Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 20-02-2023 Uruchomiony przez lukas (20-02-2023 23:19:58) Run:1 Uruchomiony z D:\Tools Załadowane profile: lukas Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: VirusTotal: D:\Games\cslol\cslol-manager\cslol-tools\mod-tools.exe VirusTotal: D:\Games\cslol\cslol-manager\cslol-manager.exe VirusTotal: C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Ograniczenia <==== UWAGA HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Ograniczenia <==== UWAGA HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [14632 2016-02-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) HKU\S-1-5-21-2690027950-2449419460-39360116-1002\...\Run: [Opera GX Browser Assistant] => D:\Tools\OperaGX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software) HKU\S-1-5-21-2690027950-2449419460-39360116-1002\...\Run: [com.blitz.app] => "C:\Users\lukas\AppData\Local\Programs\Blitz\Blitz.exe" --autostart (Brak pliku) HKU\S-1-5-21-2690027950-2449419460-39360116-1002\...\RunOnce: [Application Restart #1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [3362096 2023-02-17] (Brave Software, Inc. -> Brave Software, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{C57B257B-3D92-4AC0-8FE8-7D6FF81AEF73}] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f Task: {3438FFA3-9FBC-4507-8686-BEA4D60AE141} - System32\Tasks\Opera GX scheduled Autoupdate 1657039580 => D:\Tools\OperaGX\launcher.exe [2542536 2023-02-13] (Opera Norway AS -> Opera Software) Task: {90652DBF-A021-4337-96C6-1EA69AE71B2C} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1658331800 => D:\Tools\OperaGX\launcher.exe [2542536 2023-02-13] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="D:\Tools\OperaGX\assistant" $(Arg0) Task: {A6F7A292-313A-4921-ACC5-BCE6031528B0} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716192 2023-02-15] (Mozilla Corporation -> Mozilla Foundation) Task: {7B69E079-9E16-426D-9192-833B96726191} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674720 2023-02-15] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {C7A338A3-2098-4556-B32D-522C492A8313} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2645880 2023-02-01] (Overwolf Ltd -> Overwolf LTD) Tcpip\..\Interfaces\{46523236-dea1-4103-9b31-7dea526f8c98}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{46523236-dea1-4103-9b31-7dea526f8c98}: [DhcpNameServer] 192.168.1.1 S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\110.1.48.167\elevation_service.exe" [X] S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X] AlternateDataStreams: C:\ProgramData:err [1958] AlternateDataStreams: C:\Windows\system32\9EarsSurroundSound.dll:72B1DE377E [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Docker Desktop.lnk:CBB8C4555E [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk:F208FC6732 [3442] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [5966] FirewallRules: [TCP Query User{FD14ACC3-A60B-4234-B802-FFBE7B1202A5}C:\users\lukas\appdata\local\faceit\app-1.31.7\faceit.exe] => (Allow) C:\users\lukas\appdata\local\faceit\app-1.31.7\faceit.exe => Brak pliku FirewallRules: [UDP Query User{11A28510-8BD3-44FA-A577-F6D312A84E14}C:\users\lukas\appdata\local\faceit\app-1.31.7\faceit.exe] => (Allow) C:\users\lukas\appdata\local\faceit\app-1.31.7\faceit.exe => Brak pliku FirewallRules: [TCP Query User{2BEAFD67-560B-44E9-BA2C-F782DC981463}C:\users\lukas\appdata\local\faceit\app-1.31.9\faceit.exe] => (Allow) C:\users\lukas\appdata\local\faceit\app-1.31.9\faceit.exe => Brak pliku FirewallRules: [UDP Query User{E8FE3362-ABDD-402A-8417-62B9254087C2}C:\users\lukas\appdata\local\faceit\app-1.31.9\faceit.exe] => (Allow) C:\users\lukas\appdata\local\faceit\app-1.31.9\faceit.exe => Brak pliku FirewallRules: [TCP Query User{359F7275-8BDA-44CE-B2FE-8207CD3C18AD}C:\users\lukas\appdata\local\faceit\app-1.31.10\faceit.exe] => (Allow) C:\users\lukas\appdata\local\faceit\app-1.31.10\faceit.exe => Brak pliku FirewallRules: [UDP Query User{09D1AB59-FA55-44C5-A918-07BFB399BB6D}C:\users\lukas\appdata\local\faceit\app-1.31.10\faceit.exe] => (Allow) C:\users\lukas\appdata\local\faceit\app-1.31.10\faceit.exe => Brak pliku FirewallRules: [TCP Query User{47553010-24F8-49A0-8DF4-E8BD8E9DE174}D:\games\rubinumclient\pack2\rubinumpatcher.exe] => (Allow) D:\games\rubinumclient\pack2\rubinumpatcher.exe => Brak pliku FirewallRules: [UDP Query User{A7AA8CA6-744C-49F0-A8DF-F052043BB798}D:\games\rubinumclient\pack2\rubinumpatcher.exe] => (Allow) D:\games\rubinumclient\pack2\rubinumpatcher.exe => Brak pliku FirewallRules: [TCP Query User{8887ECD4-94AA-4F3A-A9EE-9DADE1285B84}D:\games\rubinumclient\rubinumpatcher.exe] => (Allow) D:\games\rubinumclient\rubinumpatcher.exe => Brak pliku FirewallRules: [UDP Query User{EEAB8738-D07D-4A54-8855-33F624FA06A9}D:\games\rubinumclient\rubinumpatcher.exe] => (Allow) D:\games\rubinumclient\rubinumpatcher.exe => Brak pliku FirewallRules: [{C18FC53E-6B84-4AFB-99D5-4B2444165C23}] => (Allow) D:\Tools\GamingTools\overwolf\0.217.0.9\OverwolfBrowser.exe => Brak pliku FirewallRules: [{D66231C1-B877-4E20-999A-1ABD0D1B0081}] => (Allow) D:\Tools\GamingTools\overwolf\0.217.0.9\OverwolfBrowser.exe => Brak pliku FirewallRules: [{E6F302CB-A426-4CBC-8D39-61C6311E26A9}] => (Block) D:\Tools\GamingTools\overwolf\0.217.0.9\OverwolfBrowser.exe => Brak pliku FirewallRules: [{238EFC59-58AE-4E4F-8438-D52EC46182AD}] => (Block) D:\Tools\GamingTools\overwolf\0.217.0.9\OverwolfBrowser.exe => Brak pliku Shortcut: C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\cslol-manager-2022-08-28-a8bfd10.lnk -> D:\Games\cslol-manager-2022-08-28-a8bfd10.zip (Brak pliku) EmptyEventLogs: EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Błąd: (0) Nie udało się utworzyć punktu przywracania. VirusTotal: D:\Games\cslol\cslol-manager\cslol-tools\mod-tools.exe => https://www.virustotal.com/gui/file/945367043b26dc6797a423677d152886a0b1749876ce817d32a5df4599f25147/detection/f-945367043b26dc6797a423677d152886a0b1749876ce817d32a5df4599f25147-1674883135 VirusTotal: D:\Games\cslol\cslol-manager\cslol-manager.exe => https://www.virustotal.com/gui/file/c08fb8237cc7563c5071a52227ae9c6ed7d56f01cfb379912320f990f4d0bdb3/detection/f-c08fb8237cc7563c5071a52227ae9c6ed7d56f01cfb379912320f990f4d0bdb3-1675547534 VirusTotal: C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe => https://www.virustotal.com/gui/file/bb8631f36bac5875af7a3f6aaff5e44a2e1726782cdbd937fb262f6116925e42/detection/f-bb8631f36bac5875af7a3f6aaff5e44a2e1726782cdbd937fb262f6116925e42-1676822841 HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => Wartość pomyślnie przywrócono "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\PreRun" => pomyślnie usunięto "HKU\S-1-5-21-2690027950-2449419460-39360116-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Opera GX Browser Assistant" => pomyślnie usunięto "HKU\S-1-5-21-2690027950-2449419460-39360116-1002\Software\Microsoft\Windows\CurrentVersion\Run\\com.blitz.app" => pomyślnie usunięto "HKU\S-1-5-21-2690027950-2449419460-39360116-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1" => pomyślnie usunięto HKLM\Software\Microsoft\Active Setup\Installed Components\{C57B257B-3D92-4AC0-8FE8-7D6FF81AEF73} => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3438FFA3-9FBC-4507-8686-BEA4D60AE141}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3438FFA3-9FBC-4507-8686-BEA4D60AE141}" => pomyślnie usunięto C:\Windows\System32\Tasks\Opera GX scheduled Autoupdate 1657039580 => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera GX scheduled Autoupdate 1657039580" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{90652DBF-A021-4337-96C6-1EA69AE71B2C}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90652DBF-A021-4337-96C6-1EA69AE71B2C}" => pomyślnie usunięto C:\Windows\System32\Tasks\Opera GX scheduled assistant Autoupdate 1658331800 => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera GX scheduled assistant Autoupdate 1658331800" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6F7A292-313A-4921-ACC5-BCE6031528B0}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6F7A292-313A-4921-ACC5-BCE6031528B0}" => pomyślnie usunięto C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B69E079-9E16-426D-9192-833B96726191}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B69E079-9E16-426D-9192-833B96726191}" => pomyślnie usunięto C:\Windows\System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Background Update 308046B0AF4A39CB" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7A338A3-2098-4556-B32D-522C492A8313}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7A338A3-2098-4556-B32D-522C492A8313}" => pomyślnie usunięto C:\Windows\System32\Tasks\Overwolf Updater Task => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Overwolf Updater Task" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46523236-dea1-4103-9b31-7dea526f8c98}\\NameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46523236-dea1-4103-9b31-7dea526f8c98}\\DhcpNameServer" => pomyślnie usunięto HKLM\System\CurrentControlSet\Services\BraveElevationService => pomyślnie usunięto BraveElevationService => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\EAAntiCheat => pomyślnie usunięto EAAntiCheat => serwis pomyślnie usunięto C:\ProgramData => ":err" ADS pomyślnie usunięto C:\Windows\system32\9EarsSurroundSound.dll => ":72B1DE377E" ADS pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => ":B1DA6C571C" ADS pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Docker Desktop.lnk => ":CBB8C4555E" ADS pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk => ":BE32D07BC5" ADS pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk => ":F20EF51E1F" ADS pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk => ":F208FC6732" ADS pomyślnie usunięto C:\Users\Public\Shared Files => ":VersionCache" ADS pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FD14ACC3-A60B-4234-B802-FFBE7B1202A5}C:\users\lukas\appdata\local\faceit\app-1.31.7\faceit.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{11A28510-8BD3-44FA-A577-F6D312A84E14}C:\users\lukas\appdata\local\faceit\app-1.31.7\faceit.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2BEAFD67-560B-44E9-BA2C-F782DC981463}C:\users\lukas\appdata\local\faceit\app-1.31.9\faceit.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E8FE3362-ABDD-402A-8417-62B9254087C2}C:\users\lukas\appdata\local\faceit\app-1.31.9\faceit.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{359F7275-8BDA-44CE-B2FE-8207CD3C18AD}C:\users\lukas\appdata\local\faceit\app-1.31.10\faceit.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{09D1AB59-FA55-44C5-A918-07BFB399BB6D}C:\users\lukas\appdata\local\faceit\app-1.31.10\faceit.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{47553010-24F8-49A0-8DF4-E8BD8E9DE174}D:\games\rubinumclient\pack2\rubinumpatcher.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A7AA8CA6-744C-49F0-A8DF-F052043BB798}D:\games\rubinumclient\pack2\rubinumpatcher.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8887ECD4-94AA-4F3A-A9EE-9DADE1285B84}D:\games\rubinumclient\rubinumpatcher.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EEAB8738-D07D-4A54-8855-33F624FA06A9}D:\games\rubinumclient\rubinumpatcher.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C18FC53E-6B84-4AFB-99D5-4B2444165C23}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D66231C1-B877-4E20-999A-1ABD0D1B0081}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6F302CB-A426-4CBC-8D39-61C6311E26A9}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{238EFC59-58AE-4E4F-8438-D52EC46182AD}" => pomyślnie usunięto C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\cslol-manager-2022-08-28-a8bfd10.lnk => pomyślnie przeniesiono =========== EmptyEventLogs: ========== 1174 Event logs cleared. ================================ =========== EmptyTemp: ========== FlushDNS => ukończone BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28528062 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 364069411 B Windows/system/drivers => 15416129 B Edge => 0 B Chrome => 404493489 B Brave => 1960288568 B Firefox => 45182972 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 144652 B LocalService => 148640 B NetworkService => 902572 B lukas => 401613985 B RecycleBin => 811181 B EmptyTemp: => 3 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 23:21:36 ====