Przejdz do C:\Windows\NCCX40YE\ uruchom exe z losowa nazwa i odblokuj Windows Update, dopiero po odblokowaniu wykonaj Fixlis.txt dla FRST:
CloseProcesses:
(Greatis Software LLC -> Greatis Software, LLC) C:\Windows\NCCX40YE\SU10Guard.exe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1719421929-1844087467-4272887366-1001\...\Run: [Napisy24Update] => C:\Program Files\Napisy24\Napisy24Update.exe [3990528 2018-02-02] (Napisy24.pl) [Brak podpisu cyfrowego]
HKU\S-1-5-21-1719421929-1844087467-4272887366-1001\...\Run: [Napisy24.pl] => C:\Program Files\Napisy24\Napisy24.exe [11984896 2021-03-08] (Napisy24.pl) [Brak podpisu cyfrowego]
HKU\S-1-5-21-1719421929-1844087467-4272887366-1001\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [3930344 2018-11-10] (ALLPlayer Group sp. z o.o. -> ALLPlayer.org)
HKU\S-1-5-21-1719421929-1844087467-4272887366-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{E5931AF4-2A8F-48A5-AFC8-3605AD5C0A0C}] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
GroupPolicy: Ograniczenia ? <==== UWAGA
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
Task: {798E4851-65E7-43F7-ABEA-D2E71ECF0FC4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-28] (Mozilla Corporation -> Mozilla Foundation)
C:\WINDOWS\SysWOW64\MUI\dispspec\A-1-65-95\
Task: {86E9ED54-BB76-4689-A517-A47A831022B9} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineAQ => C:\WINDOWS\SysWOW64\MUI\dispspec\A-1-65-95\XH_1.3.91.30.exe (Odmowa dostępu) <==== UWAGA
Task: {B87D7E5B-168E-4ACD-9679-73AFA81CCE51} - \Lenovo\ImController\Lenovo iM Controller Monitor -> Brak pliku <==== UWAGA
Task: {BE91A93D-A5E9-42C8-BDED-ACD561CB2CDA} - System32\Tasks\Opera scheduled Autoupdate 1605441591 => C:\Users\D4W!D\AppData\Local\Programs\Opera\launcher.exe [2264784 2021-07-21] (Opera Software AS -> Opera Software)
Task: {D60BCA68-DEE8-48CF-A4B5-1C09E8E52B60} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> Brak pliku <==== UWAGA
Task: {FD02C28C-4931-4D35-B75A-6D6BFC3A9FA2} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> Brak pliku <==== UWAGA
C:\Users\D4W!D\AppData\Local\Google\Chrome\User Data\Default\Extensions\opldbjibdhieaipcfhcdpdahjnhfcafj
CHR Extension: (ACCURATE for Advertisers) - C:\Users\D4W!D\AppData\Local\Google\Chrome\User Data\Default\Extensions\opldbjibdhieaipcfhcdpdahjnhfcafj [2020-11-1
R2 SU10Guard; C:\Windows\NCCX40YE\SU10Guard.exe [72032 2021-07-06] (Greatis Software LLC -> Greatis Software, LLC)
U3 dmwappushsvc; Brak ImagePath
S3 FortiDeviceGuard; \SystemRoot\System32\drivers\FortiDeviceGuard.sys [X]
2021-08-06 00:09 - 2021-08-06 00:09 - 005659583 _____ (Swearware) C:\Users\D4W!D\Downloads\ComboFix (1).exe
2021-08-06 00:08 - 2021-08-06 00:08 - 005659583 _____ (Swearware) C:\Users\D4W!D\Downloads\ComboFix.exe
2021-08-06 00:07 - 2021-08-06 00:07 - 002455008 _____ ( ) C:\Users\D4W!D\Downloads\combofix_1IDn-R1.exe
2021-08-06 00:00 - 2021-08-10 16:31 - 000000000 ____D C:\Users\D4W!D\Downloads\FRST-OlderVersion
2021-08-03 13:13 - 2021-08-12 12:24 - 000000000 ____D C:\WINDOWS\NCCX40YE
