Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 02-11-2017 Uruchomiony przez Tekla (06-11-2017 18:39:14) Run:2 Uruchomiony z C:\Users\Tekla\Desktop Załadowane profile: Tekla (Dostępne profile: Tekla) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku GroupPolicy: Ograniczenia <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X] S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [X] U0 aswVmm; Brak ImagePath FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\48789421.js [2017-11-01] <==== UWAGA (Linkuje do pliku *.cfg) FF ExtraCheck: C:\Program Files\mozilla firefox\48789421.cfg [2017-11-01] <==== UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_updstrcm_16_48_ssg01¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyD0D0A0FtAtDzyyDyByCtN0D0Tzu0StCyBzyzztN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0EtD0B0BtD0F0AtGyCyEyEtCtGtB0BzytBtGtDtByBzytG0BtD0A0DtA0C0EyD0EzyyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtBtDyCyDyE0EyDtGzy0CtCtCtGyE0CtDzytG0A0FzytAtGzy0B0Ezz0C0FtBtDtBzytByB2QtN0A0LzuyE%26cr%3D2113677804%26a%3Dwbf_updstrcm_16_48_ssg01%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_updstrcm_16_48_ssg01¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyD0D0A0FtAtDzyyDyByCtN0D0Tzu0StCyBzyzztN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0EtD0B0BtD0F0AtGyCyEyEtCtGtB0BzytBtGtDtByBzytG0BtD0A0DtA0C0EyD0EzyyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtBtDyCyDyE0EyDtGzy0CtCtCtGyE0CtDzytG0A0FzytAtGzy0B0Ezz0C0FtBtDtBzytByB2QtN0A0LzuyE%26cr%3D2113677804%26a%3Dwbf_updstrcm_16_48_ssg01%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKU\S-1-5-21-3829860928-2521656368-3583658347-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_updstrcm_16_48_ssg01¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyD0D0A0FtAtDzyyDyByCtN0D0Tzu0StCyBzyzztN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0EtD0B0BtD0F0AtGyCyEyEtCtGtB0BzytBtGtDtByBzytG0BtD0A0DtA0C0EyD0EzyyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtBtDyCyDyE0EyDtGzy0CtCtCtGyE0CtDzytG0A0FzytAtGzy0B0Ezz0C0FtBtDtBzytByB2QtN0A0LzuyE%26cr%3D2113677804%26a%3Dwbf_updstrcm_16_48_ssg01%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_updstrcm_16_48_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyD0D0A0FtAtDzyyDyByCtN0D0Tzu0StCyBzyzztN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0EtD0B0BtD0F0AtGyCyEyEtCtGtB0BzytBtGtDtByBzytG0BtD0A0DtA0C0EyD0EzyyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtBtDyCyDyE0EyDtGzy0CtCtCtGyE0CtDzytG0A0FzytAtGzy0B0Ezz0C0FtBtDtBzytByB2QtN0A0LzuyE%26cr%3D2113677804%26a%3Dwbf_updstrcm_16_48_ssg01%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_updstrcm_16_48_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyD0D0A0FtAtDzyyDyByCtN0D0Tzu0StCyBzyzztN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0EtD0B0BtD0F0AtGyCyEyEtCtGtB0BzytBtGtDtByBzytG0BtD0A0DtA0C0EyD0EzyyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtBtDyCyDyE0EyDtGzy0CtCtCtGyE0CtDzytG0A0FzytAtGzy0B0Ezz0C0FtBtDtBzytByB2QtN0A0LzuyE%26cr%3D2113677804%26a%3Dwbf_updstrcm_16_48_ssg01%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_updstrcm_16_48_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyD0D0A0FtAtDzyyDyByCtN0D0Tzu0StCyBzyzztN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0EtD0B0BtD0F0AtGyCyEyEtCtGtB0BzytBtGtDtByBzytG0BtD0A0DtA0C0EyD0EzyyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtBtDyCyDyE0EyDtGzy0CtCtCtGyE0CtDzytG0A0FzytAtGzy0B0Ezz0C0FtBtDtBzytByB2QtN0A0LzuyE%26cr%3D2113677804%26a%3Dwbf_updstrcm_16_48_ssg01%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_updstrcm_16_48_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyD0D0A0FtAtDzyyDyByCtN0D0Tzu0StCyBzyzztN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0EtD0B0BtD0F0AtGyCyEyEtCtGtB0BzytBtGtDtByBzytG0BtD0A0DtA0C0EyD0EzyyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtBtDyCyDyE0EyDtGzy0CtCtCtGyE0CtDzytG0A0FzytAtGzy0B0Ezz0C0FtBtDtBzytByB2QtN0A0LzuyE%26cr%3D2113677804%26a%3Dwbf_updstrcm_16_48_ssg01%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-3829860928-2521656368-3583658347-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_updstrcm_16_48_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyD0D0A0FtAtDzyyDyByCtN0D0Tzu0StCyBzyzztN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0EtD0B0BtD0F0AtGyCyEyEtCtGtB0BzytBtGtDtByBzytG0BtD0A0DtA0C0EyD0EzyyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtBtDyCyDyE0EyDtGzy0CtCtCtGyE0CtDzytG0A0FzytAtGzy0B0Ezz0C0FtBtDtBzytByB2QtN0A0LzuyE%26cr%3D2113677804%26a%3Dwbf_updstrcm_16_48_ssg01%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-3829860928-2521656368-3583658347-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_updstrcm_16_48_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyD0D0A0FtAtDzyyDyByCtN0D0Tzu0StCyBzyzztN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0EtD0B0BtD0F0AtGyCyEyEtCtGtB0BzytBtGtDtByBzytG0BtD0A0DtA0C0EyD0EzyyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtBtDyCyDyE0EyDtGzy0CtCtCtGyE0CtDzytG0A0FzytAtGzy0B0Ezz0C0FtBtDtBzytByB2QtN0A0LzuyE%26cr%3D2113677804%26a%3Dwbf_updstrcm_16_48_ssg01%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-3829860928-2521656368-3583658347-1000 -> {BC939005-9CBD-45EA-B6DF-22E800BBE79A} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms} SearchScopes: HKU\S-1-5-21-3829860928-2521656368-3583658347-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs- SearchScopes: HKU\S-1-5-21-3829860928-2521656368-3583658347-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =awc&type=lvs__webcompa__1_0__ya__ch_WCYID10118__161203__yaie&p={searchTerms} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks\Uninstall Lightworks.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Image Recovery\Digital Image Recovery.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Image Recovery\README.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab\ClipGrab.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab\Uninstall ClipGrab.lnk Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => klucz nie znaleziono. C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\Windows\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono HKLM\SOFTWARE\Policies\Google => klucz pomyślnie usunięto HKLM\System\CurrentControlSet\Services\Nero BackItUp Scheduler 4.0 => klucz pomyślnie usunięto Nero BackItUp Scheduler 4.0 => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\WsDrvInst => klucz pomyślnie usunięto WsDrvInst => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\aswVmm => klucz pomyślnie usunięto aswVmm => serwis pomyślnie usunięto C:\Program Files\mozilla firefox\defaults\pref\48789421.js => pomyślnie przeniesiono C:\Program Files\mozilla firefox\48789421.cfg => pomyślnie przeniesiono HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-3829860928-2521656368-3583658347-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono. HKU\S-1-5-21-3829860928-2521656368-3583658347-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto HKU\S-1-5-21-3829860928-2521656368-3583658347-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono. HKU\S-1-5-21-3829860928-2521656368-3583658347-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC939005-9CBD-45EA-B6DF-22E800BBE79A} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{BC939005-9CBD-45EA-B6DF-22E800BBE79A} => klucz nie znaleziono. HKU\S-1-5-21-3829860928-2521656368-3583658347-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => klucz nie znaleziono. HKU\S-1-5-21-3829860928-2521656368-3583658347-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => klucz nie znaleziono. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks\Uninstall Lightworks.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Image Recovery\Digital Image Recovery.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Image Recovery\README.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab\ClipGrab.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab\Uninstall ClipGrab.lnk => pomyślnie przeniesiono ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14489346 B Java, Flash, Steam htmlcache => 33888 B Windows/system/drivers => 357750914 B Edge => 0 B Chrome => 232210018 B Firefox => 424635349 B Opera => 39933545 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 83592 B systemprofile32 => 66228 B LocalService => 75984 B NetworkService => 281436 B Tekla => 18032405636 B RecycleBin => 0 B EmptyTemp: => 17.8 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 18:48:33 ====