Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 14.03.2018 Uruchomiony przez cp (15-03-2018 18:45:43) Run:1 Uruchomiony z C:\Users\cp\Downloads Załadowane profile: cp (Dostępne profile: cp) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] HKLM-x32\...\RunOnce: [360safeuninst_1f0fb7c2d13cc0c07ff2ca40747bc03e] => C:\Users\cp\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_remove360.bat [577 2018-03-15] () <==== UWAGA Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun GroupPolicy: Ograniczenia - Chrome <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" Task: {683753EC-DA20-481B-8322-A4F3756B7C77} - System32\Tasks\{7429348D-8B14-4035-AC65-4AAF1B544388} => C:\Windows\system32\pcalua.exe -a C:\Users\cp\Downloads\sp62981(1).exe -d C:\Users\cp\Downloads Task: {87D6C2BE-BD9F-4A7F-97B9-FBF716DBC4A2} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {93E02D0F-271A-4F57-958F-0FE197472268} - System32\Tasks\HPCustPartic.exe_{F8A2F154-23E9-46C8-A58B-0534F5FFCF3E} => C:\Program Files\HP\HP OfficeJet Pro 7740 series\Bin\HPCustPartic.exe Task: {B661C1C6-E6BB-4FFF-BEBF-6AA9BA530AFB} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe S4 QHActiveDefense; "C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe" [X] R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2018-03-13] (360.cn) R3 360Box64; system32\DRIVERS\360Box64.sys [X] R3 360netmon; system32\DRIVERS\360netmon.sys [X] S3 EverestDriver; \??\C:\Users\cp\AppData\Local\Temp\EverestDriver.sys [X] <==== UWAGA DeleteKey: HKU\S-1-5-18\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt C:\Program Files (x86)\360 C:\ProgramData\360TSBackup C:\ProgramData\360Quarant C:\ProgramData\TEMP C:\Windows\system32dbgraw.bmp C:\Windows\SysWOW64\Drivers\360AvFlt.sys cmd: netsh advfirewall reset Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => pomyślnie usunięto "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\360safeuninst_1f0fb7c2d13cc0c07ff2ca40747bc03e" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => pomyślnie usunięto "HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar" => pomyślnie usunięto "HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar" => pomyślnie usunięto C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\Windows\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono "HKLM\SOFTWARE\Policies\Google" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{683753EC-DA20-481B-8322-A4F3756B7C77}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{683753EC-DA20-481B-8322-A4F3756B7C77}" => pomyślnie usunięto C:\Windows\System32\Tasks\{7429348D-8B14-4035-AC65-4AAF1B544388} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7429348D-8B14-4035-AC65-4AAF1B544388}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87D6C2BE-BD9F-4A7F-97B9-FBF716DBC4A2}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87D6C2BE-BD9F-4A7F-97B9-FBF716DBC4A2}" => pomyślnie usunięto C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93E02D0F-271A-4F57-958F-0FE197472268}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93E02D0F-271A-4F57-958F-0FE197472268}" => pomyślnie usunięto C:\Windows\System32\Tasks\HPCustPartic.exe_{F8A2F154-23E9-46C8-A58B-0534F5FFCF3E} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustPartic.exe_{F8A2F154-23E9-46C8-A58B-0534F5FFCF3E}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B661C1C6-E6BB-4FFF-BEBF-6AA9BA530AFB}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B661C1C6-E6BB-4FFF-BEBF-6AA9BA530AFB}" => pomyślnie usunięto C:\Windows\System32\Tasks\SidebarExecute => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => pomyślnie usunięto QHActiveDefense => serwis nie znaleziono. 360AvFlt => serwis nie znaleziono. 360Box64 => serwis nie znaleziono. 360netmon => serwis nie znaleziono. "HKLM\System\CurrentControlSet\Services\EverestDriver" => pomyślnie usunięto EverestDriver => serwis pomyślnie usunięto "HKU\S-1-5-18\Software\MozillaPlugins" => pomyślnie usunięto "HKLM\SOFTWARE\MozillaPlugins" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\MozillaPlugins" => pomyślnie usunięto C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt => pomyślnie przeniesiono C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt => pomyślnie przeniesiono C:\Program Files (x86)\360 => pomyślnie przeniesiono C:\ProgramData\360TSBackup => pomyślnie przeniesiono C:\ProgramData\360Quarant => pomyślnie przeniesiono C:\ProgramData\TEMP => pomyślnie przeniesiono C:\Windows\system32dbgraw.bmp => pomyślnie przeniesiono C:\Windows\SysWOW64\Drivers\360AvFlt.sys => pomyślnie przeniesiono ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17479057 B Java, Flash, Steam htmlcache => 210532870 B Windows/system/drivers => 2566872 B Edge => 0 B Chrome => 76240793 B Firefox => 374037385 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 34929 B systemprofile32 => 36565 B LocalService => 0 B NetworkService => 272240590 B cp => 90263523 B RecycleBin => 0 B EmptyTemp: => 1003.1 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 18:46:37 ====