Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 15.04.2019 01 Uruchomiony przez Admin (16-04-2019 11:20:57) Run:1 Uruchomiony z C:\Users\Admin\Downloads Załadowane profile: Admin (Dostępne profile: Admin) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: EmptyTemp: File: C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe (Mail.Ru, LLC -> ) C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe HKU\S-1-5-21-3517727832-3751651819-2852303650-1001\...\Run: [GameCenter] => C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe [9854592 2019-04-10] (Mail.Ru, LLC -> ) Tcpip\..\Interfaces\{BA7AD278-245A-4B82-AE0B-A15300471367}: [DhcpNameServer] 192.168.1.1 CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [16966416 2019-03-31] (Mail.Ru LLC -> LLC Mail.Ru) S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [16228328 2019-03-31] (Mail.Ru LLC -> LLC Mail.Ru) 2019-03-31 19:24 - 2017-12-15 20:40 - 016966416 _____ (LLC Mail.Ru) C:\WINDOWS\system32\mracsvc.exe 2019-03-31 19:24 - 2017-12-15 20:40 - 016228328 _____ (LLC Mail.Ru) C:\WINDOWS\system32\Drivers\mracdrv.sys ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku AlternateDataStreams: C:\Users\Admin:Heroes & Generals [38] HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Brak pliku) FirewallRules: [TCP Query User{DEBCE427-CB6C-43DB-B896-E8EC0A277AE6}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe Brak pliku FirewallRules: [UDP Query User{577DA86A-2A87-4481-B5E8-53D9DA2D2D08}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe Brak pliku FirewallRules: [{55BBB863-03B2-46E2-96A6-18E973CDD66C}] => (Block) C:\program files (x86)\skype\phone\skype.exe Brak pliku FirewallRules: [TCP Query User{D89A092A-36A4-4904-8DA4-A31B47DEC2CF}C:\users\admin\appdata\local\gamecenter\gamecenter.exe] => (Block) C:\users\admin\appdata\local\gamecenter\gamecenter.exe (Mail.Ru, LLC -> ) FirewallRules: [UDP Query User{FF58250F-4D8E-431D-ACA5-C4CB9B80A955}C:\users\admin\appdata\local\gamecenter\gamecenter.exe] => (Block) C:\users\admin\appdata\local\gamecenter\gamecenter.exe (Mail.Ru, LLC -> ) FirewallRules: [TCP Query User{4FC98646-56CB-490C-8893-AEF64AC216E9}D:\farming simulator 2013\x86\farmingsimulator2013game.exe] => (Allow) D:\farming simulator 2013\x86\farmingsimulator2013game.exe Brak pliku FirewallRules: [UDP Query User{35BD258B-6F94-4CCD-B9F9-B84807962F86}D:\farming simulator 2013\x86\farmingsimulator2013game.exe] => (Allow) D:\farming simulator 2013\x86\farmingsimulator2013game.exe Brak pliku FirewallRules: [{72770123-7023-4B8B-AFCB-6CC26CB7A71A}] => (Block) D:\farming simulator 2013\x86\farmingsimulator2013game.exe Brak pliku FirewallRules: [{8355544E-DE49-425B-A8B9-D2056DB513D2}] => (Block) D:\farming simulator 2013\x86\farmingsimulator2013game.exe Brak pliku FirewallRules: [TCP Query User{55C09193-403B-4FE1-B4DC-3AEEDFE7EA7C}E:\stam\steamapps\common\warface\mycomgames\mycomgames.exe] => (Allow) E:\stam\steamapps\common\warface\mycomgames\mycomgames.exe (Mail.Ru, LLC -> ) FirewallRules: [UDP Query User{4E299205-E1E2-4516-8C6E-70310DAE3748}E:\stam\steamapps\common\warface\mycomgames\mycomgames.exe] => (Allow) E:\stam\steamapps\common\warface\mycomgames\mycomgames.exe (Mail.Ru, LLC -> ) FirewallRules: [{95378645-D419-4DBC-9F47-1AC6DA2DF962}] => (Block) E:\stam\steamapps\common\warface\mycomgames\mycomgames.exe (Mail.Ru, LLC -> ) FirewallRules: [{D4B1CE69-86D9-4AE0-94F4-0DF5D44A904B}] => (Block) E:\stam\steamapps\common\warface\mycomgames\mycomgames.exe (Mail.Ru, LLC -> ) FirewallRules: [TCP Query User{EFDFC53C-28CB-4275-B3A8-685CF1FFF27D}E:\stam\steamapps\common\warface\warface\bin32release\game.exe] => (Block) E:\stam\steamapps\common\warface\warface\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH) FirewallRules: [UDP Query User{EA408BB8-F120-4659-A878-557F36D91540}E:\stam\steamapps\common\warface\warface\bin32release\game.exe] => (Block) E:\stam\steamapps\common\warface\warface\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH) FirewallRules: [TCP Query User{24C930F1-5876-40D7-9EE3-B4F22C254A1E}E:\stam\steamapps\common\warface\mycomgames\gamecenter.exe] => (Allow) E:\stam\steamapps\common\warface\mycomgames\gamecenter.exe (Mail.Ru, LLC -> ) FirewallRules: [UDP Query User{BBFF1F30-6547-4E83-A63A-D6CF07454055}E:\stam\steamapps\common\warface\mycomgames\gamecenter.exe] => (Allow) E:\stam\steamapps\common\warface\mycomgames\gamecenter.exe (Mail.Ru, LLC -> ) FirewallRules: [{BA867137-BA1B-4D40-9A90-9F88FE005C22}] => (Block) E:\stam\steamapps\common\warface\mycomgames\gamecenter.exe (Mail.Ru, LLC -> ) FirewallRules: [{1091F863-E291-4E09-A786-5EBB7E3DB787}] => (Block) E:\stam\steamapps\common\warface\mycomgames\gamecenter.exe (Mail.Ru, LLC -> ) RemoveProxy: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. ========================= File: C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe ======================== C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe Plik podpisany cyfrowo MD5: 5CA9CAC8008E931E1E8D27210D95BB51 Data utworzenia i modyfikacji: 2018-04-27 14:48 - 2019-04-10 15:36 Rozmiar: 009854592 Atrybuty: ----A Firma: Mail.Ru, LLC -> Wewnętrzna nazwa: Oryginalna nazwa: Produkt: Opis: Plik Wersja: Produkt Wersja: Prawa autorskie: VirusTotal: https://www.virustotal.com/file/3bd26fb8f4bb0540205d2d05f9005caf430dbd92ebc44168f728502122508a43/analysis/1554891208/ ====== Koniec File: ====== C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe => Nie odnaleziono uruchomionego procesu "HKU\S-1-5-21-3517727832-3751651819-2852303650-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GameCenter" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA7AD278-245A-4B82-AE0B-A15300471367}\\DhcpNameServer" => pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => pomyślnie usunięto HKLM\System\CurrentControlSet\Services\mracsvc => pomyślnie usunięto mracsvc => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\mracdrv => pomyślnie usunięto mracdrv => serwis pomyślnie usunięto C:\WINDOWS\system32\mracsvc.exe => pomyślnie przeniesiono C:\WINDOWS\system32\Drivers\mracdrv.sys => pomyślnie przeniesiono HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => pomyślnie usunięto HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => nie znaleziono HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => pomyślnie usunięto HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => nie znaleziono C:\Users\Admin => ":Heroes & Generals" ADS pomyślnie usunięto HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Brak pliku) => Błąd: Nie znaleziono automatycznej naprawy dla tego wejścia. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DEBCE427-CB6C-43DB-B896-E8EC0A277AE6}C:\program files (x86)\skype\phone\skype.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{577DA86A-2A87-4481-B5E8-53D9DA2D2D08}C:\program files (x86)\skype\phone\skype.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{55BBB863-03B2-46E2-96A6-18E973CDD66C}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D89A092A-36A4-4904-8DA4-A31B47DEC2CF}C:\users\admin\appdata\local\gamecenter\gamecenter.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FF58250F-4D8E-431D-ACA5-C4CB9B80A955}C:\users\admin\appdata\local\gamecenter\gamecenter.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4FC98646-56CB-490C-8893-AEF64AC216E9}D:\farming simulator 2013\x86\farmingsimulator2013game.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{35BD258B-6F94-4CCD-B9F9-B84807962F86}D:\farming simulator 2013\x86\farmingsimulator2013game.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72770123-7023-4B8B-AFCB-6CC26CB7A71A}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8355544E-DE49-425B-A8B9-D2056DB513D2}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{55C09193-403B-4FE1-B4DC-3AEEDFE7EA7C}E:\stam\steamapps\common\warface\mycomgames\mycomgames.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4E299205-E1E2-4516-8C6E-70310DAE3748}E:\stam\steamapps\common\warface\mycomgames\mycomgames.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{95378645-D419-4DBC-9F47-1AC6DA2DF962}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4B1CE69-86D9-4AE0-94F4-0DF5D44A904B}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EFDFC53C-28CB-4275-B3A8-685CF1FFF27D}E:\stam\steamapps\common\warface\warface\bin32release\game.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EA408BB8-F120-4659-A878-557F36D91540}E:\stam\steamapps\common\warface\warface\bin32release\game.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{24C930F1-5876-40D7-9EE3-B4F22C254A1E}E:\stam\steamapps\common\warface\mycomgames\gamecenter.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BBFF1F30-6547-4E83-A63A-D6CF07454055}E:\stam\steamapps\common\warface\mycomgames\gamecenter.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA867137-BA1B-4D40-9A90-9F88FE005C22}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1091F863-E291-4E09-A786-5EBB7E3DB787}" => pomyślnie usunięto ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto "HKU\S-1-5-21-3517727832-3751651819-2852303650-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\S-1-5-21-3517727832-3751651819-2852303650-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto ========= Koniec RemoveProxy: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25136050 B Java, Flash, Steam htmlcache => 17830738 B Windows/system/drivers => 2735495 B Edge => 0 B Chrome => 293894253 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile32 => 0 B LocalService => 6574 B NetworkService => 0 B Admin => 431853947 B RecycleBin => 43649 B EmptyTemp: => 743.8 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 11:21:18 ====