Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:27-01-2016 Uruchomiony przez Kati (2016-02-06 20:15:07) Run:1 Uruchomiony z C:\Users\Kati\Desktop\FRST ZaÅ‚adowane profile: Kati & UpdatusUser (DostÄ™pne profile: Kati & UpdatusUser) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: Task: {3AD3F8B1-31D4-49E1-AAAA-0BECA743CA35} - System32\Tasks\KatiSpacesuitsGnarlingV2 => Rundll32.exe BruitsFirewater.dll,main 7 1 <==== UWAGA Task: {B0F666C8-98BC-4521-86A8-839E036C11BF} - System32\Tasks\Price Fountain => C:\Users\Kati\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Kati\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA Startup: C:\Users\Kati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\serdes-5.lnk [2016-02-06] HKU\S-1-5-21-282247486-3544188475-3799147128-1000\...\Run: [milliamp-2] => C:\ProgramData\milliamp-57\milliamp-02.exe [487424 2016-02-06] (Oxygen Software) HKU\S-1-5-21-282247486-3544188475-3799147128-1000\...\RunOnce: [xmitter-0] => C:\Users\Kati\AppData\Roaming\xmitter-54\xmitter-0.exe [736256 2016-02-06] (RealNetworks, Inc.) HKU\S-1-5-21-282247486-3544188475-3799147128-1000\...\Winlogon: [Shell] C:\ProgramData\maxton-9\maxton-0.exe -1i,explorer.exe <==== UWAGA HKU\S-1-5-21-282247486-3544188475-3799147128-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\ProgramData\id RemoveDirectory: C:\ProgramData\isotope-08 RemoveDirectory: C:\ProgramData\maxton-9 RemoveDirectory: C:\ProgramData\milliamp-57 RemoveDirectory: C:\ProgramData\TEMP RemoveDirectory: C:\Users\Kati\AppData\Local\SpacesuitsGnarling RemoveDirectory: C:\Users\Kati\AppData\Roaming\PriceFountain RemoveDirectory: C:\Users\Kati\AppData\Roaming\fission-19 RemoveDirectory: C:\Users\Kati\AppData\Roaming\serdes-9 RemoveDirectory: C:\Users\Kati\AppData\Roaming\xmitter-54 DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins CMD: del /q "C:\Users\Kati\AppData\Roaming\Canon\MP Navigator EX V30\history\sc\hstr_*.lnk" CMD: del /q C:\Users\Kati\Downloads\adwcleaner*.exe CMD: del /q C:\Users\Kati\Downloads\installer.exe CMD: del /q C:\Users\Kati\Downloads\sh-remover*.exe CMD: del /q C:\Users\Kati\Downloads\trjsetup693*.exe EmptyTemp: ***************** Procesy zostaÅ‚y pomyÅ›lnie zamkniÄ™te. Punkt przywracania zostaÅ‚ pomyÅ›lnie utworzony. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3AD3F8B1-31D4-49E1-AAAA-0BECA743CA35}" => klucz pomyÅ›lnie usuniÄ™to "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AD3F8B1-31D4-49E1-AAAA-0BECA743CA35}" => klucz pomyÅ›lnie usuniÄ™to C:\Windows\System32\Tasks\KatiSpacesuitsGnarlingV2 => pomyÅ›lnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KatiSpacesuitsGnarlingV2" => klucz pomyÅ›lnie usuniÄ™to "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0F666C8-98BC-4521-86A8-839E036C11BF}" => klucz pomyÅ›lnie usuniÄ™to "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0F666C8-98BC-4521-86A8-839E036C11BF}" => klucz pomyÅ›lnie usuniÄ™to C:\Windows\System32\Tasks\Price Fountain => pomyÅ›lnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Price Fountain" => klucz pomyÅ›lnie usuniÄ™to C:\Windows\Tasks\Price Fountain.job => pomyÅ›lnie przeniesiono C:\Users\Kati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\serdes-5.lnk => pomyÅ›lnie przeniesiono HKU\S-1-5-21-282247486-3544188475-3799147128-1000\Software\Microsoft\Windows\CurrentVersion\Run\\milliamp-2 => Wartość pomyÅ›lnie usuniÄ™to HKU\S-1-5-21-282247486-3544188475-3799147128-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\xmitter-0 => Wartość pomyÅ›lnie usuniÄ™to HKU\S-1-5-21-282247486-3544188475-3799147128-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Wartość pomyÅ›lnie usuniÄ™to HKU\S-1-5-21-282247486-3544188475-3799147128-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyÅ›lnie przywrócono "C:\AdwCleaner" => pomyÅ›lnie usuniÄ™to. "C:\ProgramData\id" => pomyÅ›lnie usuniÄ™to. "C:\ProgramData\isotope-08" => pomyÅ›lnie usuniÄ™to. "C:\ProgramData\maxton-9" => pomyÅ›lnie usuniÄ™to. "C:\ProgramData\milliamp-57" => pomyÅ›lnie usuniÄ™to. "C:\ProgramData\TEMP" => pomyÅ›lnie usuniÄ™to. "C:\Users\Kati\AppData\Local\SpacesuitsGnarling" => pomyÅ›lnie usuniÄ™to. "C:\Users\Kati\AppData\Roaming\PriceFountain" => pomyÅ›lnie usuniÄ™to. "C:\Users\Kati\AppData\Roaming\fission-19" => pomyÅ›lnie usuniÄ™to. "C:\Users\Kati\AppData\Roaming\serdes-9" => pomyÅ›lnie usuniÄ™to. "C:\Users\Kati\AppData\Roaming\xmitter-54" => pomyÅ›lnie usuniÄ™to. HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz pomyÅ›lnie usuniÄ™to HKCU\Software\dobreprogramy => klucz pomyÅ›lnie usuniÄ™to HKLM\SOFTWARE\MozillaPlugins => niepowodzenie przy usuwaniu w pierwszym podejÅ›ciu (ErrorCode: C0000121), zobacz kolejnÄ… liniÄ™. HKLM\SOFTWARE\MozillaPlugins => klucz pomyÅ›lnie usuniÄ™to HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => niepowodzenie przy usuwaniu w pierwszym podejÅ›ciu (ErrorCode: C0000121), zobacz kolejnÄ… liniÄ™. HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => klucz pomyÅ›lnie usuniÄ™to ========= del /q "C:\Users\Kati\AppData\Roaming\Canon\MP Navigator EX V30\history\sc\hstr_*.lnk" ========= Nie mo¾na odnale«† C:\Users\Kati\AppData\Roaming\Canon\MP Navigator EX V30\history\sc\hstr_*.lnk. ========= Koniec CMD: ========= ========= del /q C:\Users\Kati\Downloads\adwcleaner*.exe ========= ========= Koniec CMD: ========= ========= del /q C:\Users\Kati\Downloads\installer.exe ========= ========= Koniec CMD: ========= ========= del /q C:\Users\Kati\Downloads\sh-remover*.exe ========= ========= Koniec CMD: ========= ========= del /q C:\Users\Kati\Downloads\trjsetup693*.exe ========= ========= Koniec CMD: ========= EmptyTemp: => 381.2 MB danych tymczasowych UsuniÄ™to. System wymagaÅ‚ restartu. ==== Koniec Fixlog 20:15:39 ====