Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 3-07-2019 Uruchomiony przez spejson023 (07-07-2019 17:06:28) Run:1 Uruchomiony z C:\Users\spejson023\Desktop\frs Załadowane profile: spejson023 (Dostępne profile: spejson023) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: EmptyTemp: File: C:\Users\spejson023\zeebei.exe (Pokki -> Pokki) C:\Users\spejson023\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki -> Pokki) C:\Users\spejson023\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki -> Pokki) C:\Users\spejson023\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (Pokki -> Pokki) C:\Users\spejson023\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe******************************************************************** [53504 2014-06-27] () [Brak podpisu cyfrowego] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-4291272340-2643005322-3467024192-1002\...\Run: [zeebei] => C:\Users\spejson023\zeebei.exe [61440 2019-04-09] () [Brak podpisu cyfrowego] HKU\S-1-5-21-4291272340-2643005322-3467024192-1002\...\RunOnce: [Application Restart #0] => C:\Users\spejson023\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [8992976 2019-04-09] (Pokki -> Pokki) HKU\S-1-5-21-4291272340-2643005322-3467024192-1002\...\MountPoints2: {1e9a398c-4678-11e9-8261-f0761c2c864a} - "E:\autorun.exe" HKU\S-1-5-21-4291272340-2643005322-3467024192-1002\...\MountPoints2: {1e9a3d05-4678-11e9-8261-f0761c2c864a} - "E:\autorun.exe" Task: {A673C7F6-821D-434F-9895-EA2660452E24} - System32\Tasks\SweetLabs App Platform => C:\Users\spejson023\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [7561424 2019-04-09] (Pokki -> Pokki) Task: {CC3976E8-4061-4BC1-A718-4D1A3DB92BBD} - System32\Tasks\Opera scheduled Autoupdate 1552314485 => C:\Users\spejson023\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software) Tcpip\..\Interfaces\{01E441DB-7B0B-429F-8CE3-90149E4ED12C}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7D3A3724-B0C6-417B-AE9E-7EEE43EA9AD3}: [DhcpNameServer] 192.168.10.20 HKU\S-1-5-21-4291272340-2643005322-3467024192-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB HKU\S-1-5-21-4291272340-2643005322-3467024192-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4291272340-2643005322-3467024192-1002 -> DefaultScope {190F4328-8D6B-41D2-8484-E1CF966F3E60} URL = SearchScopes: HKU\S-1-5-21-4291272340-2643005322-3467024192-1002 -> {190F4328-8D6B-41D2-8484-E1CF966F3E60} URL = Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll Brak pliku Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll Brak pliku CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx S5 EasyAntiCheatSys; <==== UWAGA: Zablokowana usługa 2019-06-23 13:53 - 2019-06-30 13:22 - 000000295 _____ C:\Users\spejson023\d4ac4633ebd6440fa397b84f1bc94a3c.7z 2019-07-07 11:30 - 2019-03-10 22:37 - 000000000 ____D C:\Users\spejson023\AppData\Local\SweetLabs App Platform 2019-06-18 13:59 - 2019-03-11 16:28 - 000004130 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1552314485 2019-04-09 17:54 - 2019-04-09 17:54 - 000061440 __RSH () C:\Users\spejson023\zeebei.exe ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480] AlternateDataStreams: C:\Users\spejson023\ntuser.ini:NTV [12518] FirewallRules: [{80386162-F41D-4031-83F2-073C9E49FD26}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe Brak pliku FirewallRules: [{1624C36E-444C-42D3-832D-31A4D3F3FB78}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe Brak pliku FirewallRules: [{F7308C37-561A-4348-9F3A-2A2F500F793D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe Brak pliku FirewallRules: [{338DBB7E-5337-4D4A-B7C2-DC5DBD7CACC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe Brak pliku FirewallRules: [{5D9B60E7-652E-46AC-91F5-4602585DAE0C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe Brak pliku FirewallRules: [{5C3CCBFE-930E-4B77-A0D9-A72E8B7CCF4D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe Brak pliku FirewallRules: [TCP Query User{68F901DB-0C1A-433C-A629-106E814FA4B4}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe Brak pliku FirewallRules: [UDP Query User{FB6F8D8D-09E6-4AB9-92B7-CE8D31FE21ED}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe Brak pliku FirewallRules: [TCP Query User{722DC712-8E93-4BBF-A3D6-26B6BBB12A92}C:\users\spejson023\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\spejson023\appdata\local\warthunder\win64\aces.exe Brak pliku FirewallRules: [UDP Query User{CD9D9E0E-FEB5-4B11-9465-D8641488A047}C:\users\spejson023\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\spejson023\appdata\local\warthunder\win64\aces.exe Brak pliku FirewallRules: [TCP Query User{E8A5A551-7EA5-456B-B23C-2B89C0BF3DB2}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe Brak pliku FirewallRules: [UDP Query User{0CD3C5FB-880C-4D34-AF46-7D0082177FD8}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe Brak pliku FirewallRules: [TCP Query User{DA10AE49-E1FC-4410-9C60-C6DA24440FCF}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe Brak pliku FirewallRules: [UDP Query User{3705B126-9271-4C1C-9C7C-D2EA4D98D012}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe Brak pliku StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3 ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. ========================= File: C:\Users\spejson023\zeebei.exe ======================== C:\Users\spejson023\zeebei.exe Brak podpisu cyfrowego MD5: 341CE16370BBC6B052F06F4AF4A1AFF8 Data utworzenia i modyfikacji: 2019-04-09 17:54 - 2019-04-09 17:54 Rozmiar: 000061440 Atrybuty: --RSH Firma: Wewnętrzna nazwa: Oryginalna nazwa: Produkt: Opis: Plik Wersja: Produkt Wersja: Prawa autorskie: VirusTotal: 0 ====== Koniec File: ====== C:\Users\spejson023\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe => Nie odnaleziono uruchomionego procesu C:\Users\spejson023\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe => Nie odnaleziono uruchomionego procesu C:\Users\spejson023\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe => Nie odnaleziono uruchomionego procesu C:\Users\spejson023\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe => Nie odnaleziono uruchomionego procesu "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BacKGround Agent" => pomyślnie usunięto "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => pomyślnie usunięto "HKU\S-1-5-21-4291272340-2643005322-3467024192-1002\Software\Microsoft\Windows\CurrentVersion\Run\\zeebei" => pomyślnie usunięto "HKU\S-1-5-21-4291272340-2643005322-3467024192-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0" => pomyślnie usunięto HKU\S-1-5-21-4291272340-2643005322-3467024192-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e9a398c-4678-11e9-8261-f0761c2c864a} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{1e9a398c-4678-11e9-8261-f0761c2c864a} => nie znaleziono HKU\S-1-5-21-4291272340-2643005322-3467024192-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e9a3d05-4678-11e9-8261-f0761c2c864a} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{1e9a3d05-4678-11e9-8261-f0761c2c864a} => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A673C7F6-821D-434F-9895-EA2660452E24}" => nie znaleziono "C:\WINDOWS\System32\Tasks\SweetLabs App Platform" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC3976E8-4061-4BC1-A718-4D1A3DB92BBD}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC3976E8-4061-4BC1-A718-4D1A3DB92BBD}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1552314485 => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1552314485" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{01E441DB-7B0B-429F-8CE3-90149E4ED12C}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7D3A3724-B0C6-417B-AE9E-7EEE43EA9AD3}\\DhcpNameServer" => pomyślnie usunięto HKU\S-1-5-21-4291272340-2643005322-3467024192-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-4291272340-2643005322-3467024192-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => nie znaleziono HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => nie znaleziono "HKU\S-1-5-21-4291272340-2643005322-3467024192-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => pomyślnie usunięto HKU\S-1-5-21-4291272340-2643005322-3467024192-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{190F4328-8D6B-41D2-8484-E1CF966F3E60} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{190F4328-8D6B-41D2-8484-E1CF966F3E60} => nie znaleziono HKLM\Software\Classes\PROTOCOLS\Handler\dssrequest => nie znaleziono HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => nie znaleziono HKLM\Software\Classes\PROTOCOLS\Handler\sacore => nie znaleziono HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => nie znaleziono HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => nie znaleziono HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => nie znaleziono HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => pomyślnie usunięto HKLM\System\CurrentControlSet\Services\EasyAntiCheatSys => nie znaleziono EasyAntiCheatSys => serwis pomyślnie usunięto C:\Users\spejson023\d4ac4633ebd6440fa397b84f1bc94a3c.7z => pomyślnie przeniesiono "C:\Users\spejson023\AppData\Local\SweetLabs App Platform" => nie znaleziono "C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1552314485" => nie znaleziono C:\Users\spejson023\zeebei.exe => pomyślnie przeniesiono HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => pomyślnie usunięto HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => nie znaleziono HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => pomyślnie usunięto HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => nie znaleziono C:\Users\Public\Shared Files => ":VersionCache" ADS pomyślnie usunięto C:\Users\spejson023\ntuser.ini => ":NTV" ADS pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80386162-F41D-4031-83F2-073C9E49FD26}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1624C36E-444C-42D3-832D-31A4D3F3FB78}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7308C37-561A-4348-9F3A-2A2F500F793D}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{338DBB7E-5337-4D4A-B7C2-DC5DBD7CACC2}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D9B60E7-652E-46AC-91F5-4602585DAE0C}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C3CCBFE-930E-4B77-A0D9-A72E8B7CCF4D}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{68F901DB-0C1A-433C-A629-106E814FA4B4}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FB6F8D8D-09E6-4AB9-92B7-CE8D31FE21ED}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{722DC712-8E93-4BBF-A3D6-26B6BBB12A92}C:\users\spejson023\appdata\local\warthunder\win64\aces.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CD9D9E0E-FEB5-4B11-9465-D8641488A047}C:\users\spejson023\appdata\local\warthunder\win64\aces.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E8A5A551-7EA5-456B-B23C-2B89C0BF3DB2}C:\programdata\wargaming.net\gamecenter\wgc.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0CD3C5FB-880C-4D34-AF46-7D0082177FD8}C:\programdata\wargaming.net\gamecenter\wgc.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DA10AE49-E1FC-4410-9C60-C6DA24440FCF}C:\programdata\wargaming.net\gamecenter\wgc.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3705B126-9271-4C1C-9C7C-D2EA4D98D012}C:\programdata\wargaming.net\gamecenter\wgc.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" => pomyślnie usunięto =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49241865 B Java, Flash, Steam htmlcache => 48530832 B Windows/system/drivers => 10531146 B Edge => 0 B Chrome => 46650481 B Firefox => 0 B Opera => 479544247 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 514718 B systemprofile32 => 128 B LocalService => 15636 B NetworkService => 6188 B spejson023 => 2669481782 B RecycleBin => 544 B EmptyTemp: => 3.1 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 17:08:09 ====