Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

O co chodzi, scan FRST. Bład podczas odpalania systemu

Derbi22 30 Cze 2018 18:20 129 3
  • #2 30 Cze 2018 18:27
    Robert B
    Poziom 43  

    Derbi22 napisał:
    komunikat o bledzie.

    A tutejsze wróżki mają zgadnąć jaki to komunikat?

    1
  • #3 30 Cze 2018 22:47
    RADU23
    Moderator - Komputery Serwis

    Otwórz notatnik i wklej zawartość:

    Cytat:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-3837110828-268629327-1096314814-1001\...\MountPoints2: {695b331a-77bb-11e8-9969-0c5b8f279a64} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-3837110828-268629327-1096314814-1001\...\MountPoints2: {6eab4ccb-1cd9-11e8-9951-0c5b8f279a64} - "F:\autorun.exe"
    HKU\S-1-5-21-3837110828-268629327-1096314814-1001\...\MountPoints2: {aaa06d5c-1ebb-11e8-9952-48ba4eb54aec} - "F:\HiSuiteDownLoader.exe"
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
    HKU\S-1-5-21-3837110828-268629327-1096314814-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
    HKU\S-1-5-21-3837110828-268629327-1096314814-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> {BB8BD577-0E11-4571-B293-2984540C3C53} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {BB8BD577-0E11-4571-B293-2984540C3C53} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-3837110828-268629327-1096314814-1001 -> {BB8BD577-0E11-4571-B293-2984540C3C53} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    CHR Extension: (Adblocker for Youtube™) - C:\Users\krzem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cecgbohfmejeoncbghbiljbemcgpibgg [2018-06-24] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR Extension: (Brak nazwy) - C:\Users\krzem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifbgbbgjlehgddmhdognpncdjpiepgn [2018-06-24] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iflggecoejbkaiaddimmikppllbhcmpo] - hxxps://clients2.google.com/service/update2/crx
    S3 SystemUpdate64; C:\Program Files\SystemaRev\RevServicesX\SystemUpdate64x.exe [593920 2018-06-24] (SystemaRev) [Brak podpisu cyfrowego] <==== UWAGA
    U3 mfeavfk05; Brak ImagePath
    U3 mfeavfk06; Brak ImagePath
    2018-06-24 15:58 - 2018-06-24 16:01 - 000000000 ____D C:\AdwCleaner


    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #4 30 Cze 2018 23:13
    dt1
    Moderator - Komputery Serwis

    Przed wykonaniem fixlist warto odinstalować z panelu sterowania:
    YoutubeAdBlock
    System Healer
    One System Care

    Według mnie fixlista wyżej wymaga uzupełnienia o zagrożenia:

    Code:
    S1 prisafe; \SystemRoot\System32\drivers\prisafe.sys [X]
    
    Task: {1A524FAE-FA83-44D0-87E4-9FB6453F4F37} - System32\Tasks\The Colendar Toolbox Tool => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\The Colendar Toolbox Tool\The Colendar Toolbox Tool.dll",zDfgzvzyUlMs <==== UWAGA
    Task: {20A7CBB4-EC13-4BA6-9FC6-E613F91F2631} - System32\Tasks\tYTxWQNiqUDrpykdz2 => rundll32 "C:\Program Files (x86)\GGjPoYTUJQygOywtoRR\TcaTWxb.dll",#1
    Task: {24A799BB-F82E-47F3-91B7-4C6EE0CEE9BE} - System32\Tasks\Photo Software => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Photo Software\Photo Software.dll",tNCgEbEmFyeQ <==== UWAGA
    Task: {2BEA1382-BD6D-42FA-A1BA-485C1D7EC4C9} - System32\Tasks\XQfFOORvlssePLX2 => rundll32 "C:\Program Files (x86)\TULAmsjgU\XmtRIh.dll",#1
    Task: {336679F3-A395-4755-BF8F-AECBA7B9FF00} - System32\Tasks\hbJaUBWLfLBdb2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\mBLRZXvPBaMunvVB\UvJwvgc.wsf"
    Task: {4925B4B8-E6A2-40FD-BA07-A7B1AE6B33E5} - System32\Tasks\Update_5.0.5 => C:\Program Files\SystemaRev\RevServicesX\SystemUpdate64x.exe [2018-06-24] (SystemaRev)
    Task: {5344D6AA-0723-442F-BD9E-089448BBED9E} - System32\Tasks\FastDataX Task => C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE
    Task: {5C82A8D4-2E60-46C3-800B-61999C34482D} - \bku6232926397920754 -> Brak pliku <==== UWAGA
    Task: {5D06FF8E-2625-4FA9-AFCB-567BB53F90B5} - System32\Tasks\System Healer Delayed => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== UWAGA
    Task: {61BDEAE3-246E-4AE8-B989-188FFFFBAB35} - System32\Tasks\One System Care Delayed => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== UWAGA
    Task: {62D0AFCE-A5EB-4CFA-8A72-4F592D190398} - System32\Tasks\BIfzZGXRZsAHHjNDWab2 => rundll32 "C:\Program Files (x86)\FceGOLrkylAFC\yeTBxAb.dll",#1
    Task: {841DBB10-B8CA-449D-A146-41F99B44AEB6} - \bku2994363318322673 -> Brak pliku <==== UWAGA
    Task: {A44BB24E-EAE8-4E23-AD7C-2C365F8550C4} - System32\Tasks\System Healer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe <==== UWAGA
    Task: {AE39AC8F-267F-432A-A27B-3A355636865A} - System32\Tasks\GuztleDebual => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\GuztleDebual\GuztleDebual.dll",mmICzf <==== UWAGA
    Task: {BF62CAF6-AC14-49B7-8AF5-8CE64488CAE3} - \bku4856520313920578 -> Brak pliku <==== UWAGA
    Task: {C9A3FEE1-52FB-42FC-89DD-E05EAC4A4B92} - \bku7797581007551058 -> Brak pliku <==== UWAGA
    Task: {CAE06794-F000-47DA-A7A7-663402B76159} - System32\Tasks\AppLoaderPM => C:\Program Files\SystemaRev\RevServicesX\app_loader.exe [2018-06-24] ()
    Task: {CF1D712D-1377-421D-9510-342365A9209F} - \bku9313311453164951 -> Brak pliku <==== UWAGA
    Task: {D09B5346-9C76-4C81-9FB7-DA3F20429450} - System32\Tasks\gsoWYTWjTmmaYK => rundll32 "C:\Program Files (x86)\GMaJHPIyAFmU2\HXSmKtCRqIvhY.dll",#1
    Task: {D5B7DFAD-81A9-4AE3-82C3-DDC3CF9D8C07} - \Updater_Online_Application -> Brak pliku <==== UWAGA
    Task: {EC1B0560-7411-4672-8979-193D65BB362D} - System32\Tasks\eStark => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\eStark\eStark.dll",ZFTombI <==== UWAGA
    Task: {FA3304F7-B262-4450-9F2D-D7C0F4A6923F} - System32\Tasks\amlvg => C:\Users\krzem\AppData\Roaming\avrbz\amlvg.vbs
    Task: {FB44C108-2714-42D0-AB42-71873479BCED} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe <==== UWAGA
    Task: {FC1DE971-57F2-4DFD-B91B-F2B57E23CDCC} - System32\Tasks\RestoreRevTask => C:\Program Files\Common Files\restore_rev.bat [2018-06-24] () <==== UWAGA


    To jest uzupełnienie do listy podanej wyżej, można skopiować obie listy do jednego pliku.

    0