Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 14-09-2019 Uruchomiony przez Recepcja (16-09-2019 23:08:18) Run:1 Uruchomiony z C:\Users\Recepcja\Desktop Załadowane profile: Recepcja (Dostępne profile: Recepcja) Tryb startu: Safe Mode (with Networking) ============================================== fixlist - zawartość: ***************** HKLM\SYSTEM\CurrentControlSet\Services\45823C9EB4E19094 <==== UWAGA (Rootkit!) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.147.500.0_x86__kgqvnymyfvs32 [2019-09-09] (king.com) CustomCLSID: HKU\S-1-5-21-1133247490-2179822280-128119213-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Recepcja\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-1133247490-2179822280-128119213-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Recepcja\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-1133247490-2179822280-128119213-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Recepcja\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Brak pliku ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku AlternateDataStreams: C:\Users\Recepcja\Downloads\KWHotel_0_44_104.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\Recepcja\Downloads\KWHotel_0_44_104.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Recepcja\Downloads\kwhotel_0_44_47.exe:$CmdTcID [130] EmptyTemp: ***************** HKLM\SYSTEM\CurrentControlSet\Services\45823C9EB4E19094 <==== UWAGA (Rootkit!) => Błąd: Nie znaleziono automatycznej naprawy dla tego wejścia. Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.147.500.0_x86__kgqvnymyfvs32 [2019-09-09] (king.com) => Błąd: Nie znaleziono automatycznej naprawy dla tego wejścia. HKU\S-1-5-21-1133247490-2179822280-128119213-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => pomyślnie usunięto HKU\S-1-5-21-1133247490-2179822280-128119213-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => pomyślnie usunięto HKU\S-1-5-21-1133247490-2179822280-128119213-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => pomyślnie usunięto HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => nie znaleziono HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => pomyślnie usunięto HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => nie znaleziono HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => pomyślnie usunięto HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => nie znaleziono HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => pomyślnie usunięto HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => nie znaleziono HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => pomyślnie usunięto HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => nie znaleziono HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => pomyślnie usunięto HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => nie znaleziono HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => pomyślnie usunięto HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => nie znaleziono HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => nie znaleziono HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => nie znaleziono HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => nie znaleziono HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => nie znaleziono HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => nie znaleziono HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => nie znaleziono HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => nie znaleziono HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => pomyślnie usunięto HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => nie znaleziono C:\Users\Recepcja\Downloads\KWHotel_0_44_104.exe => ":$CmdTcID" ADS pomyślnie usunięto C:\Users\Recepcja\Downloads\KWHotel_0_44_104.exe => ":$CmdZnID" ADS pomyślnie usunięto C:\Users\Recepcja\Downloads\kwhotel_0_44_47.exe => ":$CmdTcID" ADS pomyślnie usunięto =========== EmptyTemp: ========== BITS transfer queue => 10248192 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 184038273 B Java, Flash, Steam htmlcache => 1422 B Windows/system/drivers => 257 B Edge => 5801912 B Chrome => 0 B Firefox => 1122756981 B Opera => 114262052 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 22942 B LocalService => 0 B NetworkService => 14596 B NetworkService => 0 B Recepcja => 50362679 B RecycleBin => 199527090 B EmptyTemp: => 1.6 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 23:12:29 ====