Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

cmd.exe znika po uruchomieniu. Logi FRST

glizda00 08 Lip 2018 11:08 255 3
  • #1 08 Lip 2018 11:08
    glizda00
    Poziom 2  

    Jak w temacie. Dodatkowo mam jeszcze problem :
    Application Has Been Blocked From Accessing Graphics Hardware Windows
    ale zakładam że jak cmd.exe bedzie działać to jakoś sobie z tym sam poradze.

    0 3
  • Pomocny post
    #2 08 Lip 2018 11:43
    safbot1st
    Poziom 43  

    W notatnik wklej:

    HKU\S-1-5-21-2025617737-4252042518-1791317244-1000\...\MountPoints2: {2e916a33-ee58-11e7-b7b1-408d5ce6c154} - "E:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2025617737-4252042518-1791317244-1000\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [273920 2018-04-12] (Microsoft Corporation) <==== ATTENTION
    HKU\S-1-5-21-2025617737-4252042518-1791317244-1000\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Marik1234\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Marik1234\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
    Tcpip\Parameters: [DhcpNameServer] 87.204.204.204 62.233.233.233
    Tcpip\..\Interfaces\{675d498a-89f1-41e0-a154-3a6988e5ed11}: [DhcpNameServer] 87.204.204.204 62.233.233.233
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910...amp;GUID=4852D947-3430-4E98-B2B4-A706A54C4508
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2025617737-4252042518-1791317244-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    CHR HKU\S-1-5-21-2025617737-4252042518-1791317244-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    R2 RemoteSolverDispatcher; "B:\Solidworks\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe" "SOFTWARE\SRAC\COSMOS_FloWorks 2016" [X]
    U3 idsvc; no ImagePath
    HKU\S-1-5-21-2025617737-4252042518-1791317244-1000\...\ChromeHTML: -> C:\Program Files (x86)\Easthas\Application\chrome.exe (Google Inc.) <==== ATTENTION
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    Task: {20E15499-81CC-4D14-8229-2386DCBE3A53} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {434916D3-BD59-421F-9EBA-7765FBCD034D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {C692A921-BC9D-40DE-A567-B1C4ECC9DDFE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {ED7970B7-820E-41E7-A695-64D4A5BC6F8B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {F1206799-F859-4B22-9314-E324DB233D9A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    EmptyTemp:

    i zapisz jako fixlist.txt obok FRST.exe. W FRST wybierz'Napraw'.
    Zamieść fixlog.txt

    EDIT: Dodatkowo widzę, że masz jakiś "pojedzony" system:
    ATTENTION: ==> Could not access BCD.

    Zamieść widok na Crystal Disk Info.

    0
  • Pomocny post
    #4 08 Lip 2018 14:02
    safbot1st
    Poziom 43  

    Dyski sprawne. Usuń C:\FRST i to wszystko.

    0