Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:13-12-2015 Uruchomiony przez Dominika (2015-12-14 18:20:23) Run:1 Uruchomiony z C:\Users\Dominika\Desktop\Nowy folder Załadowane profile: Dominika (Dostępne profile: Dominika & Jakub) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: R2 IhPul; C:\Users\Dominika\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com) R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: ) R2 WdMan; C:\ProgramData\BWdMB\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-14] () R1 wfdrvr_vw_1_10_0_28; C:\Windows\System32\drivers\wfdrvr_vw_1_10_0_28.sys [57712 2015-10-30] (WF) U3 aspnet_state; Brak ImagePath GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ShortcutWithArgument: C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX <==== UWAGA ShortcutWithArgument: C:\Users\Dominika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX <==== UWAGA ShortcutWithArgument: C:\Users\Dominika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX <==== UWAGA ShortcutWithArgument: C:\Users\Dominika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX <==== UWAGA ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX <==== UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX&q={searchTerms} HKU\S-1-5-21-311275851-3967228346-481105067-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX HKU\S-1-5-21-311275851-3967228346-481105067-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX&q={searchTerms} SearchScopes: HKU\S-1-5-21-311275851-3967228346-481105067-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX&q={searchTerms} SearchScopes: HKU\S-1-5-21-311275851-3967228346-481105067-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX&q={searchTerms} BHO: Brak nazwy -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Brak pliku BHO-x32: Discovery App -> {ba32987d-db80-4ccb-a8bb-f812b5421c0f} -> C:\Program Files (x86)\Discovery App\Extensions\ba32987d-db80-4ccb-a8bb-f812b5421c0f.dll => Brak pliku StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1448904131&z=caa1fd377279ae24ff654cfg4zcz2b3t1e4z1geo7b&from=cornl&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX Edge HomeButtonPage: HKU\S-1-5-21-311275851-3967228346-481105067-1001 -> hxxp://www.yoursites123.com/?type=hp&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX CHR StartupUrls: Default -> "hxxp://www.google.pl/","hxxp://www.yoursites123.com/?type=hp&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX" StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1450107355&z=8ddcc4dd1a6ffdea73726c7gcz2w1e9g2e0m8c2wfo&from=wpm07173&uid=HGSTXHTS545050A7E680_RB250F1C00YUWK00YUWKX Task: {091E7DB0-6873-45F2-B708-07AA43B59698} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA Task: {0C7C3098-BB06-4D80-815A-0DCCB0D9A6D3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {0E4008DD-DFC0-445D-BFD6-95BED19E6361} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {13592E61-39CB-44FE-AF1E-936074AB30A3} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe <==== UWAGA Task: {313D44B9-3859-4BCB-BBD1-207881C84523} - System32\Tasks\{C17EA928-C302-4A78-80B1-48DEA0868AF8} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.13.0.101&LastError=12002 Task: {3CBB5F8F-A27F-4184-B008-EADA6D1AD019} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA Task: {50DFE3E1-95FB-40C6-853B-56D9D4C873C7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA Task: {7B231D4C-EAC6-45A7-85AC-9B58A3159017} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {825C4188-0751-43D8-860C-7DC7AB004B24} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {89C6F224-B13F-47CE-A7CB-C527F3AF7E33} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Core => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe <==== UWAGA Task: {8A9C5CA7-464F-4CA0-919D-080613E1A409} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA Task: {8DC2DC60-6C1F-4EAA-9D2D-C6197C2F1588} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo) Task: {E3798A21-B908-4ED5-9598-9BEEA36751B8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA Task: {EE2EE4AB-E57D-470D-86F8-AC746681FAEB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA Task: {EFD27718-48E3-40B6-9F39-FB01BF1C7AA9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v Steam /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "BlueStacks Agent" /f RemoveDirectory: C:\Program Files (x86)\Lenovo RemoveDirectory: C:\Program Files (x86)\SFK RemoveDirectory: C:\Program Files (x86)\WinZipper RemoveDirectory: C:\Program Files (x86)\WordFly_1.10.0.28 RemoveDirectory: C:\ProgramData\BWdMB RemoveDirectory: C:\ProgramData\BWMiniProB RemoveDirectory: C:\ProgramData\nWdMn RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper RemoveDirectory: C:\Users\Dominika\AppData\Local\Lenovo RemoveDirectory: C:\Users\Dominika\AppData\Roaming\TSv RemoveDirectory: C:\Users\Dominika\AppData\Roaming\WarThunder RemoveDirectory: C:\Users\Dominika\AppData\Roaming\WinZipper RemoveDirectory: C:\Users\Dominika\AppData\Roaming\yoursearching RemoveDirectory: C:\Users\Dominika\REACHit RemoveDirectory: C:\Windows\System32\Tasks\Lenovo C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\Dominika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk C:\Windows\system32\Drivers\EsgScanner.sys C:\Windows\System32\Drivers\wfdrvr_vw_1_10_0_28.sys C:\Windows\SysWOW64\data.bin C:\Windows\SysWOW64\pl.html CMD: netsh advfirewall reset EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. IhPul => serwis pomyślnie usunięto SSFK => serwis pomyślnie usunięto WdMan => serwis pomyślnie usunięto EsgScanner => serwis pomyślnie usunięto wfdrvr_vw_1_10_0_28 => Nie można zatrzymać usługi. wfdrvr_vw_1_10_0_28 => serwis pomyślnie usunięto aspnet_state => serwis pomyślnie usunięto C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono "HKLM\SOFTWARE\Policies\Google" => klucz pomyślnie usunięto C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Dominika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Dominika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Dominika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-311275851-3967228346-481105067-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-311275851-3967228346-481105067-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-311275851-3967228346-481105067-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKU\S-1-5-21-311275851-3967228346-481105067-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => klucz pomyślnie usunięto "HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba32987d-db80-4ccb-a8bb-f812b5421c0f} => klucz nie znaleziono. HKCR\Wow6432Node\CLSID\{ba32987d-db80-4ccb-a8bb-f812b5421c0f} => klucz nie znaleziono. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKU\S-1-5-21-311275851-3967228346-481105067-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => Wartość pomyślnie usunięto Chrome StartupUrls => pomyślnie usunięto HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{091E7DB0-6873-45F2-B708-07AA43B59698}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{091E7DB0-6873-45F2-B708-07AA43B59698}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C7C3098-BB06-4D80-815A-0DCCB0D9A6D3}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C7C3098-BB06-4D80-815A-0DCCB0D9A6D3}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E4008DD-DFC0-445D-BFD6-95BED19E6361}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E4008DD-DFC0-445D-BFD6-95BED19E6361}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13592E61-39CB-44FE-AF1E-936074AB30A3}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13592E61-39CB-44FE-AF1E-936074AB30A3}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordFly Auto Updater 1.10.0.28 Pending Update" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{313D44B9-3859-4BCB-BBD1-207881C84523}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{313D44B9-3859-4BCB-BBD1-207881C84523}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\{C17EA928-C302-4A78-80B1-48DEA0868AF8} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C17EA928-C302-4A78-80B1-48DEA0868AF8}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CBB5F8F-A27F-4184-B008-EADA6D1AD019}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CBB5F8F-A27F-4184-B008-EADA6D1AD019}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50DFE3E1-95FB-40C6-853B-56D9D4C873C7}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50DFE3E1-95FB-40C6-853B-56D9D4C873C7}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B231D4C-EAC6-45A7-85AC-9B58A3159017}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B231D4C-EAC6-45A7-85AC-9B58A3159017}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{825C4188-0751-43D8-860C-7DC7AB004B24}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{825C4188-0751-43D8-860C-7DC7AB004B24}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{89C6F224-B13F-47CE-A7CB-C527F3AF7E33}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89C6F224-B13F-47CE-A7CB-C527F3AF7E33}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\WordFly Auto Updater 1.10.0.28 Core => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordFly Auto Updater 1.10.0.28 Core" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A9C5CA7-464F-4CA0-919D-080613E1A409}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A9C5CA7-464F-4CA0-919D-080613E1A409}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DC2DC60-6C1F-4EAA-9D2D-C6197C2F1588}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DC2DC60-6C1F-4EAA-9D2D-C6197C2F1588}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3798A21-B908-4ED5-9598-9BEEA36751B8}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3798A21-B908-4ED5-9598-9BEEA36751B8}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE2EE4AB-E57D-470D-86F8-AC746681FAEB}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE2EE4AB-E57D-470D-86F8-AC746681FAEB}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFD27718-48E3-40B6-9F39-FB01BF1C7AA9}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFD27718-48E3-40B6-9F39-FB01BF1C7AA9}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => klucz pomyślnie usunięto HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz pomyślnie usunięto HKCU\Software\dobreprogramy => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo => klucz pomyślnie usunięto HKLM\SOFTWARE\Mozilla => klucz nie znaleziono. HKLM\SOFTWARE\MozillaPlugins => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Mozilla => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\Wow6432Node\Mozilla => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\yoursites123Software => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\Wow6432Node\yoursites123Software => klucz pomyślnie usunięto HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main => klucz pomyślnie usunięto HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main => klucz pomyślnie usunięto HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main => klucz pomyślnie usunięto ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v Steam /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "BlueStacks Agent" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= "C:\Program Files (x86)\Lenovo" => pomyślnie usunięto. niepowodzenie przy usuwaniu "C:\Program Files (x86)\SFK\SSFK.exe" => Zaplanowany do usunięcia przy restarcie. niepowodzenie przy usuwaniu "C:\Program Files (x86)\SFK" => Zaplanowany do usunięcia przy restarcie. "C:\Program Files (x86)\WinZipper" => pomyślnie usunięto. "C:\Program Files (x86)\WordFly_1.10.0.28" => nie znaleziono. "C:\ProgramData\BWdMB" => pomyślnie usunięto. "C:\ProgramData\BWMiniProB" => pomyślnie usunięto. "C:\ProgramData\nWdMn" => pomyślnie usunięto. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper" => pomyślnie usunięto. "C:\Users\Dominika\AppData\Local\Lenovo" => pomyślnie usunięto. "C:\Users\Dominika\AppData\Roaming\TSv" => pomyślnie usunięto. "C:\Users\Dominika\AppData\Roaming\WarThunder" => pomyślnie usunięto. "C:\Users\Dominika\AppData\Roaming\WinZipper" => pomyślnie usunięto. "C:\Users\Dominika\AppData\Roaming\yoursearching" => pomyślnie usunięto. "C:\Users\Dominika\REACHit" => pomyślnie usunięto. "C:\Windows\System32\Tasks\Lenovo" => pomyślnie usunięto. C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => pomyślnie przeniesiono C:\Users\Dominika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk => pomyślnie przeniesiono C:\Users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk => pomyślnie przeniesiono C:\Windows\system32\Drivers\EsgScanner.sys => pomyślnie przeniesiono C:\Windows\System32\Drivers\wfdrvr_vw_1_10_0_28.sys => pomyślnie przeniesiono C:\Windows\SysWOW64\data.bin => pomyślnie przeniesiono C:\Windows\SysWOW64\pl.html => pomyślnie przeniesiono ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= EmptyTemp: => 727.9 MB danych tymczasowych Usunięto. Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 2015-12-14 18:41:57) C:\Program Files (x86)\SFK\SSFK.exe => pomyślnie usunięto C:\Program Files (x86)\SFK => pomyślnie usunięto ==== Koniec Fixlog 18:41:57 ====