Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 15.09.2018 Uruchomiony przez Groszkowski (16-09-2018 16:23:54) Run:1 Uruchomiony z C:\Users\Groszkowski\Desktop Załadowane profile: Groszkowski (Dostępne profile: Groszkowski) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** Task: {AE27534C-11BA-4DBF-8C95-584101DDC396} - System32\Tasks\{86F449C5-2B98-8B6F-AE6A-69938A2E7C0B} => C:\Users\Groszkowski\AppData\Roaming\OrNaQbOuUeaKu.exe [1601-01-03] (Microsoft Corporation) <==== UWAGA Task: {F21A2618-EF63-493F-AD75-C7621478EE80} - System32\Tasks\{97ACD2DF-F748-F49E-3A72-D68A58E7EDBA} => C:\Program Files (x86)\aidPQyulCwigE.exe [1601-01-03] (Microsoft Corporation) <==== UWAGA C:\Users\Groszkowski\AppData\Roaming\OrNaQbOuUeaKu.exe C:\Program Files (x86)\aidPQyulCwigE.exe FirewallRules: [{4FD9A2CD-E26A-47BC-94A0-24CA6B9B69D1}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{8FF3A818-6F52-4678-B549-38DCF37A815B}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{2BDD418F-1262-4C67-941A-FF7C886263CC}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{DB6B6933-10A5-4380-9132-5D1D6E9C098F}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{A6E768FD-F700-4D0C-ABF1-BA3C432D8FB5}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{3FF14B80-5FC3-45B6-96AD-4DFB42D9DDF0}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{4A1A6BBA-2E6F-4CBD-9626-AA86CEDB9837}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{DF9A7E9F-E067-4E60-B5D0-6768971D0FA6}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{BA404C60-28F8-432C-A963-C9CC9A2DE21F}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{CCA65AAF-8EE5-47CD-B0B5-D25913C60CBE}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{50EFD43E-0269-48F2-82D0-32D21DD0E9E9}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{FFECC525-F9DF-473A-ADD5-F71A4032C1DB}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{791215C6-3075-4F2A-B0A6-592B1793295B}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{E560AC47-2AAE-4A6E-B4BB-238A67029BF4}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{366A0327-1E1F-460C-93E1-390023C187D0}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{D3820EA5-8E80-4B50-AAB3-B582CD90B941}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{B44CA538-35C3-47FC-9BFA-521A98F1DD10}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{E8AA235A-6106-4B2B-B346-5B07AA28D9F1}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{1BE600B2-051D-4A3D-B897-0173C842448D}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{E50CA18D-F5BD-4DBA-89D0-D4F14099D02D}] => (Allow) C:\Windows\SysWOW64\svchost.exe HOSTS: 2018-09-15 12:51 - 2018-09-15 12:51 - 000000000 ____D C:\Program Files (x86)\mqj4bzkd1zs 1601-01-03 21:33 - 1601-01-03 21:33 - 000186368 ____N (Microsoft Corporation) C:\Program Files (x86)\gipW.exe Task: {3F833383-86EF-4394-ADB5-9A976D4507B1} - System32\Tasks\{37B145C6-C8BE-4D1B-9A3C-9D9480CD15C0} => C:\Windows\system32\pcalua.exe -a C:\Users\Groszkowski\Downloads\vcredist_x86(1).exe -d C:\Users\Groszkowski\Downloads Task: {A34C9DDB-8AA4-4B5B-B2FC-457B75CA95A1} - System32\Tasks\{78A4B29C-2E03-49D3-86B1-BBCF2D967638} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.exe" -d "C:\Program Files (x86)\Microsoft Visual Studio\Installer" HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA GroupPolicy\User: Ograniczenia ? <==== UWAGA S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170204.002\NAVENG.SYS [X] S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170204.002\NAVEX15.SYS [X] S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE27534C-11BA-4DBF-8C95-584101DDC396}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE27534C-11BA-4DBF-8C95-584101DDC396}" => pomyślnie usunięto C:\Windows\System32\Tasks\{86F449C5-2B98-8B6F-AE6A-69938A2E7C0B} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{86F449C5-2B98-8B6F-AE6A-69938A2E7C0B}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F21A2618-EF63-493F-AD75-C7621478EE80}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F21A2618-EF63-493F-AD75-C7621478EE80}" => pomyślnie usunięto C:\Windows\System32\Tasks\{97ACD2DF-F748-F49E-3A72-D68A58E7EDBA} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{97ACD2DF-F748-F49E-3A72-D68A58E7EDBA}" => pomyślnie usunięto C:\Users\Groszkowski\AppData\Roaming\OrNaQbOuUeaKu.exe => pomyślnie przeniesiono C:\Program Files (x86)\aidPQyulCwigE.exe => pomyślnie przeniesiono "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4FD9A2CD-E26A-47BC-94A0-24CA6B9B69D1}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8FF3A818-6F52-4678-B549-38DCF37A815B}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2BDD418F-1262-4C67-941A-FF7C886263CC}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB6B6933-10A5-4380-9132-5D1D6E9C098F}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6E768FD-F700-4D0C-ABF1-BA3C432D8FB5}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3FF14B80-5FC3-45B6-96AD-4DFB42D9DDF0}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A1A6BBA-2E6F-4CBD-9626-AA86CEDB9837}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF9A7E9F-E067-4E60-B5D0-6768971D0FA6}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA404C60-28F8-432C-A963-C9CC9A2DE21F}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CCA65AAF-8EE5-47CD-B0B5-D25913C60CBE}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50EFD43E-0269-48F2-82D0-32D21DD0E9E9}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FFECC525-F9DF-473A-ADD5-F71A4032C1DB}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{791215C6-3075-4F2A-B0A6-592B1793295B}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E560AC47-2AAE-4A6E-B4BB-238A67029BF4}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{366A0327-1E1F-460C-93E1-390023C187D0}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D3820EA5-8E80-4B50-AAB3-B582CD90B941}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B44CA538-35C3-47FC-9BFA-521A98F1DD10}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8AA235A-6106-4B2B-B346-5B07AA28D9F1}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1BE600B2-051D-4A3D-B897-0173C842448D}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E50CA18D-F5BD-4DBA-89D0-D4F14099D02D}" => pomyślnie usunięto Nie można przenieść "C:\Windows\System32\Drivers\etc\hosts" => Zaplanowany do przeniesienia przy restarcie. C:\Program Files (x86)\mqj4bzkd1zs => pomyślnie przeniesiono C:\Program Files (x86)\gipW.exe => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F833383-86EF-4394-ADB5-9A976D4507B1}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F833383-86EF-4394-ADB5-9A976D4507B1}" => pomyślnie usunięto C:\Windows\System32\Tasks\{37B145C6-C8BE-4D1B-9A3C-9D9480CD15C0} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{37B145C6-C8BE-4D1B-9A3C-9D9480CD15C0}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A34C9DDB-8AA4-4B5B-B2FC-457B75CA95A1}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A34C9DDB-8AA4-4B5B-B2FC-457B75CA95A1}" => pomyślnie usunięto C:\Windows\System32\Tasks\{78A4B29C-2E03-49D3-86B1-BBCF2D967638} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{78A4B29C-2E03-49D3-86B1-BBCF2D967638}" => pomyślnie usunięto "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => pomyślnie usunięto C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\User => pomyślnie przeniesiono "HKLM\System\CurrentControlSet\Services\NAVENG" => pomyślnie usunięto NAVENG => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\NAVEX15" => pomyślnie usunięto NAVEX15 => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\npf" => pomyślnie usunięto npf => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\xhunter1" => pomyślnie usunięto xhunter1 => serwis pomyślnie usunięto Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 16-09-2018 16:26:06) C:\Windows\System32\Drivers\etc\hosts => został pomyślnie przeniesiony Hosts pomyślnie przywrócono. ==== Koniec Fixlog 16:26:11 ====