HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C8BC5C67-50D5-455C-9A18-7389BC1530BF}" => klucz pomyślnie usunięto HKCR\CLSID\{C8BC5C67-50D5-455C-9A18-7389BC1530BF} => klucz nie znaleziono. "HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F7F335BC-323F-41BB-9F2F-E58813898A19}" => klucz pomyślnie usunięto HKCR\CLSID\{F7F335BC-323F-41BB-9F2F-E58813898A19} => klucz nie znaleziono. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.0.12 => klucz nie znaleziono. C:\Users\Artur\AppData\Roaming\ACEStream\player\npace_plugin.dll => nie znaleziono. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\defsearchp@gmail.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\default_newtabff@gmail.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\yahooprotected@gmail.com => Wartość pomyślnie usunięto HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\Software\Mozilla\Firefox\Extensions\\acewebextension@acestream.org => Wartość pomyślnie usunięto HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono "HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => klucz pomyślnie usunięto "HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo" => klucz pomyślnie usunięto HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06B43CF2-C825-4002-A939-456AE172F11B}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06B43CF2-C825-4002-A939-456AE172F11B}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office 15 Subscription Heartbeat" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0D94FBDB-79AB-4D9F-93DB-EFD452FA24A2}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D94FBDB-79AB-4D9F-93DB-EFD452FA24A2}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A18EF33-8129-4287-8DCB-14116DB60F7C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A18EF33-8129-4287-8DCB-14116DB60F7C}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B72ACDA-DE71-472D-9C57-BB0370B24281}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B72ACDA-DE71-472D-9C57-BB0370B24281}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31E2641C-A476-4411-9802-50ACCD51F838}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31E2641C-A476-4411-9802-50ACCD51F838}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{339F9EA0-C7F6-4099-8745-B8D5EA8C1CB9}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{339F9EA0-C7F6-4099-8745-B8D5EA8C1CB9}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64 35" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47D4E24B-5569-46EE-B321-5C7188A7264F}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47D4E24B-5569-46EE-B321-5C7188A7264F}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60513713-09A5-4DD5-9A6C-82D04856B092}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60513713-09A5-4DD5-9A6C-82D04856B092}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D90ABCC-48A5-4A59-A4C2-26C22D3D1479}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D90ABCC-48A5-4A59-A4C2-26C22D3D1479}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7151D214-8775-426F-8BF3-5703F9D41297}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7151D214-8775-426F-8BF3-5703F9D41297}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A5317E8-42B7-4D9C-9AAE-E621E12EE6CE}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A5317E8-42B7-4D9C-9AAE-E621E12EE6CE}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A711A505-8F49-4B23-A505-554F70D76FDD}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A711A505-8F49-4B23-A505-554F70D76FDD}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACA3DAAE-EC65-4B5F-8D2E-F476D2EF7A1C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACA3DAAE-EC65-4B5F-8D2E-F476D2EF7A1C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0B513C4-F250-4EE9-A082-130510417571}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0B513C4-F250-4EE9-A082-130510417571}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B87AA305-76D3-4A67-92CB-8C0C7D0C2038} => klucz nie znaleziono. C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for IDEA-PC-Artur idea-PC => nie znaleziono. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft Office 15 Sync Maintenance for IDEA-PC-Artur idea-PC" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D662445C-BDB9-4F6C-96B9-3AC540494ED5}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D662445C-BDB9-4F6C-96B9-3AC540494ED5}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0917E5B-6D47-41EA-84C9-3CBE35ADD595}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0917E5B-6D47-41EA-84C9-3CBE35ADD595}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => klucz pomyślnie usunięto HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz pomyślnie usunięto HKCU\Software\dobreprogramy => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\yoursites123Software => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\Wow6432Node\yoursites123Software => klucz pomyślnie usunięto ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= "C:\Program Files (x86)\Picexa" => pomyślnie usunięto. "C:\ProgramData\5WdM5" => pomyślnie usunięto. "C:\ProgramData\5WMiniPro5" => pomyślnie usunięto. "C:\ProgramData\pWdMp" => pomyślnie usunięto. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa" => pomyślnie usunięto. "C:\Users\Artur\AppData\Local\Microsoft\BingSvc" => pomyślnie usunięto. "C:\Users\Artur\AppData\Roaming\Picexa Viewer" => pomyślnie usunięto. "C:\Users\Artur\AppData\Roaming\TSv" => pomyślnie usunięto. C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => pomyślnie przeniesiono C:\Users\Artur\AppData\Local\69ff07055291669bb2b218.72821112 => pomyślnie przeniesiono C:\Users\Artur\AppData\Local\70149b02515b3bb20dd492.47983420 => pomyślnie przeniesiono C:\WINDOWS\SysWOW64\data.bin => pomyślnie przeniesiono ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= EmptyTemp: => 7 GB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 13:10:30 ====