Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 19-05.2019 Uruchomiony przez Roksanka (19-05-2019 20:48:16) Run:1 Uruchomiony z C:\Users\Roksanka\Desktop Załadowane profile: Roksanka (Dostępne profile: Roksanka) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** RemoveDirectory: C:\ProgramData\boost_interprocess Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} Task: {C9E53D62-915A-4C34-BD70-449D8DCFF5A3} - System32\Tasks\{30ED1D86-F7E2-431A-A36C-4AE9A12AF0EE} => C:\Windows\system32\pcalua.exe -a C:\Users\Roksanka\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== UWAGA C:\Users\Roksanka\AppData\Roaming\omiga-plus GroupPolicy: Ograniczenia - Chrome <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-401114214-1193736764-2307863192-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-401114214-1193736764-2307863192-1001 -> OldSearch URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-401114214-1193736764-2307863192-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-401114214-1193736764-2307863192-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-401114214-1193736764-2307863192-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-401114214-1193736764-2307863192-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-401114214-1193736764-2307863192-1001 -> {szukaj.gazeta.pl} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} BHO: Brak nazwy -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> Brak pliku StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1432147462&z=3359597296261b9b7308b8cgazcceo2g6zemfzdq3m&from=wpm05203&uid=WDCXWD5000BPVT-60HXZT1_WD-WXM1E31RFM35RFM35 ShortcutWithArgument: C:\Users\Roksanka\AppData\Local\Google\Chrome\User Data\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Roksanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Roksanka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Roksanka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk EmptyTemp: ***************** "C:\ProgramData\boost_interprocess" => pomyślnie usunięto ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9E53D62-915A-4C34-BD70-449D8DCFF5A3}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9E53D62-915A-4C34-BD70-449D8DCFF5A3}" => pomyślnie usunięto C:\Windows\System32\Tasks\{30ED1D86-F7E2-431A-A36C-4AE9A12AF0EE} => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{30ED1D86-F7E2-431A-A36C-4AE9A12AF0EE}" => pomyślnie usunięto "C:\Users\Roksanka\AppData\Roaming\omiga-plus" => nie znaleziono C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono HKLM\SOFTWARE\Policies\Google => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => nie znaleziono HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => nie znaleziono HKU\S-1-5-21-401114214-1193736764-2307863192-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => nie znaleziono HKU\S-1-5-21-401114214-1193736764-2307863192-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch => pomyślnie usunięto HKLM\Software\Classes\CLSID\OldSearch => nie znaleziono HKU\S-1-5-21-401114214-1193736764-2307863192-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => nie znaleziono HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => nie znaleziono HKU\S-1-5-21-401114214-1193736764-2307863192-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => nie znaleziono HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => nie znaleziono HKU\S-1-5-21-401114214-1193736764-2307863192-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => nie znaleziono HKU\S-1-5-21-401114214-1193736764-2307863192-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => nie znaleziono HKU\S-1-5-21-401114214-1193736764-2307863192-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{szukaj.gazeta.pl} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{szukaj.gazeta.pl} => nie znaleziono HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => nie znaleziono HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono C:\Users\Roksanka\AppData\Local\Google\Chrome\User Data\Program uruchamiający aplikacje Chrome.lnk => Skrót - argument pomyślnie usunięto C:\Users\Roksanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk => Skrót - argument pomyślnie usunięto C:\Users\Roksanka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Program uruchamiający aplikacje Chrome.lnk => Skrót - argument pomyślnie usunięto C:\Users\Roksanka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk => Skrót - argument pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Skrót - argument pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk => pomyślnie przeniesiono =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 262994622 B Java, Flash, Steam htmlcache => 704 B Windows/system/drivers => 1092534126 B Edge => 0 B Chrome => 147137515 B Firefox => 0 B Opera => 61418701 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 58568853 B systemprofile32 => 70387 B LocalService => 451664 B NetworkService => 5503226 B Roksanka => 5491368989 B RecycleBin => 0 B EmptyTemp: => 6.6 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 21:01:17 ====