Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Przy uruchomieniu Win10 pojawia się tylko czarny ekran bez pulpitu

krakiu 18 Kwi 2018 11:51 798 4
  • #2 18 Kwi 2018 12:21
    Kolobos
    Spec od komputerów

    Odinstaluj:
    ByteFence Anti-Malware
    WarThunder
    WorldofTanks

    Wykonaj Fixlist.txt dla FRST:
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Brak pliku
    ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku
    ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku
    ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku
    ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku
    ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku
    Task: {0DF2E4E1-E800-46E2-80E5-9639F740D87D} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
    Task: {1543B090-0AAE-4222-BF87-30E310784FE1} - \IMLOMe -> Brak pliku <==== UWAGA
    Task: {239226C1-5CF5-49AC-A3B9-7C0315F993BD} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-10-03] (Byte Technologies LLC) <==== UWAGA
    Task: {2BF5E0E6-4683-412D-80BC-0587372E4495} - System32\Tasks\Opera scheduled Autoupdate 1509635380 => C:\Users\Kuba\AppData\Local\Programs\Opera\launcher.exe
    Task: {ADCBE364-8DC1-4CFA-BE4C-F8F11AF0F671} - \JiJlrvQqr -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811144"
    C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
    2017-03-07 20:18 - 2017-03-07 20:18 - 000582936 _____ () C:\Program Files\ByteFence\rsLggr.exe
    Hosts:
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
    (Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    (Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
    HKU\S-1-5-21-953847722-845165219-478409222-1001\...\MountPoints2: {d2c33d63-1896-11e8-8971-806e6f6e6963} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-953847722-845165219-478409222-1001\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [272896 2017-09-29] (Microsoft Corporation) <==== UWAGA




    HKU\S-1-5-21-953847722-845165219-478409222-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist ( start /MIN "" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== UWAGA
    GroupPolicy: Ograniczenia <==== UWAGA
    GroupPolicy\User: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-953847722-845165219-478409222-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811141
    SearchScopes: HKU\S-1-5-21-953847722-845165219-478409222-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BF03EBC78-94D9-4B96-A89F-858842B8B1E1%7D&gp=811142
    SearchScopes: HKU\S-1-5-21-953847722-845165219-478409222-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BF03EBC78-94D9-4B96-A89F-858842B8B1E1%7D&gp=811142
    R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [156640 2017-10-03] (Byte Technologies LLC)
    S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [8010968 2018-03-11] (LLC Mail.Ru)
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [297288 2018-04-11] (Byte Technologies LLC.)
    S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [7238880 2018-03-11] (LLC Mail.Ru)
    S3 BstkDrv; \??\C:\Program Files (x86)\BlueStacks\BstkDrv.sys [X]
    S3 X6va065; \??\C:\WINDOWS\SysWOW64\Drivers\X6va065 [X]
    2018-04-18 11:48 - 2017-11-03 15:09 - 000000000 ____D C:\Program Files\ByteFence
    2018-04-18 08:03 - 2017-11-02 17:06 - 000000000 ____D C:\ProgramData\McAfee
    2017-12-20 16:55 - 2017-03-18 22:59 - 000000064 _____ () C:\Users\Kuba\AppData\Local\cwTTDEkNVI
    2017-12-20 16:55 - 2017-03-18 22:59 - 000001133 _____ () C:\Users\Kuba\AppData\Local\HlsPxTTS
    2017-03-18 22:59 - 2017-03-18 22:59 - 000001133 _____ () C:\Users\Kuba\AppData\Local\HlsPxTTS.bat
    2017-12-20 16:55 - 2017-03-18 22:59 - 000000066 _____ () C:\Users\Kuba\AppData\Local\MHpHgPmRq
    2017-12-20 16:55 - 2017-03-18 22:59 - 000001083 _____ () C:\Users\Kuba\AppData\Local\sSyjqO
    2017-03-18 22:59 - 2017-03-18 22:59 - 000001083 _____ () C:\Users\Kuba\AppData\Local\sSyjqO.bat
    2017-12-20 16:55 - 2017-12-20 16:55 - 000000001 _____ () C:\Users\Kuba\AppData\Local\WMI.ini

    Po wykonaniu usun katalog C:\FRST.

    Do tego uzyj AdwCleaner oraz Mbam i usun to co wykryja.

    0
  • #3 18 Kwi 2018 12:39
    krakiu
    Poziom 8  

    Dzięki, pomogło.Powiedz mi co było przyczyną tego że pulpit się nie uruchamiał?

    0
  • #4 18 Kwi 2018 13:40
    Kolobos
    Spec od komputerów

    Infekcja.

    Bledny wpis: HKU\S-1-5-21-953847722-845165219-478409222-1001\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [272896 2017-09-29] (Microsoft Corporation) <==== UWAGA

    0
  • #5 22 Kwi 2018 09:39
    krakiu
    Poziom 8  

    Przez pomoc kolegi z elektrody

    0