Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 22-08.2024 Uruchomiony przez Lenovo (administrator) DESKTOP-1G9PTFA (ASUSTeK COMPUTER INC. Vivo AIO 16 V161GA_A41GA) (27-08-2024 11:19:46) Uruchomiony z C:\Users\Lenovo\Downloads\FRST64 (1).exe Załadowane profile: Lenovo Platforma: Microsoft Windows 11 Pro Wersja 23H2 22631.4037 (X64) Język: Polski (Polska) Domyślna przeglądarka: Edge Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Aeroadmin LLC -> AeroAdmin LLC) C:\Users\Lenovo\Downloads\AeroAdmin.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe ->) (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBox.Agent.exe (C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (C:\Program Files (x86)\Kingsoft\WPS Office\12.2.0.17562\office6\wpscloudsvr.exe ->) (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\WPS Office\12.2.0.17562\office6\wpscenter.exe (C:\Program Files (x86)\T-Connect App\TConnect2.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (C:\Program Files\WindowsApps\MSTeams_24193.1805.3040.8975_x64__8wekyb3d8bbwe\ms-teams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\msedgewebview2.exe <6> (DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxEM.exe (explorer.exe ->) () [Brak podpisu cyfrowego] [Plik w użyciu] C:\iRest\wrest.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Users\Lenovo\AppData\Local\Google\Chrome\Application\chrome.exe <32> (explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (explorer.exe ->) (Takeaway.com Group B.V. -> ) C:\Program Files (x86)\T-Connect App\TConnect2.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MSTeams_24193.1805.3040.8975_x64__8wekyb3d8bbwe\ms-teams.exe (services.exe ->) () [Brak podpisu cyfrowego] C:\mysql\bin\mysqld-nt.exe (services.exe ->) (ASUSTek Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe (services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe (services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe (services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe (services.exe ->) (ICEpower a/s -> ICEpower a/s) C:\Windows\System32\ICEsoundService64.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d2488852c7b45a0\OneApp.IGCC.WinService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_22c2c7607995c1e1\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_22c2c7607995c1e1\IntelCpHeciSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_e72614dff5a8a910\Intel_PIE_Service.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal_wc.inf_amd64_9171bd9f02afbfa0\jhi_service.exe (services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\servicehost.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\SpotifyWidgetProvider.exe (svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe (svchost.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.214.1843.0_x64__8wekyb3d8bbwe\PushNotificationsLongRunningTask.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.18500.10.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe (svchost.exe ->) (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\WPS Office\12.2.0.17562\office6\wpscloudsvr.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2019-12-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_ListenToDevice] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617568 2019-12-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331232 2024-07-23] (Avira Operations GmbH -> Avira Operations GmbH) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Ograniczenia <==== UWAGA HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Ograniczenia <==== UWAGA HKU\S-1-5-21-2460985897-3955756783-2422704168-1001\...\Run: [MicrosoftEdgeAutoLaunch_5EF70F99B4529735F3564FFE246DB961] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3741224 2024-08-22] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2460985897-3955756783-2422704168-1001\...\Run: [GoogleUpdaterTaskUser129.0.6651.0] => C:\Users\Lenovo\AppData\Local\Google\GoogleUpdater\129.0.6651.0\updater.exe [4906600 2024-08-11] (Google LLC -> Google LLC) HKLM\...\Windows x64\Print Processors\Canon MP230 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDB5.DLL [30208 2012-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MP230 series: C:\WINDOWS\system32\CNMLMB5.DLL [389120 2012-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-Connect App.lnk [2024-07-17] ShortcutTarget: T-Connect App.lnk -> C:\Program Files (x86)\T-Connect App\TConnect2.exe (Takeaway.com Group B.V. -> ) ==================== Zaplanowane zadania (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {841617A2-E548-4CA7-A02C-B2AEC1273DFF} - System32\Tasks\ASUS Hello => C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe [642448 2018-05-31] (ASUSTeK Computer Inc. -> ) Task: {350BDC22-AD54-4747-837B-8159847AFC23} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [124304 2017-11-24] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {57AF3085-2A57-4AA9-95A5-DC7C9A9D23D1} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [124304 2017-11-24] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {E8AA1721-5906-45E2-8104-1A3D9319D1F0} - System32\Tasks\Avira_FallbackUpdater => C:\Windows\System32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start AviraFallbackUpdater Delayed=false Task: {B922DC6E-B25B-4633-8AAE-39A388D6267E} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry Task: {B922DC6E-B25B-4633-8AAE-39A388D6267E} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog Task: {B922DC6E-B25B-4633-8AAE-39A388D6267E} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector Task: {DCCAEB78-7B52-4D18-9E3A-E9384A094C42} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [259944 2024-08-12] (Avira Operations GmbH -> Avira Operations GmbH) Task: {5BCDD45C-5752-47DA-86A7-9683407E4B65} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1775464 2024-08-12] (Avira Operations GmbH -> Avira Operations GmbH) Task: {A934CA10-B280-4050-B068-2B8FE6884A9E} - System32\Tasks\Avira_Security_Update => C:\Windows\System32\net.exe [81920 2022-05-07] (Microsoft Windows -> Microsoft Corporation) Task: {948DA76A-41EB-44CA-8457-378B39DEFF45} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [36795696 2024-07-30] (Avira Operations GmbH -> Avira Operations GmbH) Task: {84EEB750-3C5C-42C9-B6F4-09A86CD76C1B} - System32\Tasks\GoogleUser\GoogleUpdater\GoogleUpdaterTaskUser129.0.6651.0{C28C1429-1E31-48F9-8D3B-0E5A5D0C1607} => C:\Users\Lenovo\AppData\Local\Google\GoogleUpdater\129.0.6651.0\updater.exe [4906600 2024-08-11] (Google LLC -> Google LLC) Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Brak pliku) Task: {C97D80F0-1A42-49F0-8879-24D7AD316D5C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (Brak pliku) Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe ForcedReboot (Brak pliku) Task: {35F57237-4EFC-460D-BA36-C7268C4DCFD7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (Brak pliku) Task: {3E84D387-2BD7-4405-9FF2-8B9B8AC8CCB3} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (Brak pliku) Task: {7D993353-1A89-4BAE-93EC-DCDB7F64FB9F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => %systemroot%\system32\MusNotification.exe Display (Brak pliku) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Brak pliku) Task: {6084E133-C587-4632-92F3-C78D5F4EF62C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) Task: {30A7FAF1-2550-4AFB-A2F9-8D4546737638} - System32\Tasks\WpsExternal_Lenovo_20240819090753 => C:\Program Files (x86)\Kingsoft\WPS Office\12.2.0.17562\office6\wpscloudsvr.exe [902544 2024-08-19] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) -> /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external Task: {EC6B28D0-1DDA-472A-BF2D-0108FACF65F2} - System32\Tasks\WpsUpdateTask_Lenovo => C:\Program Files (x86)\Kingsoft\WPS Office\12.2.0.17562\office6\wpsupdate.exe [1672080 2024-08-19] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== UWAGA (Ograniczenia - Zones) Tcpip\..\Interfaces\{622d5108-dbe1-49bf-a1af-d1bd712a711b}: [DhcpNameServer] 192.168.8.1 Tcpip\..\Interfaces\{64b37b9a-a170-40f4-9e0f-836d68f780d9}: [NameServer] 8.8.8.8,8.8.4.4 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Default [2024-08-27] Edge Extension: (Avira Password Manager) - C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle [2024-06-05] Edge Extension: (Dokumenty Google offline) - C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-29] Edge Extension: (Niesamowity ChatGPT Zrzut ekranu i rejestrator) - C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gpmljinohlbfgmeoaeceoajachkabijo [2023-09-21] Edge Extension: (Edge relevant text changes) - C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24] FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-09-12] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default [2024-08-27] CHR Notifications: Default -> hxxps://live-orders.takeaway.com CHR Extension: (Avira Password Manager) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2024-05-10] CHR Extension: (Dokumenty Google offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-04] CHR Extension: (Niesamowity zrzut ekranu i rejestrator ekranu) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2024-08-08] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-04-26] CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\System Profile [2023-04-26] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 AviraFallbackUpdater; C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe [6738360 2024-04-26] (Avira Operations GmbH -> Avira Operations GmbH) R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3004688 2022-07-22] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [398816 2024-04-23] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [265936 2024-08-12] (Avira Operations GmbH -> Avira Operations GmbH) S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [296656 2024-08-12] (Avira Operations GmbH -> Avira Operations GmbH) S2 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [325456 2018-06-12] (ASUSTek Computer Inc. -> ) R2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11794664 2024-08-22] (Avira Operations GmbH -> Avira Operations GmbH) S3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11794664 2024-08-22] (Avira Operations GmbH -> Avira Operations GmbH) R2 GiftBox.Service; C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe [299320 2019-04-09] (ASUSTek Computer Inc. -> ASUSTeK Computer Inc.) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [957192 2020-09-11] (McAfee, LLC -> McAfee, LLC) R2 MySQL; C:\mysql\my.ini [9083 2019-09-17] () [Brak podpisu cyfrowego] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522096 2024-08-19] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2909208 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe [902544 2024-08-19] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.) R0 BdNet; C:\WINDOWS\System32\DRIVERS\BdNet.sys [176712 2024-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Avira Operations GmbH) R1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [233560 2023-05-25] (Avira Operations GmbH -> Avira Operations GmbH) S3 BrSerIf; C:\WINDOWS\system32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.) S3 BrUsbSer; C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys [19584 2006-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.) S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2022-09-28] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Brak podpisu cyfrowego] S1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-01-30] (Martin Malik - REALiX -> REALiX(tm)) R1 netprotection_network_filter; C:\WINDOWS\System32\drivers\netprotection_network_filter.sys [115528 2024-05-24] (Avira Operations GmbH -> Avira Operations GmbH) S3 netprotection_network_filter2; C:\WINDOWS\System32\drivers\netprotection_network_filter2.sys [115528 2024-05-24] (Avira Operations GmbH -> Avira Operations GmbH) R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project) R3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek) R1 rtp1; C:\WINDOWS\System32\DRIVERS\rtp1.sys [430280 2024-08-22] (Avira Operations GmbH -> Avira Operations GmbH) R1 rtp2; C:\WINDOWS\System32\DRIVERS\rtp2.sys [430280 2024-08-22] (Avira Operations GmbH -> Avira Operations GmbH) S0 rtp_elam; C:\WINDOWS\System32\DRIVERS\rtp_elam.sys [28768 2024-04-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [48536 2022-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [438544 2022-05-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [90384 2022-05-07] (Microsoft Windows -> Microsoft Corporation) S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2024-08-27 11:19 - 2024-08-27 11:21 - 000023239 _____ C:\Users\Lenovo\Downloads\FRST.txt 2024-08-27 11:18 - 2024-08-27 11:18 - 002397184 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64 (1).exe 2024-08-27 11:11 - 2024-08-27 11:11 - 002968576 _____ (AeroAdmin LLC) C:\Users\Lenovo\Downloads\AeroAdmin.exe 2024-08-27 11:11 - 2024-08-27 11:11 - 000000000 ____D C:\ProgramData\Aeroadmin 2024-08-27 09:30 - 2024-08-27 09:30 - 000000000 _____ C:\tmp6D03.tmp 2024-08-27 08:56 - 2024-08-27 08:56 - 000799716 _____ C:\WINDOWS\system32\perfh015.dat 2024-08-27 08:56 - 2024-08-27 08:56 - 000158750 _____ C:\WINDOWS\system32\perfc015.dat 2024-08-19 09:32 - 2024-08-19 09:32 - 000026169 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json 2024-08-19 09:31 - 2024-08-19 09:31 - 000026169 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json 2024-08-19 09:08 - 2024-08-19 09:08 - 000003640 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_Lenovo 2024-08-19 09:07 - 2024-08-19 09:07 - 000004070 _____ C:\WINDOWS\system32\Tasks\WpsExternal_Lenovo_20240819090753 2024-08-19 08:36 - 2024-08-19 08:36 - 000003888 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Maintenance 2024-08-19 08:36 - 2024-08-19 08:36 - 000003428 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Service_SCM_Watchdog 2024-08-19 08:36 - 2024-08-19 08:36 - 000002818 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Systray 2024-08-08 12:35 - 2024-08-27 11:20 - 000000000 ____D C:\FRST 2024-08-08 12:28 - 2024-08-08 12:31 - 000000000 ____D C:\AdwCleaner 2024-08-08 12:26 - 2024-08-08 12:28 - 008790880 ____N (Malwarebytes) C:\Users\Lenovo\Downloads\adwcleaner.exe 2024-07-30 09:48 - 2024-07-30 09:48 - 000003790 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupVerify ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2024-08-27 11:06 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-08-27 09:31 - 2022-09-28 16:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2024-08-27 09:30 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemTemp 2024-08-27 09:18 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps 2024-08-27 09:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\AppReadiness 2024-08-27 09:05 - 2019-09-29 09:46 - 000000000 ____D C:\Users\Lenovo\AppData\Local\D3DSCache 2024-08-27 08:56 - 2022-09-28 16:48 - 001797768 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2024-08-27 08:56 - 2022-05-07 07:22 - 000000000 ____D C:\WINDOWS\INF 2024-08-27 08:54 - 2019-10-18 13:19 - 000002538 _____ C:\Users\Lenovo\Desktop\Google Chrome.lnk 2024-08-27 08:54 - 2019-10-18 13:19 - 000002515 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2024-08-27 08:51 - 2022-09-28 16:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2024-08-27 08:51 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ServiceState 2024-08-27 08:51 - 2020-09-29 17:55 - 000012288 ___SH C:\DumpStack.log.tmp 2024-08-27 08:51 - 2019-09-21 02:46 - 000000000 __SHD C:\Users\Lenovo\IntelGraphicsProfiles 2024-08-27 08:51 - 2018-10-10 20:48 - 000000000 ___HD C:\Intel 2024-08-26 09:40 - 2020-02-22 19:18 - 000000000 ____D C:\Users\Public\Security Sessions 2024-08-26 09:22 - 2022-09-28 16:52 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2460985897-3955756783-2422704168-1001 2024-08-26 09:22 - 2022-09-28 16:52 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2460985897-3955756783-2422704168-1001 2024-08-26 09:22 - 2020-09-29 12:11 - 000002432 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2024-08-26 09:18 - 2020-02-22 19:12 - 000000000 ____D C:\Users\Public\Speedup Sessions 2024-08-26 09:16 - 2020-06-08 17:13 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-08-26 09:16 - 2020-06-08 17:13 - 000002288 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2024-08-22 16:34 - 2022-07-01 09:47 - 000000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps 2024-08-22 12:25 - 2024-03-13 13:32 - 000430280 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp2.sys 2024-08-22 12:25 - 2024-03-13 13:32 - 000430280 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp1.sys 2024-08-22 12:25 - 2023-02-15 15:11 - 001135056 _____ C:\WINDOWS\system32\rtp.db 2024-08-20 16:56 - 2022-09-28 10:32 - 000000000 ____D C:\Users\Lenovo 2024-08-19 17:40 - 2022-05-07 07:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2024-08-19 17:37 - 2022-09-28 16:43 - 000304656 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2024-08-19 17:36 - 2023-10-16 08:07 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView 2024-08-19 17:36 - 2022-05-07 12:41 - 000000000 ___SD C:\WINDOWS\system32\AppV 2024-08-19 17:36 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\WUModels 2024-08-19 17:36 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\UUS 2024-08-19 17:36 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2024-08-19 17:36 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2024-08-19 17:36 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemResources 2024-08-19 17:36 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2024-08-19 17:36 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm 2024-08-19 17:36 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2024-08-19 17:36 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\oobe 2024-08-19 17:36 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Dism 2024-08-19 17:36 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\appraiser 2024-08-19 17:35 - 2022-05-07 12:41 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents 2024-08-19 17:35 - 2022-05-07 12:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2024-08-19 17:35 - 2022-05-07 07:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2024-08-19 17:35 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemApps 2024-08-19 17:35 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellExperiences 2024-08-19 17:35 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellComponents 2024-08-19 17:35 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\Provisioning 2024-08-19 17:35 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2024-08-19 17:35 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\bcastdvr 2024-08-19 09:38 - 2022-05-07 07:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2024-08-19 09:38 - 2022-05-07 07:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2024-08-19 09:38 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\CbsTemp 2024-08-19 08:57 - 2019-09-20 12:04 - 000000000 ____D C:\WINDOWS\system32\MRT 2024-08-19 08:52 - 2019-09-20 12:04 - 197093640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2024-08-19 08:36 - 2022-09-28 16:52 - 000003476 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update 2024-08-19 08:36 - 2021-04-16 07:48 - 000001080 _____ C:\Users\Public\Desktop\Avira.lnk 2024-08-19 08:36 - 2021-04-16 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2024-08-08 12:51 - 2019-09-21 00:36 - 000000000 ____D C:\ProgramData\Packages 2024-08-08 12:51 - 2019-09-11 18:18 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Packages 2024-08-08 12:34 - 2024-05-15 10:51 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Temp 2024-07-29 09:26 - 2022-09-28 16:52 - 000003566 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-07-29 09:26 - 2022-09-28 16:52 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) ==================== Koniec FRST.txt ========================