coin miner i błąd skryptu windows firewall

[Flork 0]

https://www.easypaste.org/file/manage/LmvBpNXzsd6P1RgWuE7o?lang=pl

prosze i kojeny raz czekac do jutra XD

[Gość]

9 minut temu, Flork napisał:

https://www.easypaste.org/file/manage/LmvBpNXzsd6P1RgWuE7o?lang=pl

prosze i kojeny raz czekac do jutra XD

Uruchom FRST a następnie (poprzez skrót klawiszowy CTRL + Y) otwórz notatnik systemowy. Wklej w nim poniższą zawartość:

Cytat

CloseProcesses:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TLauncher\TLauncher.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HelpSoft Driver Updater\Dezinstalacja aplikacji PC HelpSoft Driver Updater.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HelpSoft Driver Updater\PC HelpSoft Driver Updater.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HelpSoft Driver Updater\Pomoc.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HelpSoft Driver Updater\Strona internetowa aplikacji PC HelpSoft Driver Updater.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farmer's Dynasty [GOG.com]\Usuń Farmer's Dynasty.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClownfishVoiceChanger\ClownfishVoiceChanger.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClownfishVoiceChanger\Uninstall.lnk 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab\Запустить Farming Simulator 17.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab\Удалить Farming Simulator 17.lnk
C:\Users\kamro\AppData\Roaming\MicrosoftWindowsFirewall\DiskBenchmark.lnk
C:\Users\kamro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAV Endpoint Protection.lnk
C:\Users\kamro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\epic.lnk
HKU\S-1-5-21-1841672281-1410727350-386385641-1001\...\StartupApproved\Run: => "ProductAuthenticationService"
HKU\S-1-5-21-1841672281-1410727350-386385641-1001\...\StartupApproved\Run: => "Windows Updates Service"
FirewallRules: [TCP Query User{30BDB4B9-FA0F-43DB-87C0-C91C9AFACF0C}C:\users\kamro\downloads\gta san andreas\gta_sa.exe] => (Allow) C:\users\kamro\downloads\gta san andreas\gta_sa.exe => Brak pliku
FirewallRules: [UDP Query User{F46137BB-4274-4CA9-8607-DE3D7C888EDD}C:\users\kamro\downloads\gta san andreas\gta_sa.exe] => (Allow) C:\users\kamro\downloads\gta san andreas\gta_sa.exe => Brak pliku
FirewallRules: [TCP Query User{FA9C2110-8386-4B57-8434-D038A364C468}D:\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => Brak pliku
FirewallRules: [UDP Query User{AE345F1F-13E9-4595-B70B-A76CB411E72F}D:\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => Brak pliku
FirewallRules: [{1FEEACAF-ACE3-464D-A27C-05DFCFF1E0FA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Brak pliku
FirewallRules: [{3920B9BE-B3EB-44ED-92BF-8191E9FA8680}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Brak pliku
FirewallRules: [{812BDF5C-965A-43B6-999A-1E878B506D48}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Brak pliku
FirewallRules: [{A4090108-6D46-4795-9031-90741361499E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Brak pliku
FirewallRules: [{D272676F-0F0A-4AA1-9403-0C890BE40501}] => (Allow) C:\Users\kamro\AppData\Local\Programs\Opera\82.0.4227.32\opera.exe => Brak pliku
FirewallRules: [TCP Query User{F41D6F9F-8BB3-42B1-984B-B748D8337B76}C:\users\kamro\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\kamro\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => Brak pliku
FirewallRules: [UDP Query User{E13F2B68-9A48-40A8-B193-2E77A3A578AA}C:\users\kamro\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\kamro\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => Brak pliku
FirewallRules: [TCP Query User{8AD22AA5-DFC6-4688-B1BA-7C4713F8CE3D}C:\users\kamro\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\kamro\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe => Brak pliku
FirewallRules: [UDP Query User{26EE9803-6440-48C8-BCB6-0CC370CFD85E}C:\users\kamro\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\kamro\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe => Brak pliku
FirewallRules: [TCP Query User{1A1B0073-6A48-40DB-B031-BBA88E259583}C:\users\kamro\desktop\nowy folder\beamng.drive v0.19.0.0\bin64\beamng.drive.x64.exe] => (Allow) C:\users\kamro\desktop\nowy folder\beamng.drive v0.19.0.0\bin64\beamng.drive.x64.exe => Brak pliku
FirewallRules: [UDP Query User{943ACCF5-C3A0-4035-8D98-24EE5FB15B7A}C:\users\kamro\desktop\nowy folder\beamng.drive v0.19.0.0\bin64\beamng.drive.x64.exe] => (Allow) C:\users\kamro\desktop\nowy folder\beamng.drive v0.19.0.0\bin64\beamng.drive.x64.exe => Brak pliku
FirewallRules: [TCP Query User{8B71B4B3-9991-4335-8814-41D739DCC479}C:\users\kamro\downloads\gta san andreas\proxy_sa.exe] => (Allow) C:\users\kamro\downloads\gta san andreas\proxy_sa.exe => Brak pliku
FirewallRules: [UDP Query User{6A971BC5-A5D3-437F-9353-4593D74926BE}C:\users\kamro\downloads\gta san andreas\proxy_sa.exe] => (Allow) C:\users\kamro\downloads\gta san andreas\proxy_sa.exe => Brak pliku
FirewallRules: [{D9916F8C-2704-4272-A5B4-878D672919EE}] => (Allow) C:\Users\kamro\AppData\Local\Programs\Opera\83.0.4254.47\opera.exe => Brak pliku
FirewallRules: [{11EC8D5F-18B5-497D-8101-E6655B915333}] => (Allow) C:\Users\kamro\AppData\Local\Programs\Opera\84.0.4316.31\opera.exe => Brak pliku
FirewallRules: [TCP Query User{AF0A2FAF-3273-4BCB-B515-A4FE7D5F6980}C:\users\kamro\downloads\farming.simulator.22.v1.3.0.0.all.dlc\farming simulator 22\x64\farmingsimulator2022game.exe] => (Allow) C:\users\kamro\downloads\farming.simulator.22.v1.3.0.0.all.dlc\farming simulator 22\x64\farmingsimulator2022game.exe => Brak pliku
FirewallRules: [UDP Query User{7AD36EC4-A7DE-4856-983D-DB3A4379DBE9}C:\users\kamro\downloads\farming.simulator.22.v1.3.0.0.all.dlc\farming simulator 22\x64\farmingsimulator2022game.exe] => (Allow) C:\users\kamro\downloads\farming.simulator.22.v1.3.0.0.all.dlc\farming simulator 22\x64\farmingsimulator2022game.exe => Brak pliku
FirewallRules: [TCP Query User{E7A3B317-6507-4175-BE08-8DAF6371B926}D:\farming simulator 22\x64\farmingsimulator2022game.exe] => (Allow) D:\farming simulator 22\x64\farmingsimulator2022game.exe => Brak pliku
FirewallRules: [UDP Query User{5613EA01-6918-49BE-88F2-B51B9D485DF6}D:\farming simulator 22\x64\farmingsimulator2022game.exe] => (Allow) D:\farming simulator 22\x64\farmingsimulator2022game.exe => Brak pliku
FirewallRules: [{172AB645-B88B-4961-A094-C7B31764E20B}] => (Allow) D:\Zona\Zona.exe => Brak pliku
FirewallRules: [{8122E21F-8793-44D9-AAF2-44FDAD19269F}] => (Allow) D:\Zona\Zona.exe => Brak pliku
(hxxps://trex-miner.com) [Brak podpisu cyfrowego] C:\Users\kamro\AppData\Roaming\MicrosoftWindowsFirewall\System.exe
C:\Users\kamro\AppData\Roaming\MicrosoftWindowsFirewall
HKU\S-1-5-21-1841672281-1410727350-386385641-1001\...\Run: [ProductAuthenticationService] => "C:\Users\kamro\AppData\Roaming\ProductAuthenticationService\pas.exe" /nogui (Brak pliku) <==== UWAGA
HKU\S-1-5-21-1841672281-1410727350-386385641-1001\...\Run: [Windows Updates Service] => C:\Users\kamro\AppData\Roaming\Windows Updates Files\Windows Updates Service.vbe (Brak pliku) <==== UWAGA
HKU\S-1-5-21-1841672281-1410727350-386385641-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (Brak pliku)
Startup: C:\Users\kamro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DiskBenchmark.lnk [2022-07-18]
ShortcutTarget: DiskBenchmark.lnk -> C:\Users\kamro\AppData\Roaming\MicrosoftWindowsFirewall\launch.vbs () [Brak podpisu cyfrowego]
Startup: C:\Users\kamro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\epic.lnk [2022-07-18]
ShortcutTarget: epic.lnk -> C:\Users\kamro\AppData\Roaming\MicrosoftWindowsFirewall\epic.vbs (Brak pliku)
Task: {D1C986EE-8BC7-4B6F-B56A-364638F24FC9} - System32\Tasks\PC HelpSoft Driver Updater automatic scan and new device notifications => C:\Program Files (x86)\PC HelpSoft Driver Updater\HDMTray.exe (Brak pliku) <==== UWAGA
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [55320 2022-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== UWAGA (Brak ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== UWAGA (Brak ServiceDLL)
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
EmptyEventLogs:
Reboot:

Poprzez skrót klawiszowy CTRL + S (albo przez Plik -> Zapisz) zapisz zmiany w notatniku a następnie w FRST kliknij na Napraw. Na zakończenie naprawy FRST poprosi o restart systemu. Po restarcie powinno być już ok.

[Flork 0]

DZK DZIAŁA

[rudyczlek 0]

@toska78 ten sam problem co u reszty. Prosiłbym o pomoc. W załączniku przesyłam logi. Z góry dziękuję 

 

logi.rar

[Gość]

44 minuty temu, rudyczlek napisał:

@toska78 ten sam problem co u reszty. Prosiłbym o pomoc. W załączniku przesyłam logi. Z góry dziękuję 

Uruchom FRST a następnie (poprzez skrót klawiszowy CTRL + Y) otwórz notatnik systemowy. Wklej w nim poniższą zawartość:

Cytat

CloseProcesses:
Shortcut: C:\Users\jakut\Desktop\szkoła\Google Docs.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat (Brak pliku)
Shortcut: C:\Users\jakut\Desktop\szkoła\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat (Brak pliku)
Shortcut: C:\Users\jakut\Desktop\szkoła\Google Sheets.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat (Brak pliku)
Shortcut: C:\Users\jakut\Desktop\szkoła\Google Slides.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat (Brak pliku)
FirewallRules: [TCP Query User{F9A7A36E-1543-4BBB-9B45-2AD13B009A37}F:\resolve.exe] => (Allow) F:\resolve.exe => Brak pliku
FirewallRules: [UDP Query User{E2FB2B6E-BBE6-4C0E-8618-C6B8507C20D2}F:\resolve.exe] => (Allow) F:\resolve.exe => Brak pliku
FirewallRules: [TCP Query User{D9935A20-C465-4BD0-B74F-0F6205E26F06}F:\fuscript.exe] => (Allow) F:\fuscript.exe => Brak pliku
FirewallRules: [UDP Query User{D06D00F0-E309-4026-9BD8-26632D309197}F:\fuscript.exe] => (Allow) F:\fuscript.exe => Brak pliku
FirewallRules: [{A1999F57-2D0E-4714-9A02-58CE1BFF560C}] => (Allow) F:\davici2\ElementsPanelDaemon.exe => Brak pliku
(cmd.exe ->) (hxxps://trex-miner.com) [Brak podpisu cyfrowego] C:\Users\jakut\AppData\Roaming\MicrosoftWindowsFirewall\System.exe <2>
Startup: C:\Users\jakut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DiskBenchmark.lnk [2022-08-19]
ShortcutTarget: DiskBenchmark.lnk -> C:\Users\jakut\AppData\Roaming\MicrosoftWindowsFirewall\launch.vbs () [Brak podpisu cyfrowego]
Startup: C:\Users\jakut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\epic.lnk [2022-08-19]
ShortcutTarget: epic.lnk -> C:\Users\jakut\AppData\Roaming\MicrosoftWindowsFirewall\epic.vbs (Brak pliku)
2022-08-19 18:01 - 2022-08-19 18:01 - 000000000 ____D C:\Users\jakut\Downloads\FRST-OlderVersion
EmptyEventLogs:
Reboot:

Poprzez skrót klawiszowy CTRL + S (albo przez Plik -> Zapisz) zapisz zmiany w notatniku a następnie w FRST kliknij na Napraw. Na zakończenie naprawy FRST poprosi o restart systemu. Po restarcie powinno być już ok.

[Flork 0]

naprawa rozwiazana, wywalilo prad i cyk pozni dziala 

[km008 0]

mam ten sam problem, zaradzi ktoś?

[creven777 0]

Siemka! Wyskakuje mi ten sam problem, oto logi z FRST:

frst.rar

[Gość]

21 minut temu, creven777 napisał:

Siemka! Wyskakuje mi ten sam problem, oto logi z FRST:

frst.rar 33 kB · 0 pobrań

Uruchom FRST a następnie (poprzez skrót klawiszowy CTRL + Y) otwórz notatnik systemowy. Wklej w nim poniższą zawartość:

Cytat

CloseProcesses:
FirewallRules: [UDP Query User{28054DEB-AC82-4DBD-8922-00CF9C952872}\\192.168.50.1\wds\script\driverpack\bin\tools\aria2c.exe] => (Block) \\192.168.50.1\wds\script\driverpack\bin\tools\aria2c.exe => Brak pliku
FirewallRules: [TCP Query User{A6EFD0A6-31F7-447E-BD40-40C48B0CBB35}\\192.168.50.1\wds\script\driverpack\bin\tools\aria2c.exe] => (Block) \\192.168.50.1\wds\script\driverpack\bin\tools\aria2c.exe => Brak pliku
FirewallRules: [{22C8CCAB-DE15-4010-B935-E19FC2005B34}] => (Allow) Z:\bin\tools\aria2c.exe => Brak pliku
(cmd.exe ->) (hxxps://trex-miner.com) [Brak podpisu cyfrowego] C:\Users\BAJTEKMEDIA\AppData\Roaming\MicrosoftWindowsFirewall\System.exe <2>
Startup: C:\Users\BAJTEKMEDIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DiskBenchmark.lnk [2022-08-26]
ShortcutTarget: DiskBenchmark.lnk -> C:\Users\BAJTEKMEDIA\AppData\Roaming\MicrosoftWindowsFirewall\launch.vbs () [Brak podpisu cyfrowego]
Startup: C:\Users\BAJTEKMEDIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\epic.lnk [2022-08-26]
ShortcutTarget: epic.lnk -> C:\Users\BAJTEKMEDIA\AppData\Roaming\MicrosoftWindowsFirewall\epic.vbs (Brak pliku)
Task: {01F8F8F7-2F83-4627-B0D3-B6AAE52E3504} - System32\Tasks\rundll32 => "C:\Windows\SoftwareDistribution\PostRebootEventCache.V2\rundll32.exe"  (Brak pliku)
Task: {0219DBCD-B63D-4302-B56E-5EEAE9C5FE43} - System32\Tasks\Corsair.Service => C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\Corsair.Service.exe (Brak pliku)
Task: {0BF73C9E-CAED-4D14-B4A3-AA58CC3E934C} - System32\Tasks\GalaxyClientG => C:\Recovery\AutoApply\GalaxyClient.exe (Brak pliku)
Task: {0D8B5EF8-4EA1-4498-94DE-D1900ECC23E5} - System32\Tasks\rundll32r => "C:\Windows\SoftwareDistribution\PostRebootEventCache.V2\rundll32.exe"  (Brak pliku)
Task: {13B42189-9C9A-4A89-A3FA-CFD74830928A} - System32\Tasks\Core Temp => C:\Windows\LiveKernelReports\WATCHDOG\Core Temp.exe (Brak pliku)
Task: {197F6243-00AD-42F9-9CF2-8B4A489ED39E} - System32\Tasks\GraphicsCardEngineG => C:\OneDriveTemp\S-1-5-21-2028282509-860804826-2922198220-1001\GraphicsCardEngine.exe (Brak pliku)
Task: {1DA289B5-40EB-457E-ACCE-13337D70556C} - System32\Tasks\XboxAppServicesX => C:\Users\Default User\XboxAppServices.exe (Brak pliku)
Task: {1FB25BD3-FDA3-413C-B282-E2A0C5126CF3} - System32\Tasks\CCLibraryC => C:\Recovery\AutoApply\CCLibrary.exe (Brak pliku)
Task: {25660828-F92C-4FB5-ABB9-5BAA917BD2EF} - System32\Tasks\IntelCpHDCPSvcI => C:\MSI\One Dragon Center\Mystic_Light\IntelCpHDCPSvc.exe (Brak pliku)
Task: {26DFDBED-747C-4978-A1FE-1D9F7E42B256} - System32\Tasks\Mystic_Light_Service => C:\Recovery\WindowsRE\Mystic_Light_Service.exe (Brak pliku)
Task: {27780D87-7560-41C5-B5AB-14B504A6B952} - System32\Tasks\Video.UI => C:\Windows\ModemLogs\Video.UI.exe (Brak pliku)
Task: {2F33CD8F-FBDA-4053-BCDB-4AE0C25DF47B} - System32\Tasks\IntelCpHDCPSvc => C:\MSI\One Dragon Center\Mystic_Light\IntelCpHDCPSvc.exe (Brak pliku)
Task: {350C03AD-47A9-4F90-AD3A-E4AC1AEFBC0D} - System32\Tasks\taskhostwt => C:\OneDriveTemp\S-1-5-21-2028282509-860804826-2922198220-1001\taskhostw.exe (Brak pliku) <==== UWAGA
Task: {38BFD2F2-3E11-41FF-8840-918DA18932BF} - System32\Tasks\SecurityHealthService => C:\OneDriveTemp\S-1-5-21-2028282509-860804826-2922198220-1001\SecurityHealthService.exe (Brak pliku)
Task: {505E51E5-35A0-42B3-BE6B-669E0B112F9D} - System32\Tasks\AORUS => C:\Intel\Logs\AORUS.exe (Brak pliku)
Task: {53C779D8-10E2-4C0F-8B35-0E93DB060F04} - System32\Tasks\winlogonw => C:\OneDriveTemp\S-1-5-21-2028282509-860804826-2922198220-1001\winlogon.exe (Brak pliku) <==== UWAGA
Task: {5911FF8D-6A8E-4BBD-A33D-44E978961F34} - System32\Tasks\CCLibrary => C:\Recovery\AutoApply\CCLibrary.exe (Brak pliku)
Task: {5DD52917-C008-47AA-9B36-47D4C8182D74} - System32\Tasks\nvcontainern => C:\Recovery\OEM\nvcontainer.exe (Brak pliku)
Task: {5E3BC0B2-E9EC-44FD-ADC9-8E242C053A0D} - System32\Tasks\WmiPrvSEW => C:\MSI\One Dragon Center\Mystic_Light\Profile\WmiPrvSE.exe (Brak pliku)
Task: {68948174-FED7-49F3-929B-E95E9ED7BCBC} - System32\Tasks\SecurityHealthServiceS => C:\OneDriveTemp\S-1-5-21-2028282509-860804826-2922198220-1001\SecurityHealthService.exe (Brak pliku)
Task: {6BE500CF-7269-47B1-862D-884BBA7B59E6} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2028282509-860804826-2922198220-500 => C:\Users\BAJTEKMEDIA\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Brak pliku)
Task: {72BBFBEA-CD2F-4D1F-87FA-477716303D5E} - System32\Tasks\Core TempC => C:\Windows\LiveKernelReports\WATCHDOG\Core Temp.exe (Brak pliku)
Task: {802AED40-9215-4539-93B1-7D93D5204F71} - System32\Tasks\Mystic_Light_ServiceM => C:\Recovery\WindowsRE\Mystic_Light_Service.exe (Brak pliku)
Task: {889A5468-B71A-4134-BB7A-DDDB35B64471} - System32\Tasks\XboxAppServices => C:\Users\Default User\XboxAppServices.exe (Brak pliku)
Task: {95AEE16D-7C18-4CB7-9AD9-03EB88131069} - System32\Tasks\taskhostw => C:\OneDriveTemp\S-1-5-21-2028282509-860804826-2922198220-1001\taskhostw.exe (Brak pliku) <==== UWAGA
Task: {9D21FB4A-2DBE-4B68-A157-E09ABD8F1F32} - System32\Tasks\Corsair.ServiceC => C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\Corsair.Service.exe (Brak pliku)
Task: {A9BCE90E-FD2F-4951-B8FB-4AF0ADA1A558} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2028282509-860804826-2922198220-500 => C:\Users\BAJTEKMEDIA\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (Brak pliku)
Task: {AEE32BC3-B03B-44A0-8270-462ABD086D46} - System32\Tasks\SecurityHealthHostS => C:\Intel\Logs\SecurityHealthHost.exe (Brak pliku)
Task: {AF703C58-5B97-4D8D-A1E4-773697C434DE} - System32\Tasks\SecurityHealthHost => C:\Intel\Logs\SecurityHealthHost.exe (Brak pliku)
Task: {AFC72E32-872E-4B4D-9A2C-6F60063C8F7E} - System32\Tasks\WmiPrvSE => C:\MSI\One Dragon Center\Mystic_Light\Profile\WmiPrvSE.exe (Brak pliku) <==== UWAGA
Task: {B2C8D6BC-3FB6-4BB6-A7FF-B88913785292} - System32\Tasks\SearchProtocolHostS => C:\MSI\One Dragon Center\Mystic_Light\Profile\SearchProtocolHost.exe (Brak pliku)
Task: {B4CE7A5B-4E56-4E14-9499-27153CDF31E4} - System32\Tasks\conhostc => C:\Program Files (x86)\InstallShield Installation Information\{964575C3-5820-4642-A89A-754255B5EFE1}\conhost.exe (Brak pliku)
Task: {BB6C28FE-35F9-4480-A3DC-697F9E178BF4} - System32\Tasks\EvtEngE => C:\Program Files (x86)\RivaTuner Statistics Server\Doc\EvtEng.exe (Brak pliku)
Task: {BE881EE2-8097-40C5-97A8-EBBE954117DE} - System32\Tasks\EvtEng => C:\Program Files (x86)\RivaTuner Statistics Server\Doc\EvtEng.exe (Brak pliku)
Task: {C230C0A9-DE61-46DE-A6AA-994190C4043B} - System32\Tasks\Video.UIV => C:\Windows\ModemLogs\Video.UI.exe (Brak pliku)
Task: {CA2E2ED1-052C-4E3F-9523-CD38DBEAFCA4} - System32\Tasks\chromec => "C:\Intel\Logs\chrome.exe"  (Brak pliku)
Task: {CBD7E033-C2F3-499C-B50C-3D20FFDE7C92} - System32\Tasks\GraphicsCardEngine => C:\OneDriveTemp\S-1-5-21-2028282509-860804826-2922198220-1001\GraphicsCardEngine.exe (Brak pliku)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Brak pliku)
Task: {DC8A296C-8D08-4C9B-8003-64E6282FEA9E} - System32\Tasks\AORUSA => C:\Intel\Logs\AORUS.exe (Brak pliku)
Task: {E1253034-9C18-48A8-B140-18ECC39E7E9D} - System32\Tasks\nvcontainer => C:\Recovery\OEM\nvcontainer.exe (Brak pliku)
Task: {E1EE0A43-0894-4FFB-9121-55A302154A1C} - System32\Tasks\SearchProtocolHost => C:\MSI\One Dragon Center\Mystic_Light\Profile\SearchProtocolHost.exe (Brak pliku)
Task: {F2A11867-77D4-47E2-BFEE-B8AC4954E5B1} - System32\Tasks\GalaxyClient => C:\Recovery\AutoApply\GalaxyClient.exe (Brak pliku)
Task: {FE925637-537A-4DAC-9290-C32517108872} - System32\Tasks\winlogon => C:\OneDriveTemp\S-1-5-21-2028282509-860804826-2922198220-1001\winlogon.exe (Brak pliku) <==== UWAGA
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
2022-09-12 13:32 - 2022-09-12 13:32 - 000000000 ____D C:\Users\BAJTEKMEDIA\Downloads\FRST-OlderVersion
EmptyEventLogs:
Reboot:

Poprzez skrót klawiszowy CTRL + S (albo przez Plik -> Zapisz) zapisz zmiany w notatniku a następnie w FRST kliknij na Napraw. Na zakończenie naprawy FRST poprosi o restart systemu. Po restarcie powinno być już ok.