Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:18-04-2016 Uruchomiony przez Natalka (2016-04-25 21:00:50) Run:1 Uruchomiony z C:\Users\Natalka\Downloads Załadowane profile: Natalka (Dostępne profile: Natalka) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: AppInit_DLLs: C:\ProgramData\dlohn\Zummatam.dll => C:\ProgramData\dlohn\Zummatam.dll [363520 2016-03-08] () AppInit_DLLs-x32: C:\ProgramData\dlohn\Vilatone.dll => C:\ProgramData\dlohn\Vilatone.dll [257536 2016-03-08] () R2 amdidx; C:\Program Files\amdidx\amdidx.exe [383488 2016-01-17] () [Brak podpisu cyfrowego] R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-10-22] () R2 DCHP; C:\ProgramData\\DCHP\\DCHP.exe [400384 2016-04-12] () [Brak podpisu cyfrowego] S2 DeskTop_F; C:\ProgramData\desktopfind\desktop254.exe [236728 2016-03-16] (DeskTopService) R2 dlohn; C:\ProgramData\\dlohn\\dlohn.exe [539136 2016-01-20] () [Brak podpisu cyfrowego] R2 IhPul; C:\Users\Natalka\AppData\Roaming\TSv\TSvr.exe [116368 2016-03-11] (tsvr.com) S2 serfe; C:\ProgramData\\serfe\\serfe.exe -f "C:\ProgramData\\serfe\\serfe.dat" -l -a S2 yakdo; C:\ProgramData\\yakdo\\yakdo.exe -f "C:\ProgramData\\yakdo\\yakdo.dat" -l -a S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-04-08] (McAfee, Inc.) R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-10-22] (YTDownloader) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" Task: {01489A37-BFBB-4BFE-BBB0-B074A014CD2E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo) Task: {1DB97C7E-7609-4EEF-8DD2-0A03370FAFB3} - System32\Tasks\psv_Greentax => /c regedit.exe /s "C:\ProgramData\dlohn\Jobdax.reg" & del "C:\ProgramData\dlohn\Jobdax.reg" & SCHTASKS /Delete /TN "psv_Greentax" /F <==== UWAGA Task: {1DD30DAA-6E92-4595-BBDF-F93629C5096D} - System32\Tasks\psv_Joytam => /c regedit.exe /s "C:\ProgramData\serfe\Saltcore.reg" & del "C:\ProgramData\serfe\Saltcore.reg" & SCHTASKS /Delete /TN "psv_Joytam" /F <==== UWAGA Task: {385EBCAA-73BA-435F-9AD9-EC7BFAAB899E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo) Task: {3A8A3034-887F-4269-BA4B-45ABDAF99626} - System32\Tasks\psv_Latsankix => /c regedit.exe /s "C:\ProgramData\dlohn\Unophase.reg" & del "C:\ProgramData\dlohn\Unophase.reg" & SCHTASKS /Delete /TN "psv_Latsankix" /F <==== UWAGA Task: {5C74706C-9F46-47A7-A049-4E26D091CE80} - System32\Tasks\psv_Zoomcore => /c regedit.exe /s "C:\ProgramData\serfe\Touch-Lax.reg" & del "C:\ProgramData\serfe\Touch-Lax.reg" & SCHTASKS /Delete /TN "psv_Zoomcore" /F <==== UWAGA Task: {770B41A8-5537-4E91-9B02-B0D2FFA59ACA} - System32\Tasks\Call Form => Rundll32.exe "C:\Users\Natalka\AppData\Local\Call Form\{B49D99C5-345C-2EBB-7681-69580AE8BE65}\CallForm.dll",#1 <==== UWAGA Task: {7D5DC876-066E-44C9-A5C5-2B3BB0B98AD4} - System32\Tasks\SweetLabs App Platform => C:\Users\Natalka\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-04-14] (Pokki) Task: {8CA7A5FB-4F4B-4201-B3E8-B5C43B1325D8} - System32\Tasks\psv_DoubleQuostrong => /c regedit.exe /s "C:\ProgramData\dlohn\Trustsoft.reg" & del "C:\ProgramData\dlohn\Trustsoft.reg" & SCHTASKS /Delete /TN "psv_DoubleQuostrong" /F <==== UWAGA Task: {9A1B9764-4DDF-4DC2-A3E7-BDE7A3BD58FC} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-10-22] (YTDownloader) <==== UWAGA Task: {ABA3F571-725E-4F1F-B976-C1ECB6AC639D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo) Task: {D11F1C0C-AB7D-47B0-BBA0-D284CE5B98FF} - System32\Tasks\psv_Latlab => /c regedit.exe /s "C:\ProgramData\dlohn\StockRemcore.reg" & del "C:\ProgramData\dlohn\StockRemcore.reg" & SCHTASKS /Delete /TN "psv_Latlab" /F <==== UWAGA Task: {D58D529E-D8C7-4EB1-92A9-AA001240205A} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2015-10-22] (Goobzo) <==== UWAGA Task: {D9E1BD74-F7CE-4BD5-9768-CE1B00BBE486} - System32\Tasks\Call Form2 => Rundll32.exe "C:\Users\Natalka\AppData\Local\Call Form\{B49D99C5-345C-2EBB-7681-69580AE8BE65}\mqku.dll",#1 <==== UWAGA HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1991600 2015-10-22] (YTDownloader) HKLM-x32\...\Run: [ospd_us_013010209] => [X] HKU\S-1-5-21-899261099-702920328-1542426104-1001\...\Run: [BingSvc] => C:\Users\Natalka\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) HKU\S-1-5-21-899261099-702920328-1542426104-1001\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe /repair HKU\S-1-5-21-899261099-702920328-1542426104-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1991600 2015-10-22] (YTDownloader) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=d305cef8-9813-4ffe-aa46-d46d44c55f64 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games\Mafia II\Mafia II Launcher.lnk -> C:\Program Files (x86)\2K Games\Mafia II\launcher.exe () -> hxxp://www.yoursites123.com/?type=sc&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793 ShortcutWithArgument: C:\Users\Natalka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\Natalka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=d305cef8-9813-4ffe-aa46-d46d44c55f64 ShortcutWithArgument: C:\Users\Natalka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\Natalka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=d305cef8-9813-4ffe-aa46-d46d44c55f64 ShortcutWithArgument: C:\Users\Natalka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=d305cef8-9813-4ffe-aa46-d46d44c55f64 ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.so-v.com/?type=ll&uid=d305cef8-9813-4ffe-aa46-d46d44c55f64 GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pl-pl CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793" CHR DefaultSearchURL: Default -> hxxp://yoursites123.com/web?type=ds&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793&q={searchTerms} CHR DefaultSearchKeyword: Default -> yoursites123 CHR HKU\S-1-5-21-899261099-702920328-1542426104-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.so-v.com/?type=ll&uid=d305cef8-9813-4ffe-aa46-d46d44c55f64 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793&q={searchTerms} HKU\S-1-5-21-899261099-702920328-1542426104-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwYfCVilIom6TjFGT4Zw2PvAmhI_FkkTtQUPoIiAk_c3UMbISXGRU2pz25LccRABn-hi39JA5G81Wq2LtE-ld-UJpsDUh4qIFCVvdorm-Cbx6KU02_x8KnCSwo8cNymtOn6qWJLsHnXer1pe6m_bFc7Vo-_o,&q={searchTerms} HKU\S-1-5-21-899261099-702920328-1542426104-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwYfCVilIom6TjFGT4Zw2PvAmhI_FkkTtQUPoIiAk_c3UMbISXGRU2pz25LccRABn-hTIpkbapHKXA1ReyT1rF9daKqRPhK-t38_XnZOpkzTQbAVOE3Hcl-74lUuq_DbE6oDz_KwO2NLAAl21J3SBpDCVU-M, HKU\S-1-5-21-899261099-702920328-1542426104-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793 HKU\S-1-5-21-899261099-702920328-1542426104-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwYfCVilIom6TjFGT4Zw2PvAmhI_FkkTtQUPoIiAk_c3UMbISXGRU2pz25LccRABn-hi39JA5G81Wq2LtE-ld-UJpsDUh4qIFCVvdorm-Cbx6KU02_x8KnCSwo8cNymtOn6qWJLsHnXer1pe6m_bFc7Vo-_o,&q={searchTerms} HKU\S-1-5-21-899261099-702920328-1542426104-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwYfCVilIom6TjFGT4Zw2PvAmhI_FkkTtQUPoIiAk_c3UMbISXGRU2pz25LccRABn-hi39JA5G81Wq2LtE-ld-UJpsDUh4qIFCVvdorm-Cbx6KU02_x8KnCSwo8cNymtOn6qWJLsHnXer1pe6m_bFc7Vo-_o,&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwYfCVilIom6TjFGT4Zw2PvAmhI_FkkTtQUPoIiAk_c3UMbISXGRU2pz25LccRABn-hi39JA5G81Wq2LtE-ld-UJpsDUh4qIFCVvdorm-Cbx6KU02_x8KnCSwo8cNymtOn6qWJLsHnXer1pe6m_bFc7Vo-_o,&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793&q={searchTerms} SearchScopes: HKU\S-1-5-21-899261099-702920328-1542426104-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwYfCVilIom6TjFGT4Zw2PvAmhI_FkkTtQUPoIiAk_c3UMbISXGRU2pz25LccRABn-hi39JA5G81Wq2LtE-ld-UJpsDUh4qIFCVvdorm-Cbx6KU02_x8KnCSwo8cNymtOn6qWJLsHnXer1pe6m_bFc7Vo-_o,&q={searchTerms} SearchScopes: HKU\S-1-5-21-899261099-702920328-1542426104-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457978503&z=20553ac8a6e6d9fb5250c3dg7z3wdm0t1m6b8w0g2o&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793&q={searchTerms} SearchScopes: HKU\S-1-5-21-899261099-702920328-1542426104-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwYfCVilIom6TjFGT4Zw2PvAmhI_FkkTtQUPoIiAk_c3UMbISXGRU2pz25LccRABn-hi39JA5G81Wq2LtE-ld-UJpsDUh4qIFCVvdorm-Cbx6KU02_x8KnCSwo8cNymtOn6qWJLsHnXer1pe6m_bFc7Vo-_o,&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1453028594&z=1bfa05b5bf8c639e4309b23gcz8w7c0ebo6baw2t5q&from=face&uid=ST1000LM024XHN-M101MBB_S30YJ9EG208793 DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v MyDriveConnect.exe /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v BingSvc /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v VideoDownloaderUltimate /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v YTDownloader /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v CLMLServer_For_P2G8 /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v CLVirtualDrive /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v YTDownloader /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f C:\Program Files\amdidx C:\Program Files (x86)\GUMB43A.tmp C:\Program Files (x86)\SFK C:\Program Files (x86)\YTDownloader C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\ProgramData\settings.cfg C:\ProgramData\DCHP C:\ProgramData\desktopfind C:\ProgramData\dlohn C:\ProgramData\Pokki C:\ProgramData\serfe C:\ProgramData\yakdos C:\ProgramData\yakdo C:\Users\Natalka\AppData\Local\U-street.dat C:\Users\Natalka\AppData\Local\U-street.exe.config C:\Users\Natalka\AppData\Local\Call Form C:\Users\Natalka\AppData\Local\SweetLabs App Platform C:\Users\Natalka\AppData\Local\Microsoft\BingSvc C:\Users\Natalka\AppData\Roaming\TSv C:\Users\Natalka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk C:\Users\Natalka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk C:\Users\Natalka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk C:\Users\Natalka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage C:\Users\Natalka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader C:\Users\Natalka\Desktop\YTDownloader.lnk C:\Users\Natalka\Desktop\Nowy folder\Nowy folder\Kholat.lnk C:\Users\Natalka\Desktop\Nowy folder\Nowy folder\Need For Speed Most Wanted.lnk C:\Users\Natalka\Desktop\x\Freenet.lnk C:\Users\Natalka\Desktop\x\Start Tor Browser.lnk C:\Windows\System32\drivers\mfeelamk.sys C:\Windows\SysWOW64\findit.xml CMD: ipconfig /flushdns CMD: netsh advfirewall reset Hosts: EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. "C:\ProgramData\dlohn\Zummatam.dll" => Dane wartości nie znaleziono. "C:\ProgramData\dlohn\Vilatone.dll" => Dane wartości nie znaleziono. amdidx => Nie można zatrzymać usługi. amdidx => serwis pomyślnie usunięto BrsHelper => serwis nie znaleziono. DCHP => serwis pomyślnie usunięto DeskTop_F => serwis pomyślnie usunięto dlohn => serwis pomyślnie usunięto IhPul => serwis pomyślnie usunięto serfe => serwis pomyślnie usunięto yakdo => serwis pomyślnie usunięto mfeelamk => serwis pomyślnie usunięto sbmntr => serwis nie znaleziono. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => klucz pomyślnie usunięto "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01489A37-BFBB-4BFE-BBB0-B074A014CD2E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01489A37-BFBB-4BFE-BBB0-B074A014CD2E}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DB97C7E-7609-4EEF-8DD2-0A03370FAFB3}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DB97C7E-7609-4EEF-8DD2-0A03370FAFB3}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\psv_Greentax => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Greentax" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DD30DAA-6E92-4595-BBDF-F93629C5096D}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DD30DAA-6E92-4595-BBDF-F93629C5096D}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\psv_Joytam => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Joytam" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{385EBCAA-73BA-435F-9AD9-EC7BFAAB899E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{385EBCAA-73BA-435F-9AD9-EC7BFAAB899E}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A8A3034-887F-4269-BA4B-45ABDAF99626}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A8A3034-887F-4269-BA4B-45ABDAF99626}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\psv_Latsankix => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Latsankix" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C74706C-9F46-47A7-A049-4E26D091CE80}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C74706C-9F46-47A7-A049-4E26D091CE80}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\psv_Zoomcore => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Zoomcore" => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{770B41A8-5537-4E91-9B02-B0D2FFA59ACA} => klucz nie znaleziono. C:\WINDOWS\System32\Tasks\Call Form => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Call Form => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D5DC876-066E-44C9-A5C5-2B3BB0B98AD4} => klucz nie znaleziono. C:\WINDOWS\System32\Tasks\SweetLabs App Platform => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform => klucz nie znaleziono. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CA7A5FB-4F4B-4201-B3E8-B5C43B1325D8}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CA7A5FB-4F4B-4201-B3E8-B5C43B1325D8}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\psv_DoubleQuostrong => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_DoubleQuostrong" => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A1B9764-4DDF-4DC2-A3E7-BDE7A3BD58FC} => klucz nie znaleziono. C:\WINDOWS\System32\Tasks\YTDownloader => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader => klucz nie znaleziono. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABA3F571-725E-4F1F-B976-C1ECB6AC639D}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABA3F571-725E-4F1F-B976-C1ECB6AC639D}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64 35" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D11F1C0C-AB7D-47B0-BBA0-D284CE5B98FF}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D11F1C0C-AB7D-47B0-BBA0-D284CE5B98FF}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\psv_Latlab => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Latlab" => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D58D529E-D8C7-4EB1-92A9-AA001240205A} => klucz nie znaleziono. C:\WINDOWS\System32\Tasks\YTDownloaderUpd => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9E1BD74-F7CE-4BD5-9768-CE1B00BBE486} => klucz nie znaleziono. C:\WINDOWS\System32\Tasks\Call Form2 => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Call Form2 => klucz nie znaleziono. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => Wartość pomyślnie usunięto HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_013010209 => Wartość pomyślnie usunięto HKU\S-1-5-21-899261099-702920328-1542426104-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => Wartość pomyślnie usunięto HKU\S-1-5-21-899261099-702920328-1542426104-1001\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloaderUltimate => Wartość pomyślnie usunięto HKU\S-1-5-21-899261099-702920328-1542426104-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => Wartość pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games\Mafia II\Mafia II Launcher.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Natalka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Natalka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Natalka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Natalka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Natalka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Opera.lnk => Skrót - argument pomyślnie usunięto. C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono Chrome HomePage => pomyślnie usunięto Chrome StartupUrls => pomyślnie usunięto Chrome DefaultSearchURL => pomyślnie usunięto Chrome DefaultSearchKeyword => pomyślnie usunięto "HKU\S-1-5-21-899261099-702920328-1542426104-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip" => klucz pomyślnie usunięto HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-899261099-702920328-1542426104-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-899261099-702920328-1542426104-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-899261099-702920328-1542426104-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-899261099-702920328-1542426104-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => Wartość pomyślnie usunięto HKU\S-1-5-21-899261099-702920328-1542426104-1001\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => Wartość pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => klucz pomyślnie usunięto HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\ielnksrch => klucz nie znaleziono. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-899261099-702920328-1542426104-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKU\S-1-5-21-899261099-702920328-1542426104-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. "HKU\S-1-5-21-899261099-702920328-1542426104-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => klucz pomyślnie usunięto HKCR\CLSID\{ielnksrch} => klucz nie znaleziono. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz nie znaleziono. HKCU\Software\dobreprogramy => klucz nie znaleziono. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => klucz pomyślnie usunięto HKCU\Software\MozillaPlugins => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKCU\Software\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\MozillaPlugins => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\yoursites123Software => klucz nie znaleziono. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v MyDriveConnect.exe /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v BingSvc /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v VideoDownloaderUltimate /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v YTDownloader /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v CLMLServer_For_P2G8 /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v CLVirtualDrive /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v YTDownloader /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= C:\Program Files\amdidx => pomyślnie przeniesiono C:\Program Files (x86)\GUMB43A.tmp => pomyślnie przeniesiono C:\Program Files (x86)\SFK => pomyślnie przeniesiono C:\Program Files (x86)\YTDownloader => pomyślnie przeniesiono C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => pomyślnie przeniesiono C:\ProgramData\settings.cfg => pomyślnie przeniesiono C:\ProgramData\DCHP => pomyślnie przeniesiono C:\ProgramData\desktopfind => pomyślnie przeniesiono C:\ProgramData\dlohn => pomyślnie przeniesiono "C:\ProgramData\Pokki" => nie znaleziono. C:\ProgramData\serfe => pomyślnie przeniesiono C:\ProgramData\yakdos => pomyślnie przeniesiono C:\ProgramData\yakdo => pomyślnie przeniesiono C:\Users\Natalka\AppData\Local\U-street.dat => pomyślnie przeniesiono C:\Users\Natalka\AppData\Local\U-street.exe.config => pomyślnie przeniesiono C:\Users\Natalka\AppData\Local\Call Form => pomyślnie przeniesiono "C:\Users\Natalka\AppData\Local\SweetLabs App Platform" => nie znaleziono. C:\Users\Natalka\AppData\Local\Microsoft\BingSvc => pomyślnie przeniesiono C:\Users\Natalka\AppData\Roaming\TSv => pomyślnie przeniesiono "C:\Users\Natalka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk" => nie znaleziono. "C:\Users\Natalka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk" => nie znaleziono. C:\Users\Natalka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk => pomyślnie przeniesiono C:\Users\Natalka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage => pomyślnie przeniesiono "C:\Users\Natalka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader" => nie znaleziono. "C:\Users\Natalka\Desktop\YTDownloader.lnk" => nie znaleziono. C:\Users\Natalka\Desktop\Nowy folder\Nowy folder\Kholat.lnk => pomyślnie przeniesiono C:\Users\Natalka\Desktop\Nowy folder\Nowy folder\Need For Speed Most Wanted.lnk => pomyślnie przeniesiono C:\Users\Natalka\Desktop\x\Freenet.lnk => pomyślnie przeniesiono C:\Users\Natalka\Desktop\x\Start Tor Browser.lnk => pomyślnie przeniesiono C:\Windows\System32\drivers\mfeelamk.sys => pomyślnie przeniesiono C:\Windows\SysWOW64\findit.xml => pomyślnie przeniesiono ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= Koniec CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. EmptyTemp: => 4.7 GB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 21:03:21 ====