Rezultat naprawy Farbar Recovery Scan Tool (x86) Wersja: 21.07.2018 Uruchomiony przez Admin (22-07-2018 20:40:31) Run:1 Uruchomiony z C:\Users\Admin\Desktop\FRST Załadowane profile: Admin (Dostępne profile: Admin) Tryb startu: Safe Mode (with Networking) ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: Task: {28004C86-095A-42AF-8E7D-C8D04A80C821} - System32\Tasks\{0B01A3A9-E24A-05AD-02B0-76A83ED5FBB4} => "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://dzoper.com/cl/?guid=ytnnqsdq7ts0mqv3t6gfrtcy1teym1qb&prid=1&pid=4_1324_0 Task: {767642D3-98C1-4E88-AD83-6285380F1751} - System32\Tasks\{8251EC64-BE2F-67D5-B059-41971F427E1D} => C:\Program Files\Common Files\eUIIBoV.exe [2009-07-14] (Microsoft Corporation) Task: {839D75B9-539C-4C7C-83AD-190EC5AFCC16} - System32\Tasks\{C20BEF74-944D-07C8-6C61-DDB55312F307} => C:\Users\Admin\AppData\Roaming\uYiMlOtzy.exe [2009-07-14] (Microsoft Corporation) <==== UWAGA C:\Program Files\Common Files\eUIIBoV.exe C:\Users\Admin\AppData\Roaming\uYiMlOtzy.exe FirewallRules: [{EA63F567-9471-438F-BB2A-E647682848CF}] => (Allow) C:\Users\Admin\AppData\Roaming\uYiMlOtzy.exe FirewallRules: [{E0DD1959-8AC0-4F53-9237-3A565B16067D}] => (Allow) C:\Program Files\Common Files\eUIIBoV.exe U3 aswbdisk; Brak ImagePath 2018-07-22 17:05 - 2018-07-22 17:08 - 000000000 ____D C:\ProgramData\HitmanPro 2018-07-22 16:39 - 2018-07-22 16:39 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\Admin\Downloads\rkill-unsigned.exe 2018-07-22 15:20 - 2018-07-22 15:21 - 005659639 _____ (Swearware) C:\Users\Admin\Downloads\ComboFix.exe 2018-07-22 14:46 - 2018-07-22 14:43 - 007407312 _____ (Malwarebytes) C:\Users\Admin\Desktop\aner.exe 2018-07-22 14:46 - 2018-07-22 17:28 - 000000000 ____D C:\AdwCleaner Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Admin\Desktop\aner.exe Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Error: Punkt przywracania można utworzyć tylko w trybie normalnym. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28004C86-095A-42AF-8E7D-C8D04A80C821}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28004C86-095A-42AF-8E7D-C8D04A80C821}" => pomyślnie usunięto C:\Windows\System32\Tasks\{0B01A3A9-E24A-05AD-02B0-76A83ED5FBB4} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0B01A3A9-E24A-05AD-02B0-76A83ED5FBB4}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{767642D3-98C1-4E88-AD83-6285380F1751}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{767642D3-98C1-4E88-AD83-6285380F1751}" => pomyślnie usunięto C:\Windows\System32\Tasks\{8251EC64-BE2F-67D5-B059-41971F427E1D} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8251EC64-BE2F-67D5-B059-41971F427E1D}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{839D75B9-539C-4C7C-83AD-190EC5AFCC16}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{839D75B9-539C-4C7C-83AD-190EC5AFCC16}" => pomyślnie usunięto C:\Windows\System32\Tasks\{C20BEF74-944D-07C8-6C61-DDB55312F307} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C20BEF74-944D-07C8-6C61-DDB55312F307}" => pomyślnie usunięto C:\Program Files\Common Files\eUIIBoV.exe => pomyślnie przeniesiono C:\Users\Admin\AppData\Roaming\uYiMlOtzy.exe => pomyślnie przeniesiono "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA63F567-9471-438F-BB2A-E647682848CF}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E0DD1959-8AC0-4F53-9237-3A565B16067D}" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\aswbdisk" => pomyślnie usunięto aswbdisk => serwis pomyślnie usunięto C:\ProgramData\HitmanPro => pomyślnie przeniesiono C:\Users\Admin\Downloads\rkill-unsigned.exe => pomyślnie przeniesiono C:\Users\Admin\Downloads\ComboFix.exe => pomyślnie przeniesiono C:\Users\Admin\Desktop\aner.exe => pomyślnie przeniesiono C:\AdwCleaner => pomyślnie przeniesiono C:\Windows\Tasks\AdwCleaner_onReboot.job => pomyślnie przeniesiono ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15762143 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 261074 B Edge => 0 B Chrome => 739694359 B Firefox => 15004286 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 83592 B LocalService => 66228 B NetworkService => 66228 B Admin => 9304768 B RecycleBin => 0 B EmptyTemp: => 744.1 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 20:41:19 ====