Witam, znalazłem post pod tym adresem jednak temat jest zamknięty. Proszę o pomoc w znalezieniu niebezpiecznych logów przez FRST.

Jak wykryć niebezpieczne logi w FRST? Szukam wskazówek i metod analizy

#2 21294382 08 Lis 2024 15:03

Kolobos Kolobos

Spec od komputerów

Posty: 85152

Pomógł: 17159

Ocena: 10419

Post #2

21294382 08 Lis 2024 15:03

Nic ciekawego nie widac, z jakiego powodu tutaj piszesz?

Fixlist.txt dla FRST:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1648370655-57303757-3141458041-1002\...\Run: [MicrosoftEdgeAutoLaunch_2DF2DE1E5C6428B737992BD687FB321B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3856424 2024-10-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1648370655-57303757-3141458041-1002\...\Run: [Opera GX Stable] => C:\Users\monik\AppData\Local\Programs\Opera GX\opera.exe [1493400 2024-11-07] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-1648370655-57303757-3141458041-1002\...\Run: [Opera GX Browser Assistant] => C:\Users\monik\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
Edge HKU\S-1-5-21-1648370655-57303757-3141458041-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]
Edge HKLM-x32\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]
C:\Users\monik\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
CHR Extension: (AVG Secure Search) - C:\Users\monik\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2024-07-13]
CHR HKU\S-1-5-21-1648370655-57303757-3141458041-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
2024-10-27 23:06 - 2024-10-27 23:06 - 002002424 _____ C:\Users\monik\Downloads\repairit_setup_full5913.exe
2024-10-27 22:18 - 2024-10-27 22:18 - 001892784 _____ (Apowersoft) C:\Users\monik\Downloads\watermarkremover-setup (3).exe
2024-10-27 22:08 - 2024-10-27 22:08 - 001892784 _____ (Apowersoft) C:\Users\monik\Downloads\watermarkremover-setup (2).exe
2024-10-27 21:24 - 2024-10-27 21:25 - 042814144 _____ (UkeySoft.com ) C:\Users\monik\Downloads\ukeysoft-video-watermark-remover (1).exe

Co masz w tych plikach?
2024-11-02 13:22 - 2024-11-02 13:22 - 000002264 _____ C:\Users\WsiAccount\AppData\LocalLow\57659c428a623118f619e27e0834c1ba3c745272115e5cbcd7585c6a35c37445
2024-11-08 14:16 - 2023-12-07 17:03 - 000000130 _____ C:\Users\monik\AppData\LocalLow\3209a2264cf3c9bfb64901dc676bda96f3f57fc23c20f7599e349e65a69d7d87
2024-11-08 14:14 - 2024-08-04 21:57 - 000011216 _____ C:\Users\monik\AppData\LocalLow\326b849c5925622d17ab622c9eb20ee8b5c4f12d95e4947f23c457ed95b67661
2024-11-07 21:14 - 2023-12-07 17:03 - 000025478 _____ C:\Users\monik\AppData\LocalLow\f13f650aa27217f06b6086674daef79e487a19799dc8c3931d65cac16df3615e
2024-11-01 22:32 - 2024-05-28 20:43 - 000000130 _____ C:\Users\monik\AppData\LocalLow\e68b3becd33291447dcd13579c0f8e20b4690d10816171f2ba63236eafb576a0
2024-11-01 22:27 - 2024-06-02 15:57 - 000021287 _____ C:\Users\monik\AppData\LocalLow\ddd32b2fe6437accdc35126bfcfd891ecfa163e66701bf7d8606774f4b3fb880
2024-11-01 22:27 - 2024-06-02 15:57 - 000000130 _____ C:\Users\monik\AppData\LocalLow\c02381e992a278f86b5e7c21c9fa4b99244038043218fd4691137ec280c1f733
2024-11-01 22:21 - 2024-05-28 20:43 - 000031263 _____ C:\Users\monik\AppData\LocalLow\fd84a82013498f69bc040e6ec8d8d8291a152cc760e35edd235d3dc92781442b
2024-11-01 20:46 - 2023-12-16 12:19 - 000030503 _____ C:\Users\monik\AppData\LocalLow\a409750cc47a4783c6472c6ac9a131e8f86788ae57545ed742cfaffbac6baf3d
2024-10-30 13:10 - 2024-06-09 19:31 - 000237867 _____ C:\Users\monik\AppData\LocalLow\95e27de6c5f1f5d38fc048e1bf30244ec65cf620051ecf0b497b5fd9b026c4cd
2024-10-30 13:10 - 2024-06-09 19:31 - 000000130 _____ C:\Users\monik\AppData\LocalLow\41aae27b8e5a9f2d5014d432cc0811524d1d6e4e1594d307aa5a6f934fa435e8
2024-10-29 10:33 - 2024-08-22 17:24 - 000174601 _____ C:\Users\monik\AppData\LocalLow\4d784a8775cf15752189becd4407a35aed27f503ffd2aa7e552c9b8d64dfa348
2024-10-29 10:04 - 2023-12-07 17:03 - 000076097 _____ C:\Users\monik\AppData\LocalLow\2681a2918db1de2b2cc0e52339ccf993e4dfe46bd465317b114a186986516e49
2024-10-23 14:25 - 2023-12-06 17:05 - 000445664 _____ C:\Users\monik\AppData\LocalLow\4510301a6debac7bb96ba6e668ac3383271c26c4eb6798c206d42ac5ba3b906e
2024-10-23 14:25 - 2023-12-06 17:05 - 000000130 _____ C:\Users\monik\AppData\LocalLow\6d8e67a632f594be1d223ffb54c90fe6446fef2465a9a763349317a93891ce8e
2024-10-20 18:43 - 2024-08-22 17:24 - 000000194 _____ C:\Users\monik\AppData\LocalLow\b14fbb1ad4adcad57cf5373c9939d204f33b6d07205b9db567f2d8f849e10ed8
2024-10-11 16:31 - 2024-08-10 23:51 - 000002264 _____ C:\Users\monik\AppData\LocalLow\57659c428a623118f619e27e0834c1ba3c745272115e5cbcd7585c6a35c37445
2024-10-11 14:17 - 2023-12-06 17:05 - 000002264 _____ C:\Users\monik\AppData\LocalLow\aa56008cb43f73fcd327556cfc0e44594ef26312e4a4ee0742a1fcaf4076cd3a
2024-10-11 14:00 - 2023-12-16 12:19 - 000000026 _____ C:\Users\monik\AppData\LocalLow\479f142dc68f2c656a6697423514d6d9f4e7c05d922d42ada90c3f24e90930d4
2024-10-11 13:58 - 2023-12-07 17:03 - 000000026 _____ C:\Users\monik\AppData\LocalLow\3c23441624baa2fed173efdb8510bab97131402fbcb79e95e9d2cfeb873b4468
2024-10-10 16:42 - 2024-08-04 21:57 - 000000130 _____ C:\Users\monik\AppData\LocalLow\4f39134f5c1d14977fabfc4a1ab75490046603ad162203811aaf6cbb569d28cb