Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 17-10-2016 Uruchomiony przez Natalcia (20-10-2016 21:04:45) Run:1 Uruchomiony z C:\Users\Natalcia\Downloads Załadowane profile: Natalcia (Dostępne profile: Natalcia) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: ShortcutWithArgument: C:\Users\Natalcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD ShortcutWithArgument: C:\Users\Natalcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD ShortcutWithArgument: C:\Users\Natalcia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD ShortcutWithArgument: C:\Users\Natalcia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD ShortcutWithArgument: C:\Users\Natalcia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD FF Homepage: Mozilla\Firefox\Profiles\nvk4ix4a.default-1415992105369 -> hxxp://www.mylucky123.com/?type=hp&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mylucky123.com/?type=sc&ts=1475226132&z=ca75e80aea6fa3b3ded11d5g7z5m9w3o3odqdgaobt&from=uvc0929&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms} HKU\S-1-5-21-808355122-3858119131-277923980-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms} HKU\S-1-5-21-808355122-3858119131-277923980-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD HKU\S-1-5-21-808355122-3858119131-277923980-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD HKU\S-1-5-21-808355122-3858119131-277923980-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope - brak wartości SearchScopes: HKU\S-1-5-21-808355122-3858119131-277923980-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms} SearchScopes: HKU\S-1-5-21-808355122-3858119131-277923980-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms} BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\PROGRA~2\SPYWAR~1\STINTE~2.DLL => Brak pliku BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL => Brak pliku BHO-x32: Brak nazwy -> {E6E66045-E911-4C01-961D-42487CE12089} -> C:\Users\Natalcia\AppData\LocalLow\Browser-Security\safe_url.dll [2016-06-20] () FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Brak pliku] Tcpip\..\Interfaces\{47632F91-BA34-47AB-BD3E-EE98969D39DB}: [DhcpNameServer] 188.42.227.51 148.251.96.99 BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitsdnclean64.exe R2 Hkhlp; C:\Program Files (x86)\Common Files\Apps\Hkhlp.dll [280576 2016-09-01] () [Brak podpisu cyfrowego] R2 IlS; C:\ProgramData\Tencent\QQ\report\repor.dll [394752 2016-10-10] () [Brak podpisu cyfrowego] R2 UvConverter; C:\ProgramData\UvConverter\UvConverter.exe [163328 2016-10-09] () [Brak podpisu cyfrowego] S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.) S2 EvercineDL; "C:\ProgramData\corss\_@aduck00000000.tmp.dat.exe" [X] S2 sp_rsdrv2; system32\DRIVERS\stflt.sys [X] S2 ST2012_Svc; "C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe" [X] MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BackupRemind.lnk => C:\Windows\pss\BackupRemind.lnk.CommonStartup MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: RandMAC => C:\Users\Natalcia\AppData\Local\Temp\7zO9B5.tmp\MadMACs.exe doittoit MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" Task: {064A5ED9-9C1A-4991-B6BD-A469A7501B6E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA Task: {074F4F4A-AE50-4C54-BC93-203A47AD9B2A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA Task: {170E8675-E21B-44DD-827C-7F7E8FB94AC8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {1D3674EE-AF5F-4773-9132-A1B8AD9B1880} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {3777C297-CC64-4B41-9FFE-E6A1A6E9701B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {595EFDB6-6565-4C77-B9B4-32613C874569} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe Task: {75BB0215-37AC-4ACC-8658-4276D088826A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {879AA5CD-E15A-442D-BED4-C19AF3B97BE3} - System32\Tasks\0915tbUpdateInfo => C:\ProgramData\Avg_Update_0915tb\0915tb_{F2CA3928-42EC-481C-8520-B9C1177561C3}.exe Task: {936124EC-50D5-4038-84C9-8EA9786F895D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA Task: {A1A36B1D-AC68-4A03-B545-9768B4D496CF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA Task: {CEAE71BC-EAD1-4678-8434-AB356E34912B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA Task: {D04E4D35-3E1E-478B-A9B8-06415F82780E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {D6331221-D4F5-439F-BDBB-511D47D9C00C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA Task: {F319C730-85F6-4C62-816D-5B186C6DDFEB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA Task: C:\Windows\Tasks\0915tbUpdateInfo.job => C:\ProgramData\Avg_Update_0915tb\0915tb_{F2CA3928-42EC-481C-8520-B9C1177561C3}.exe DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 DisableService: Internet Mobilny. RunOuc AlternateDataStreams: C:\Users\Natalcia\ntuser.dat.log:{50CF2635-73DA-3D80-BE94-033263F847F8} [48] C:\Program Files\ByteFence C:\Program Files (x86)\Evercine C:\Program Files (x86)\Legness C:\Program Files (x86)\Java C:\Program Files (x86)\Mozilla Firefox\plugins C:\Program Files (x86)\Common Files\Apps C:\ProgramData\corss C:\ProgramData\Tencent C:\ProgramData\UvConverter C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\magritte C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OSDownloader C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Three Weeks in Paradise Final C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Sound Recorder\Free Sound Recorder.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polish Empire Mod\Play Polish Empire Mod.lnk C:\Users\Administrator C:\Users\HomeGroupUser$ C:\Users\Gość C:\Users\Natalcia\AppData\Local\Evercine C:\Users\Natalcia\AppData\Local\Legness C:\Users\Natalcia\AppData\LocalLow\Browser-Security C:\Users\Natalcia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Sound Recorder.lnk C:\Users\Natalcia\AppData\Roaming\Microsoft\Windows\Start Menu\Free Sound Recorder.lnk C:\Users\Natalcia\AppData\Roaming\Mozilla\Firefox\Profiles\nvk4ix4a.default-1415992105369\searchplugins C:\Users\Natalcia\Downloads\Niepotwierdzony 988232.crdownload C:\Users\Public\Desktop\B1 Free Archiver.lnk C:\Users\Public\Desktop\OSDownloader.lnk C:\Users\Public\Documents\temp.dat C:\Windows\System32\Drivers\PSKMAD.sys C:\Windows\system32\log C:\Windows\SysWOW64\*.tmp CMD: netsh advfirewall reset EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. C:\Users\Natalcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Natalcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Skrót - argument pomyślnie przywrócono C:\Users\Natalcia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Natalcia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Natalcia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Opera.lnk => Skrót - argument pomyślnie usunięto. Firefox "homepage" pomyślnie usunięto HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-808355122-3858119131-277923980-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-808355122-3858119131-277923980-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-808355122-3858119131-277923980-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-808355122-3858119131-277923980-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKU\S-1-5-21-808355122-3858119131-277923980-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKU\S-1-5-21-808355122-3858119131-277923980-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}" => klucz pomyślnie usunięto "HKCR\CLSID\{82A76710-4F98-4957-92BE-99648A4E2475}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}" => klucz pomyślnie usunięto "HKCR\Wow6432Node\CLSID\{82A76710-4F98-4957-92BE-99648A4E2475}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6E66045-E911-4C01-961D-42487CE12089}" => klucz pomyślnie usunięto "HKCR\Wow6432Node\CLSID\{E6E66045-E911-4C01-961D-42487CE12089}" => klucz pomyślnie usunięto "HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => klucz pomyślnie usunięto HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{47632F91-BA34-47AB-BD3E-EE98969D39DB}\\DhcpNameServer => Wartość pomyślnie usunięto hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => Wartość pomyślnie przywrócono Hkhlp => serwis pomyślnie usunięto IlS => serwis pomyślnie usunięto UvConverter => Usługa pomyślnie zatrzymana. UvConverter => serwis pomyślnie usunięto PSKMAD => serwis pomyślnie usunięto EvercineDL => serwis pomyślnie usunięto sp_rsdrv2 => serwis pomyślnie usunięto ST2012_Svc => serwis pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BackupRemind.lnk" => klucz pomyślnie usunięto C:\Windows\pss\BackupRemind.lnk.CommonStartup => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RandMAC" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotPostWindows10UpgradeReInstall" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{064A5ED9-9C1A-4991-B6BD-A469A7501B6E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{064A5ED9-9C1A-4991-B6BD-A469A7501B6E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{074F4F4A-AE50-4C54-BC93-203A47AD9B2A}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{074F4F4A-AE50-4C54-BC93-203A47AD9B2A}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{170E8675-E21B-44DD-827C-7F7E8FB94AC8}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{170E8675-E21B-44DD-827C-7F7E8FB94AC8}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D3674EE-AF5F-4773-9132-A1B8AD9B1880}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D3674EE-AF5F-4773-9132-A1B8AD9B1880}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3777C297-CC64-4B41-9FFE-E6A1A6E9701B}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3777C297-CC64-4B41-9FFE-E6A1A6E9701B}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{595EFDB6-6565-4C77-B9B4-32613C874569}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{595EFDB6-6565-4C77-B9B4-32613C874569}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\AutoKMS => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75BB0215-37AC-4ACC-8658-4276D088826A}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75BB0215-37AC-4ACC-8658-4276D088826A}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{879AA5CD-E15A-442D-BED4-C19AF3B97BE3}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{879AA5CD-E15A-442D-BED4-C19AF3B97BE3}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\0915tbUpdateInfo => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0915tbUpdateInfo" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{936124EC-50D5-4038-84C9-8EA9786F895D}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{936124EC-50D5-4038-84C9-8EA9786F895D}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1A36B1D-AC68-4A03-B545-9768B4D496CF}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1A36B1D-AC68-4A03-B545-9768B4D496CF}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEAE71BC-EAD1-4678-8434-AB356E34912B}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEAE71BC-EAD1-4678-8434-AB356E34912B}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D04E4D35-3E1E-478B-A9B8-06415F82780E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D04E4D35-3E1E-478B-A9B8-06415F82780E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6331221-D4F5-439F-BDBB-511D47D9C00C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6331221-D4F5-439F-BDBB-511D47D9C00C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F319C730-85F6-4C62-816D-5B186C6DDFEB}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F319C730-85F6-4C62-816D-5B186C6DDFEB}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => klucz pomyślnie usunięto C:\Windows\Tasks\0915tbUpdateInfo.job => pomyślnie przeniesiono HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => klucz pomyślnie usunięto Internet Mobilny. RunOuc => usługę wyłączono C:\Users\Natalcia\ntuser.dat.log => ":{50CF2635-73DA-3D80-BE94-033263F847F8}" ADS pomyślnie usunięto. C:\Program Files\ByteFence => pomyślnie przeniesiono C:\Program Files (x86)\Evercine => pomyślnie przeniesiono C:\Program Files (x86)\Legness => pomyślnie przeniesiono C:\Program Files (x86)\Java => pomyślnie przeniesiono C:\Program Files (x86)\Mozilla Firefox\plugins => pomyślnie przeniesiono C:\Program Files (x86)\Common Files\Apps => pomyślnie przeniesiono C:\ProgramData\corss => pomyślnie przeniesiono C:\ProgramData\Tencent => pomyślnie przeniesiono C:\ProgramData\UvConverter => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74 => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\magritte => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OSDownloader => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Three Weeks in Paradise Final => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Sound Recorder\Free Sound Recorder.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polish Empire Mod\Play Polish Empire Mod.lnk => pomyślnie przeniesiono C:\Users\Administrator => pomyślnie przeniesiono C:\Users\HomeGroupUser$ => pomyślnie przeniesiono C:\Users\Gość => pomyślnie przeniesiono C:\Users\Natalcia\AppData\Local\Evercine => pomyślnie przeniesiono C:\Users\Natalcia\AppData\Local\Legness => pomyślnie przeniesiono C:\Users\Natalcia\AppData\LocalLow\Browser-Security => pomyślnie przeniesiono C:\Users\Natalcia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Sound Recorder.lnk => pomyślnie przeniesiono C:\Users\Natalcia\AppData\Roaming\Microsoft\Windows\Start Menu\Free Sound Recorder.lnk => pomyślnie przeniesiono C:\Users\Natalcia\AppData\Roaming\Mozilla\Firefox\Profiles\nvk4ix4a.default-1415992105369\searchplugins => pomyślnie przeniesiono "C:\Users\Natalcia\Downloads\Niepotwierdzony 988232.crdownload" => nie znaleziono. C:\Users\Public\Desktop\B1 Free Archiver.lnk => pomyślnie przeniesiono C:\Users\Public\Desktop\OSDownloader.lnk => pomyślnie przeniesiono C:\Users\Public\Documents\temp.dat => pomyślnie przeniesiono C:\Windows\System32\Drivers\PSKMAD.sys => pomyślnie przeniesiono C:\Windows\system32\log => pomyślnie przeniesiono =========== "C:\Windows\SysWOW64\*.tmp" ========== C:\Windows\SysWOW64\6AC9.tmp => pomyślnie przeniesiono C:\Windows\SysWOW64\A3F9.tmp => pomyślnie przeniesiono ========= Koniec -> "C:\Windows\SysWOW64\*.tmp" ======== ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44156894 B Java, Flash, Steam htmlcache => 24297558 B Windows/system/drivers => 2424137 B Edge => 0 B Chrome => 562271309 B Firefox => 374725269 B Opera => 23816337 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 66356 B systemprofile32 => 66356 B LocalService => 66228 B NetworkService => 0 B Natalcia => 46095001 B RecycleBin => 1044032871 B EmptyTemp: => 2 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 21:08:50 ====