Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 06-10-2017 Uruchomiony przez Profil (08-10-2017 14:10:17) Run:2 Uruchomiony z C:\Users\Profil\Desktop Załadowane profile: Profil (Dostępne profile: Admin & Profil & Damian) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: ShortcutTarget: Telegram.lnk -> C:\Users\Profil\AppData\Roaming\Telegram Desktop\Telegram.exe (Brak pliku) HKU\S-1-5-21-3295605243-3104791100-1276282624-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fuk.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01 SearchScopes: HKU\S-1-5-21-3295605243-3104791100-1276282624-1001 -> DefaultScope {CFE0D3DA-DB73-4ceb-BC9D-E4A25C68DE8F} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB SearchScopes: HKU\S-1-5-21-3295605243-3104791100-1276282624-1001 -> {CFE0D3DA-DB73-4ceb-BC9D-E4A25C68DE8F} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB SearchScopes: HKU\S-1-5-21-3295605243-3104791100-1276282624-1001 -> {B63C2A71-1DE6-4e64-A2D9-E728F8DCE872} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms} FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X] S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.14.102.0 [X] S3 MSICDSetup; \??\I:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\I:\NTIOLib_X64.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator Pomoc.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\AFPL License.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opt-In Software\Web Proxy Checker.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy\HandyAndy.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy\Start Andy.lnk C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk C:\Users\Profil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk C:\Users\Profil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod Organizer\Mod Organizer.lnk C:\Users\Profil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod Organizer\Uninstall.lnk StartRegedit: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Themes] "Start"=dword:00000002 "DisplayName"="@%SystemRoot%\\System32\\themeservice.dll,-8192" "ErrorControl"=dword:00000001 "Group"="ProfSvc_Group" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Type"=dword:00000020 "Description"="@%SystemRoot%\\System32\\themeservice.dll,-8193" "ObjectName"="LocalSystem" "RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\ 00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\ 72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,\ 00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,\ 00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Themes\Parameters] "ServiceDllUnloadOnStop"=dword:00000001 "ServiceMain"="ThemeServiceMain" "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 74,00,68,00,65,00,6d,00,65,00,73,00,65,00,72,00,76,00,69,00,63,00,65,00,2e,\ 00,64,00,6c,00,6c,00,00,00 EndRegedit: Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\Themes /s EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. C:\Users\Profil\AppData\Roaming\Telegram Desktop\Telegram.exe => nie znaleziono. HKU\S-1-5-21-3295605243-3104791100-1276282624-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-3295605243-3104791100-1276282624-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto HKU\S-1-5-21-3295605243-3104791100-1276282624-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFE0D3DA-DB73-4ceb-BC9D-E4A25C68DE8F} => klucz nie znaleziono. HKLM\Software\Classes\CLSID\{CFE0D3DA-DB73-4ceb-BC9D-E4A25C68DE8F} => klucz nie znaleziono. HKU\S-1-5-21-3295605243-3104791100-1276282624-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B63C2A71-1DE6-4e64-A2D9-E728F8DCE872} => klucz nie znaleziono. HKLM\Software\Classes\CLSID\{B63C2A71-1DE6-4e64-A2D9-E728F8DCE872} => klucz nie znaleziono. HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => klucz pomyślnie usunięto HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => klucz pomyślnie usunięto HKLM\System\CurrentControlSet\Services\HuaweiHiSuiteService64.exe => klucz pomyślnie usunięto HuaweiHiSuiteService64.exe => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\InstallerService => klucz pomyślnie usunięto InstallerService => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\MSICDSetup => klucz pomyślnie usunięto MSICDSetup => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\NTIOLib_1_0_C => klucz pomyślnie usunięto NTIOLib_1_0_C => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\VMnetAdapter => klucz pomyślnie usunięto VMnetAdapter => serwis pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => klucz nie znaleziono. C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator Pomoc.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\AFPL License.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opt-In Software\Web Proxy Checker.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy\HandyAndy.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy\Start Andy.lnk => pomyślnie przeniesiono C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk => pomyślnie przeniesiono C:\Users\Profil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk => pomyślnie przeniesiono C:\Users\Profil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod Organizer\Mod Organizer.lnk => pomyślnie przeniesiono C:\Users\Profil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod Organizer\Uninstall.lnk => pomyślnie przeniesiono ====> Rejestr ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\Themes /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes Start REG_DWORD 0x2 DisplayName REG_SZ Kompozycje ErrorControl REG_DWORD 0x1 Group REG_SZ ProfSvc_Group ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs Type REG_DWORD 0x120 Description REG_SZ @%SystemRoot%\System32\themeservice.dll,-8193 ObjectName REG_SZ LocalSystem RequiredPrivileges REG_MULTI_SZ SeAssignPrimaryTokenPrivilege\0SeDebugPrivilege\0SeImpersonatePrivilege FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes\Parameters ServiceDllUnloadOnStop REG_DWORD 0x1 ServiceMain REG_SZ ThemeServiceMain ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\themeservice.dll ========= Koniec Reg: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7526732 B Java, Flash, Steam htmlcache => 368134572 B Windows/system/drivers => 1329350 B Edge => 0 B Chrome => 96282887 B Firefox => 140622622 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 18168 B systemprofile32 => 148028 B LocalService => 66708 B NetworkService => 692 B Admin => 889220051 B Profil => 458912 B Damian => 115516503 B RecycleBin => 130601 B EmptyTemp: => 1.5 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 14:11:27 ====