Witam,przepraszam że się wtrąciłem a nie wiedziałem gdzie napisać i potrzebuję pomocy z odczytaniem logów FRST. dziękuję za pomoc
Wydzieliłem jako nowy temat. RADU23
Wydzieliłem jako nowy temat. RADU23
Do you prefer the English version of the page elektroda?
No, thank you Send me over thereQuote:CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3183177974-1760001010-1606559909-1000\...\Run: [] => [X]
HKU\S-1-5-21-3183177974-1760001010-1606559909-1000\...\Run: [DriverMax_RESTART] => [X]
GroupPolicy: Ograniczenia ? <==== UWAGA
Task: {AB55C631-4B79-4314-BD5A-5E1703F7542A} - System32\Tasks\Opera scheduled Autoupdate 1586088302 => C:\Users\andreas\AppData\Local\Programs\Opera\launcher.exe [1538584 2020-03-27] (Opera Software AS -> Opera Software)
Tcpip\..\Interfaces\{3D205F20-D427-48DD-8F98-99443EC7A504}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{3D205F20-D427-48DD-8F98-99443EC7A504}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6BDEE535-07A6-4C26-B9AB-736E6A946B72}: [NameServer] 4.2.2.6,4.2.2.5
Tcpip\..\Interfaces\{83FC9400-D651-4546-BF33-C0090A86CFF2}: [NameServer] 4.2.2.6,4.2.2.5
Tcpip\..\Interfaces\{DB4E1A02-649D-4FA1-9C0D-FF5232B1C5B0}: [NameServer] 4.2.2.6,4.2.2.5
Tcpip\..\Interfaces\{F7D875E7-8504-44BD-A838-89A272EE3E2F}: [NameServer] 10.100.0.1 10.150.0.1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3183177974-1760001010-1606559909-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3183177974-1760001010-1606559909-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190
Handler: WSKVAllmytubechrome - Brak wartości CLSID
FF Plugin: @Microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Brak pliku]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Brak pliku]
FF Plugin-x32: @Microsoft.com/GENUINE -> disabled [Brak pliku]
S3 fiddrv64; Brak ImagePath
S0 qozysh; Brak ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2020-04-05 13:05 - 2020-04-05 13:05 - 000004112 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1586088302
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe Brak pliku
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe Brak pliku
EmptyTemp:
