Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 17.03.2019 Uruchomiony przez Gry (17-03-2019 18:42:02) Run:1 Uruchomiony z C:\Users\Gry\Downloads Załadowane profile: Gry (Dostępne profile: defaultuser0 & Gry) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: EmptyTemp: File: C:\Users\Gry\AppData\Local\GameCenter\GameCenter.exe HKU\S-1-5-21-2596830753-2234867079-354691743-1001\...\Run: [GameCenter] => C:\Users\Gry\AppData\Local\GameCenter\GameCenter.exe [9792640 2019-03-11] (Mail.Ru, LLC -> ) HKU\S-1-5-21-2596830753-2234867079-354691743-1001\...\Run: [ASRock A-Tuning] => [X] HKU\S-1-5-21-2596830753-2234867079-354691743-1001\...\Run: [ASRockRuefi] => [X] Startup: C:\Users\Gry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2018-12-30] ShortcutTarget: GenuineService.lnk -> C:\Users\Gry\Autodesk\Genuine Service\GenuineService.exe (Brak pliku) GroupPolicy: Ograniczenia ? <==== UWAGA Tcpip\..\Interfaces\{27252ae9-3a1b-4e93-bc7f-337a89824a5f}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{434d92a8-0b12-4f89-9d67-8fc2d45252e0}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{6fdb3e3c-9815-4d27-9cd0-d66c5ffcd45c}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{74638dc5-b0c6-45a7-af15-fc762909385f}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7c9168ad-e91a-4339-a4f5-ba1f7b18615d}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7e4b1031-a9b5-4f0c-8eef-ac4e17a4e929}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{c7db87ee-8ee9-45a7-b3f3-1ac5c0ef6eb0}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{dfbe3814-4541-4e2c-8c33-bb4fcc851b36}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{f7a7a35e-1a33-4ba8-a846-7598fa607500}: [DhcpNameServer] 192.168.0.1 SearchScopes: HKU\S-1-5-21-2596830753-2234867079-354691743-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE05 SearchScopes: HKU\S-1-5-21-2596830753-2234867079-354691743-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE05 CHR HomePage: Default -> hxxp://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=DAE1002163798E4D S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [16340752 2019-03-06] (Mail.Ru LLC -> LLC Mail.Ru) S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [15553520 2019-03-06] (Mail.Ru LLC -> LLC Mail.Ru) S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160601.040\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160601.040\EX64.SYS [X] 2019-03-06 16:39 - 2018-06-07 17:32 - 016340752 _____ (LLC Mail.Ru) C:\WINDOWS\system32\mracsvc.exe 2019-03-06 16:39 - 2018-06-07 17:32 - 015553520 _____ (LLC Mail.Ru) C:\WINDOWS\system32\Drivers\mracdrv.sys ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku Task: {727A3EF3-D8A3-4826-B424-EAF8E27BD30A} - System32\Tasks\ParkControl => C:\Program Files\ParkControl\parkcontrol.exe (Bitsum LLC -> Bitsum LLC) <==== UWAGA Task: {78204BE8-FA2A-4D75-9173-AC3650652B4B} - System32\Tasks\{58289D07-B2BA-4BE9-8EF8-773C721E9334} => C:\Windows\system32\pcalua.exe -a L:\ZToolBar.exe -d L:\ FirewallRules: [{C9311FC1-A14A-44FC-8F9D-F8A033116121}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe Brak pliku FirewallRules: [{D65319CB-F1E6-46E6-80F3-13C8258349D2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe Brak pliku FirewallRules: [{B6D5EB4B-3A05-4ED2-B5A8-EE42AAE7DD15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe Brak pliku FirewallRules: [{91E30AE4-B540-4E6D-A078-F5006D0F0C8C}] => (Allow) E:\SteamLibrary\steamapps\common\Sixense SDK\SixenseSteamLauncher.exe Brak pliku FirewallRules: [{A54C3875-544D-44DF-9C8E-85E123A73274}] => (Allow) E:\SteamLibrary\steamapps\common\Sixense SDK\SixenseSteamLauncher.exe Brak pliku FirewallRules: [{9210E52D-53E1-4F92-A992-266101FF1CB7}] => (Allow) LPort=53436 FirewallRules: [{20C1EFFA-8E75-4E90-B44E-00CC1DF022DC}] => (Allow) LPort=5000 FirewallRules: [TCP Query User{9BE5F344-423E-4612-BB33-3AEED6FDDCDA}C:\users\gry\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\gry\appdata\local\akamai\netsession_win.exe Brak pliku FirewallRules: [UDP Query User{A0FFCB07-B7B0-40A7-8086-2DE74C376E51}C:\users\gry\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\gry\appdata\local\akamai\netsession_win.exe Brak pliku RemoveProxy: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. ========================= File: C:\Users\Gry\AppData\Local\GameCenter\GameCenter.exe ======================== C:\Users\Gry\AppData\Local\GameCenter\GameCenter.exe Plik podpisany cyfrowo MD5: 5FC06240B7ABAC99DCCD41C5CAA80B45 Data utworzenia i modyfikacji: 2018-06-07 17:15 - 2019-03-11 21:25 Rozmiar: 009792640 Atrybuty: ----A Firma: Mail.Ru, LLC -> Wewnętrzna nazwa: Oryginalna nazwa: Produkt: Opis: Plik Wersja: Produkt Wersja: Prawa autorskie: VirusTotal: https://www.virustotal.com/file/e758b807c1269b4c8d157a77f47fc3cce0980a93ac69d4a7ffc9276b56417f93/analysis/1552310355/ ====== Koniec File: ====== "HKU\S-1-5-21-2596830753-2234867079-354691743-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GameCenter" => pomyślnie usunięto "HKU\S-1-5-21-2596830753-2234867079-354691743-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ASRock A-Tuning" => pomyślnie usunięto "HKU\S-1-5-21-2596830753-2234867079-354691743-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockRuefi" => pomyślnie usunięto C:\Users\Gry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk => pomyślnie przeniesiono "C:\Users\Gry\Autodesk\Genuine Service\GenuineService.exe" => nie znaleziono C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27252ae9-3a1b-4e93-bc7f-337a89824a5f}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{434d92a8-0b12-4f89-9d67-8fc2d45252e0}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6fdb3e3c-9815-4d27-9cd0-d66c5ffcd45c}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{74638dc5-b0c6-45a7-af15-fc762909385f}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7c9168ad-e91a-4339-a4f5-ba1f7b18615d}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7e4b1031-a9b5-4f0c-8eef-ac4e17a4e929}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c7db87ee-8ee9-45a7-b3f3-1ac5c0ef6eb0}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dfbe3814-4541-4e2c-8c33-bb4fcc851b36}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f7a7a35e-1a33-4ba8-a846-7598fa607500}\\DhcpNameServer" => pomyślnie usunięto "HKU\S-1-5-21-2596830753-2234867079-354691743-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => pomyślnie usunięto HKU\S-1-5-21-2596830753-2234867079-354691743-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => nie znaleziono "Chrome HomePage" => pomyślnie usunięto HKLM\System\CurrentControlSet\Services\mracsvc => pomyślnie usunięto mracsvc => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\mracdrv => pomyślnie usunięto mracdrv => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\NAVENG => pomyślnie usunięto NAVENG => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\NAVEX15 => pomyślnie usunięto NAVEX15 => serwis pomyślnie usunięto C:\WINDOWS\system32\mracsvc.exe => pomyślnie przeniesiono C:\WINDOWS\system32\Drivers\mracdrv.sys => pomyślnie przeniesiono HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => pomyślnie usunięto HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => nie znaleziono HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => pomyślnie usunięto HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => nie znaleziono HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => pomyślnie usunięto "HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => pomyślnie usunięto HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => nie znaleziono HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => pomyślnie usunięto HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => nie znaleziono HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => pomyślnie usunięto HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => nie znaleziono HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => pomyślnie usunięto HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{727A3EF3-D8A3-4826-B424-EAF8E27BD30A}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{727A3EF3-D8A3-4826-B424-EAF8E27BD30A}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\ParkControl => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParkControl" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78204BE8-FA2A-4D75-9173-AC3650652B4B}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78204BE8-FA2A-4D75-9173-AC3650652B4B}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\{58289D07-B2BA-4BE9-8EF8-773C721E9334} => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{58289D07-B2BA-4BE9-8EF8-773C721E9334}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9311FC1-A14A-44FC-8F9D-F8A033116121}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D65319CB-F1E6-46E6-80F3-13C8258349D2}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6D5EB4B-3A05-4ED2-B5A8-EE42AAE7DD15}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91E30AE4-B540-4E6D-A078-F5006D0F0C8C}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A54C3875-544D-44DF-9C8E-85E123A73274}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9210E52D-53E1-4F92-A992-266101FF1CB7}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20C1EFFA-8E75-4E90-B44E-00CC1DF022DC}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9BE5F344-423E-4612-BB33-3AEED6FDDCDA}C:\users\gry\appdata\local\akamai\netsession_win.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A0FFCB07-B7B0-40A7-8086-2DE74C376E51}C:\users\gry\appdata\local\akamai\netsession_win.exe" => pomyślnie usunięto ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto "HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto "HKU\S-1-5-21-2596830753-2234867079-354691743-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\S-1-5-21-2596830753-2234867079-354691743-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto ========= Koniec RemoveProxy: ========= =========== EmptyTemp: ========== BITS transfer queue => 11034624 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 223457046 B Java, Flash, Steam htmlcache => 363047224 B Windows/system/drivers => 2451170 B Edge => 9631634 B Chrome => 749964300 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 46650 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 97198 B LocalService => 0 B NetworkService => 206630 B NetworkService => 0 B defaultuser0 => 46650 B Gry => 42929688 B RecycleBin => 5119 B EmptyTemp: => 1.3 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 18:43:04 ====