Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:05-12-2015 Uruchomiony przez Tomek (2015-12-08 20:18:11) Run:1 Uruchomiony z C:\logi Załadowane profile: Tomek (Dostępne profile: Tomek) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: Task: {0E3828EA-152C-4ACD-A7FA-CA7CFD2A534F} - System32\Tasks\{0AAD3B8A-F5DF-41D4-A69E-F1427884EB25} => C:\Users\Tomek\Desktop\win64_153339.exe Task: {1703091F-62F2-4063-BF35-BA5D47ED11CF} - \SlimDrivers Startup -> Brak pliku <==== UWAGA Task: {1D49AD35-0602-45D2-B3B1-0196535D0D31} - \{927B2167-321E-43BE-9B64-E98370AF8FF3} -> Brak pliku <==== UWAGA Task: {3277D67F-F931-4668-B2A2-53BE02E6BC36} - \{764093C1-D8A2-452D-843E-51CF24360D0D} -> Brak pliku <==== UWAGA Task: {34575119-75A0-48C0-9536-CE7BF497EC43} - System32\Tasks\{1093E491-AA2E-404F-94B7-582827678324} => pcalua.exe -a C:\Users\Tomek\Desktop\win64_153339.exe -d C:\Users\Tomek\Desktop Task: {46884AEE-9144-4877-9C25-C06820729EDD} - System32\Tasks\Djzdr => Rundll32.exe "C:\Windows\SysWOW64\cliconfgm.dll",YJHBQB Task: {51BEB673-5737-4ED2-A52B-D9ACE9EB2864} - System32\Tasks\{1F937443-1DC4-41F1-BBEE-56F8F983DFA1} => pcalua.exe -a C:\Users\Tomek\Desktop\win64_152822.exe -d C:\Users\Tomek\Desktop Task: {6D720F2A-C02C-4199-A4D0-A847BC1858BA} - \{D355D9B5-7488-4DB9-8762-DA87C97E0893} -> Brak pliku <==== UWAGA Task: {6FA66645-4A10-4DEC-92F8-2663A2E77E57} - System32\Tasks\{C1478EB5-A665-4627-AA92-CEF7EF37CEE8} => pcalua.exe -a C:\Users\Tomek\Desktop\jre-8u25-windows-i586_[www.programosy.pl].exe -d C:\Users\Tomek\Desktop Task: {7D3F5F77-142F-4FE6-955E-F8735AC8CCFC} - System32\Tasks\{F1E50616-7D24-4C4A-B1A6-EC47193349A2} => pcalua.exe -a C:\Users\Tomek\Desktop\win64_153335.exe -d C:\Users\Tomek\Desktop Task: {88123DCB-CBCB-4F14-8862-05CDD2CCACA8} - \{8EF14A94-5A54-41B0-B7AF-018B0E6A7BF3} -> Brak pliku <==== UWAGA Task: {898CEFFC-FDDD-4BDF-B268-C751E063A59C} - \AutoKMS -> Brak pliku <==== UWAGA Task: {91402DF4-EDA3-454C-8D8C-D011EF0C09A8} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe Task: {9E22F70B-A68E-4767-ABCD-C622C4DD8360} - System32\Tasks\{07A03552-C09F-498F-BB73-F448DBD7B7E6} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" Task: {C13BE581-4132-410E-A688-FECDFCF22113} - System32\Tasks\{8FD27FB1-3681-4A9E-A730-D64DBF7FEC9F} => pcalua.exe -a "D:\Gry\Emperor Battle for Dune\SETUP.EXE" -d "D:\Gry\Emperor Battle for Dune" Task: {DAB5F0AC-F420-4C1E-92EA-E25F4F13BD9E} - \SlimCleaner Plus (Scheduled Scan - Tomek) -> Brak pliku <==== UWAGA Task: {F6352E20-BF7A-4D7C-BC59-85806CC34F3C} - \{1A0BDA5F-8067-48C1-99DC-976BBB41BFF3} -> Brak pliku <==== UWAGA Task: C:\Windows\Tasks\Djzdr.job => C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\cliconfgm.dll S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-11-29] (SlimWare Utilities, Inc.) S4 AthBTPort; system32\DRIVERS\btath_flt.sys [X] S4 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X] S4 btath_avdt; system32\drivers\btath_avdt.sys [X] S4 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X] S4 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X] S4 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X] S4 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X] S4 BtFilter; system32\DRIVERS\btfilter.sys [X] BootExecute: autocheck autochk * sdnclean64.exe Winlogon\Notify\igfxcui: igfxdev.dll [X] HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1721066390-4275270589-3150467131-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => Brak pliku ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => Brak pliku ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => Brak pliku ShellIconOverlayIdentifiers: [4SyncOverlay4] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} => Brak pliku HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKU\S-1-5-21-1721066390-4275270589-3150467131-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFXT9KXN0BXTYKJNW06JNHJDVJWXFSVF7VBCVP4GF AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_SBXNV9VVGV1BFXT9KXN0BXTYKJNW06JNHJDVJWXFSVF7VBCVP4GF AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_SBXNV9VVGV1BFXT9KXN0BXTYKJNW06JNHJDVJWXFSVF7VBCVP4GF C:\Program Files (x86)\Temp C:\Program Files (x86)\Windows Live C:\ProgramData\limttbkj.pkw C:\ProgramData\Temp C:\ProgramData\Microsoft\Windows\GameExplorer\{27C10E34-B7C3-4217-9EC0-29D4EC3492AD} C:\ProgramData\Microsoft\Windows\GameExplorer\{8872E108-3018-4C3C-B954-8ADB358A86A6} C:\Users\Tomek\AppData\Local\*.html C:\Users\Tomek\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 C:\Users\Tomek\AppData\Roaming\1D959CA221C7573.sys C:\Users\Tomek\AppData\Roaming\regsvr32.exe_log.txt C:\Users\Tomek\AppData\Roaming\sp_data.sys C:\Windows\x÷Ż C:\Windows\System32\drivers\SWDUMon.sys C:\Windows\SysWOW64\cliconfgm.dll Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SDScannerService" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SDUpdateService" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\wlidsvc" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\wuauserv" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tsiVideo" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f CMD: sc config MpsSvc start= auto CMD: sc config WinDefend start= demand CMD: sc config wscsvc start= delayed-auto CMD: sc config wuauserv start= auto RemoveProxy: EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E3828EA-152C-4ACD-A7FA-CA7CFD2A534F}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E3828EA-152C-4ACD-A7FA-CA7CFD2A534F}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{0AAD3B8A-F5DF-41D4-A69E-F1427884EB25} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0AAD3B8A-F5DF-41D4-A69E-F1427884EB25}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1703091F-62F2-4063-BF35-BA5D47ED11CF}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1703091F-62F2-4063-BF35-BA5D47ED11CF}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimDrivers Startup" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D49AD35-0602-45D2-B3B1-0196535D0D31}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D49AD35-0602-45D2-B3B1-0196535D0D31}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{927B2167-321E-43BE-9B64-E98370AF8FF3}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3277D67F-F931-4668-B2A2-53BE02E6BC36}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3277D67F-F931-4668-B2A2-53BE02E6BC36}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{764093C1-D8A2-452D-843E-51CF24360D0D}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34575119-75A0-48C0-9536-CE7BF497EC43}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34575119-75A0-48C0-9536-CE7BF497EC43}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{1093E491-AA2E-404F-94B7-582827678324} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1093E491-AA2E-404F-94B7-582827678324}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{46884AEE-9144-4877-9C25-C06820729EDD}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46884AEE-9144-4877-9C25-C06820729EDD}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\Djzdr => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Djzdr" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51BEB673-5737-4ED2-A52B-D9ACE9EB2864}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51BEB673-5737-4ED2-A52B-D9ACE9EB2864}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{1F937443-1DC4-41F1-BBEE-56F8F983DFA1} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1F937443-1DC4-41F1-BBEE-56F8F983DFA1}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D720F2A-C02C-4199-A4D0-A847BC1858BA}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D720F2A-C02C-4199-A4D0-A847BC1858BA}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D355D9B5-7488-4DB9-8762-DA87C97E0893}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FA66645-4A10-4DEC-92F8-2663A2E77E57}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FA66645-4A10-4DEC-92F8-2663A2E77E57}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{C1478EB5-A665-4627-AA92-CEF7EF37CEE8} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C1478EB5-A665-4627-AA92-CEF7EF37CEE8}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D3F5F77-142F-4FE6-955E-F8735AC8CCFC}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D3F5F77-142F-4FE6-955E-F8735AC8CCFC}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{F1E50616-7D24-4C4A-B1A6-EC47193349A2} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F1E50616-7D24-4C4A-B1A6-EC47193349A2}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88123DCB-CBCB-4F14-8862-05CDD2CCACA8}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88123DCB-CBCB-4F14-8862-05CDD2CCACA8}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8EF14A94-5A54-41B0-B7AF-018B0E6A7BF3}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{898CEFFC-FDDD-4BDF-B268-C751E063A59C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{898CEFFC-FDDD-4BDF-B268-C751E063A59C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91402DF4-EDA3-454C-8D8C-D011EF0C09A8}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91402DF4-EDA3-454C-8D8C-D011EF0C09A8}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TabletPC\InputPersonalization" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E22F70B-A68E-4767-ABCD-C622C4DD8360}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E22F70B-A68E-4767-ABCD-C622C4DD8360}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{07A03552-C09F-498F-BB73-F448DBD7B7E6} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{07A03552-C09F-498F-BB73-F448DBD7B7E6}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C13BE581-4132-410E-A688-FECDFCF22113}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C13BE581-4132-410E-A688-FECDFCF22113}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{8FD27FB1-3681-4A9E-A730-D64DBF7FEC9F} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8FD27FB1-3681-4A9E-A730-D64DBF7FEC9F}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAB5F0AC-F420-4C1E-92EA-E25F4F13BD9E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAB5F0AC-F420-4C1E-92EA-E25F4F13BD9E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Plus (Scheduled Scan - Tomek)" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6352E20-BF7A-4D7C-BC59-85806CC34F3C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6352E20-BF7A-4D7C-BC59-85806CC34F3C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1A0BDA5F-8067-48C1-99DC-976BBB41BFF3}" => klucz pomyślnie usunięto C:\Windows\Tasks\Djzdr.job => pomyślnie przeniesiono SWDUMon => serwis pomyślnie usunięto AthBTPort => serwis pomyślnie usunięto BTATH_A2DP => serwis pomyślnie usunięto btath_avdt => serwis pomyślnie usunięto BTATH_BUS => serwis pomyślnie usunięto BTATH_HCRP => serwis pomyślnie usunięto BTATH_LWFLT => serwis pomyślnie usunięto BTATH_RCP => serwis pomyślnie usunięto BtFilter => serwis pomyślnie usunięto hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => Wartość pomyślnie przywrócono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => klucz pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Wartość pomyślnie usunięto HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Wartość pomyślnie usunięto HKU\S-1-5-21-1721066390-4275270589-3150467131-1001\Control Panel\Desktop\\SCRNSAVE.EXE => Wartość pomyślnie usunięto "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay1" => klucz pomyślnie usunięto HKCR\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => klucz nie znaleziono. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay2" => klucz pomyślnie usunięto HKCR\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E} => klucz nie znaleziono. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay3" => klucz pomyślnie usunięto HKCR\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => klucz nie znaleziono. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4SyncOverlay4" => klucz pomyślnie usunięto HKCR\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} => klucz nie znaleziono. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\smartwebprinting@hp.com => Wartość pomyślnie usunięto HKU\S-1-5-21-1721066390-4275270589-3150467131-1001\Software\Mozilla\Firefox\Extensions\\smartwebprinting@hp.com => Wartość pomyślnie usunięto C:\ProgramData => ":$SS_DESCRIPTOR_SBXNV9VVGV1BFXT9KXN0BXTYKJNW06JNHJDVJWXFSVF7VBCVP4GF" ADS pomyślnie usunięto. "C:\Users\All Users" => ":$SS_DESCRIPTOR_SBXNV9VVGV1BFXT9KXN0BXTYKJNW06JNHJDVJWXFSVF7VBCVP4GF" ADS nie znaleziono. "C:\ProgramData\Application Data" => ":$SS_DESCRIPTOR_SBXNV9VVGV1BFXT9KXN0BXTYKJNW06JNHJDVJWXFSVF7VBCVP4GF" ADS nie znaleziono. C:\Program Files (x86)\Temp => pomyślnie przeniesiono C:\Program Files (x86)\Windows Live => pomyślnie przeniesiono C:\ProgramData\limttbkj.pkw => pomyślnie przeniesiono C:\ProgramData\Temp => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\GameExplorer\{27C10E34-B7C3-4217-9EC0-29D4EC3492AD} => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\GameExplorer\{8872E108-3018-4C3C-B954-8ADB358A86A6} => pomyślnie przeniesiono =========== "C:\Users\Tomek\AppData\Local\*.html" ========== C:\Users\Tomek\AppData\Local\Tempdl3376.html => pomyślnie przeniesiono C:\Users\Tomek\AppData\Local\TempGR5116.html => pomyślnie przeniesiono C:\Users\Tomek\AppData\Local\TempLo5116.html => pomyślnie przeniesiono C:\Users\Tomek\AppData\Local\TempTG3376.html => pomyślnie przeniesiono ========= Koniec -> "C:\Users\Tomek\AppData\Local\*.html" ======== C:\Users\Tomek\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 => pomyślnie przeniesiono C:\Users\Tomek\AppData\Roaming\1D959CA221C7573.sys => pomyślnie przeniesiono C:\Users\Tomek\AppData\Roaming\regsvr32.exe_log.txt => pomyślnie przeniesiono C:\Users\Tomek\AppData\Roaming\sp_data.sys => pomyślnie przeniesiono C:\Windows\x÷Ż => pomyślnie przeniesiono C:\Windows\System32\drivers\SWDUMon.sys => pomyślnie przeniesiono C:\Windows\SysWOW64\cliconfgm.dll => pomyślnie przeniesiono ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SDScannerService" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SDUpdateService" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\wlidsvc" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\wuauserv" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tsiVideo" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= sc config MpsSvc start= auto ========= [SC] ChangeServiceConfig SUKCES ========= Koniec CMD: ========= ========= sc config WinDefend start= demand ========= [SC] ChangeServiceConfig SUKCES ========= Koniec CMD: ========= ========= sc config wscsvc start= delayed-auto ========= [SC] ChangeServiceConfig SUKCES ========= Koniec CMD: ========= ========= sc config wuauserv start= auto ========= [SC] ChangeServiceConfig SUKCES ========= Koniec CMD: ========= ========= RemoveProxy: ========= "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => klucz pomyślnie usunięto HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wartość pomyślnie usunięto HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wartość pomyślnie usunięto HKU\S-1-5-21-1721066390-4275270589-3150467131-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Wartość pomyślnie usunięto HKU\S-1-5-21-1721066390-4275270589-3150467131-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wartość pomyślnie usunięto HKU\S-1-5-21-1721066390-4275270589-3150467131-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wartość pomyślnie usunięto ========= Koniec RemoveProxy: ========= EmptyTemp: => 1.1 GB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 20:18:58 ====