Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 22-11-2020 01 Uruchomiony przez A (administrator) DESKTOP-1JM6A6N (Gigabyte Technology Co., Ltd. B450M DS3H) (23-11-2020 17:48:20) Uruchomiony z G:\Program Files\First Załadowane profile: A Platform: Windows 10 Pro Wersja 2004 19041.572 (X64) Język: Polski (Polska) Domyślna przeglądarka: FF Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) () [Brak podpisu cyfrowego] G:\Program Files\RocketDock\RocketDock.exe (Epic Games Inc. -> Epic Games, Inc.) G:\Program Files\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe (Epic Games Inc. -> Epic Games, Inc.) G:\Program Files\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe (Firebit OU -> Rainmeter) G:\Program Files\Rainmeter\Rainmeter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\A\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\NisSrv.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edf184f24a37bacd\Display.NvContainer\NVDisplay.Container.exe <2> (Rainy -> ) G:\Program Files\Rainleander\Rainlendar2.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2> ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-2480323449-1803124515-3812292949-1001\...\Run: [RocketDock] => G:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] () [Brak podpisu cyfrowego] HKU\S-1-5-21-2480323449-1803124515-3812292949-1001\...\Run: [Rainlendar2] => G:\Program Files\Rainleander\Rainlendar2.exe [3097640 2015-11-13] (Rainy -> ) HKU\S-1-5-21-2480323449-1803124515-3812292949-1001\...\Run: [EpicGamesLauncher] => G:\Program Files\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33130384 2020-11-23] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-2480323449-1803124515-3812292949-1001\...\MountPoints2: {0ac775ee-e05b-11ea-bc26-001a7dda7113} - "K:\setup.exe" HKU\S-1-5-21-2480323449-1803124515-3812292949-1001\...\MountPoints2: {7442c563-e519-11ea-bc2e-001a7dda7113} - "K:\setup.exe" HKU\S-1-5-21-2480323449-1803124515-3812292949-1001\...\MountPoints2: {a5d2a333-e2e3-11ea-bc2b-001a7dda7113} - "K:\setup.exe" HKU\S-1-5-21-2480323449-1803124515-3812292949-1001\...\MountPoints2: {b83b59c9-dd5a-11ea-bc21-001a7dda7113} - "K:\setup.exe" HKU\S-1-5-21-2480323449-1803124515-3812292949-1001\...\MountPoints2: {b83b5a6f-dd5a-11ea-bc21-001a7dda7113} - "K:\setup.exe" HKU\S-1-5-21-2480323449-1803124515-3812292949-1001\...\MountPoints2: {b83b5bcd-dd5a-11ea-bc21-001a7dda7113} - "K:\setup.exe" HKU\S-1-5-21-2480323449-1803124515-3812292949-1001\...\MountPoints2: {b83b5cc6-dd5a-11ea-bc21-001a7dda7113} - "K:\setup.exe" HKU\S-1-5-21-2480323449-1803124515-3812292949-1001\...\MountPoints2: {b83b5e6e-dd5a-11ea-bc21-001a7dda7113} - "K:\setup.exe" Startup: C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2020-03-31] ShortcutTarget: Rainmeter.lnk -> G:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter) ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {3159C06A-0D0E-4AE3-8D26-29F4A97A2E61} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-18] (Mozilla Corporation -> Mozilla Foundation) Task: {3D75042E-ABD4-4334-977A-28D0DE635A1A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {40B50639-30D8-4E4A-A619-A135923300BD} - System32\Tasks\GlaryUpdate 5 => G:\Program Files\Glary Utilities Pro 5.143.0.169 [Multilanguage] [Setup + Portable] [elladajarek]\Glary Utilities Pro 5.143.0.169 Portable\Portable\CheckUpdate.exe [44976 2020-05-29] (Glarysoft LTD -> Glarysoft Ltd) Task: {4DD7F875-5FFB-42DA-A861-7EB4E4F63871} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {9C1F9C66-3ECD-4107-9E29-73804F07EC6C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {ADAAA32F-EF95-4793-8506-C29D03C68830} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {B8D4161D-E650-4D91-A2A5-D5B17111ADAE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 Tcpip\..\Interfaces\{faeeed69-cb91-4c66-b4a2-101e967a77b4}: [DhcpNameServer] 62.179.1.62 62.179.1.63 Edge: ====== Edge Profile: C:\Users\A\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-23] FireFox: ======== FF DefaultProfile: 7wtphhvo.default FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\7wtphhvo.default [2020-11-23] FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\tsuflmbu.default-release [2020-11-23] FF Homepage: Mozilla\Firefox\Profiles\tsuflmbu.default-release -> www.Google.pl FF HKU\S-1-5-21-2480323449-1803124515-3812292949-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\A\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi FF Extension: (Ace Script) - C:\Users\A\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-01-24] FF Plugin HKU\S-1-5-21-2480323449-1803124515-3812292949-1001: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\A\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies) Chrome: ======= CHR HKU\S-1-5-21-2480323449-1803124515-3812292949-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5102504 2020-10-15] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edf184f24a37bacd\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edf184f24a37bacd\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429288 2020-11-06] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-06] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2020-11-23 15:02 - 2020-11-23 17:10 - 000007626 _____ C:\Users\A\AppData\Local\Resmon.ResmonCfg 2020-11-23 14:16 - 2020-11-23 17:48 - 000000000 ____D C:\FRST 2020-11-18 00:05 - 2020-11-18 00:05 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2020-11-06 22:17 - 2020-11-06 22:17 - 000000000 ____D C:\Users\A\AppData\Local\CrashDumps 2020-10-31 10:36 - 2020-11-04 19:55 - 000000000 ____D C:\Users\A\AppData\Local\Saber 2020-10-31 10:36 - 2020-10-31 10:36 - 000000000 ____D C:\Users\Public\Documents\Epic 2020-10-28 17:06 - 2020-11-21 09:26 - 000002823 _____ C:\Users\A\Documents\Niepołomice godziny.txt 2020-10-24 11:32 - 2020-10-24 11:32 - 000000781 _____ C:\Users\Public\Desktop\Foundation.lnk 2020-10-24 11:32 - 2020-10-24 11:32 - 000000000 ____D C:\Users\A\Documents\Polymorph Games 2020-10-24 11:32 - 2020-10-24 11:32 - 000000000 ____D C:\Users\A\AppData\Local\CrashRpt 2020-10-24 11:32 - 2020-10-24 11:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foundation [GOG.com] ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2020-11-23 17:46 - 2020-08-06 17:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-11-23 17:46 - 2020-08-06 17:50 - 000008192 ___SH C:\DumpStack.log.tmp 2020-11-23 17:46 - 2020-03-31 20:38 - 000000000 ____D C:\Users\A\.rainlendar2 2020-11-23 17:45 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2020-11-23 17:14 - 2020-08-06 17:53 - 001767980 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-11-23 17:14 - 2019-12-07 16:09 - 000784276 _____ C:\WINDOWS\system32\perfh015.dat 2020-11-23 17:14 - 2019-12-07 16:09 - 000152172 _____ C:\WINDOWS\system32\perfc015.dat 2020-11-23 17:14 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2020-11-23 17:11 - 2020-03-31 17:36 - 000000000 ____D C:\ProgramData\Mozilla 2020-11-23 17:10 - 2020-03-31 17:36 - 000000000 ____D C:\Users\A\AppData\LocalLow\Mozilla 2020-11-23 16:55 - 2020-08-06 17:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-11-23 16:55 - 2020-03-31 21:02 - 000000000 ____D C:\Users\A\AppData\Roaming\vlc 2020-11-23 13:29 - 2020-03-31 21:24 - 000000000 ____D C:\Users\A\AppData\Roaming\uTorrent 2020-11-23 13:28 - 2020-03-31 21:29 - 000000000 ____D C:\Users\A\AppData\LocalLow\uTorrent 2020-11-23 12:10 - 2020-03-31 21:29 - 000000000 ____D C:\Users\A\AppData\Local\BitTorrentHelper 2020-11-21 16:39 - 2020-09-19 18:53 - 000000000 ____D C:\Users\A\AppData\Roaming\.ACEStream 2020-11-21 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2020-11-21 09:38 - 2020-06-09 15:30 - 000002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2020-11-21 09:38 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2020-11-21 09:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-11-18 20:06 - 2019-08-05 22:39 - 000000000 ____D C:\Users\A\Documents\My Games 2020-11-18 18:32 - 2020-03-31 17:36 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-11-18 18:32 - 2020-03-31 17:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-11-18 00:05 - 2020-03-31 17:36 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-11-15 17:46 - 2020-03-31 18:30 - 000000000 ____D C:\Users\A\AppData\Local\PlaceholderTileLogoFolder 2020-11-15 13:12 - 2020-03-31 18:02 - 000000000 ____D C:\Users\A\AppData\Local\Packages 2020-11-13 17:32 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-11-12 19:02 - 2020-08-06 17:54 - 000003510 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2020-11-12 19:02 - 2020-08-06 17:54 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2020-11-06 17:20 - 2020-03-31 17:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2020-11-03 22:59 - 2020-06-12 20:09 - 000001059 _____ C:\Users\A\Desktop\SnowRunner.lnk 2020-10-30 17:46 - 2020-03-31 12:12 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2020-10-29 16:25 - 2020-08-24 11:25 - 000000000 ____D C:\Users\A\AppData\Local\NVIDIA Corporation ==================== Pliki w katalogu głównym wybranych folderów ======== 2020-11-23 15:02 - 2020-11-23 17:10 - 000007626 _____ () C:\Users\A\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) ==================== Koniec FRST.txt ========================