Re: FRST - Line error
Napsal: 10 srp 2019 11:42
Přikládám:
Fix result of Farbar Recovery Scan Tool (x64) Version: 07-08-2019 02
Ran by Admin (10-08-2019 12:36:45) Run:2
Running from E:\Download\AntiVir
Loaded Profiles: l & Admin & MSSQL$SQL12 (Available Profiles: l & Admin & MSSQL$SQL12)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
ExportKey: HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{510898EA-F33D-48F5-99AA-AAA73CEE6C6C}
ExportKey: HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{9BFA7F9D-E08F-45FB-9B2A-0EAA2F11B35C}
ExportKey: HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{E8937465-90A4-4E0E-BF84-3628075DA6CB}
File: C:\Windows\unins000.exe
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKLM\...\RunOnce: [*FRST] => "E:\Download\AntiVir\FRST64.exe"
HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [268800 2019-07-31] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath
2019-08-07 11:05 - 2019-08-07 11:05 - 000000000 _____ C:\Windows\system32\Drivers\etc\hosts.tmp
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========
Count : 6
Average :
Sum : 5880
Maximum :
Minimum :
Property : Length
========= End of Powershell: =========
================== ExportKey: ===================
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{510898EA-F33D-48F5-99AA-AAA73CEE6C6C}]
""="w"
"System.IsPinnedToNameSpaceTree"="1"
"SortOrderIndex"="0"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{510898EA-F33D-48F5-99AA-AAA73CEE6C6C}\DefaultIcon]
""="C:\Users\l\AppData\Local\MEGAsync\MEGAsync.exe"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{510898EA-F33D-48F5-99AA-AAA73CEE6C6C}\InProcServer32]
""="%systemroot%\system32\shell32.dll"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{510898EA-F33D-48F5-99AA-AAA73CEE6C6C}\Instance]
"CLSID"="{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{510898EA-F33D-48F5-99AA-AAA73CEE6C6C}\Instance\InitPropertyBag]
"Attributes"="16"
"TargetFolderPath"="D:\DATA\w"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{510898EA-F33D-48F5-99AA-AAA73CEE6C6C}\ShellFolder]
"FolderValueFlags"="40"
"Attributes"="-260046771"
=== End of ExportKey ===
================== ExportKey: ===================
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{9BFA7F9D-E08F-45FB-9B2A-0EAA2F11B35C}]
""="{ZALVov}"
"System.IsPinnedToNameSpaceTree"="1"
"SortOrderIndex"="0"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{9BFA7F9D-E08F-45FB-9B2A-0EAA2F11B35C}\DefaultIcon]
""="C:\Users\l\AppData\Local\MEGAsync\MEGAsync.exe"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{9BFA7F9D-E08F-45FB-9B2A-0EAA2F11B35C}\InProcServer32]
""="%systemroot%\system32\shell32.dll"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{9BFA7F9D-E08F-45FB-9B2A-0EAA2F11B35C}\Instance]
"CLSID"="{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{9BFA7F9D-E08F-45FB-9B2A-0EAA2F11B35C}\Instance\InitPropertyBag]
"Attributes"="16"
"TargetFolderPath"="D:\UCTO\UCTO6419\{ZALVov}"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{9BFA7F9D-E08F-45FB-9B2A-0EAA2F11B35C}\ShellFolder]
"FolderValueFlags"="40"
"Attributes"="-260046771"
=== End of ExportKey ===
================== ExportKey: ===================
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{E8937465-90A4-4E0E-BF84-3628075DA6CB}]
""="{Zal_hb}"
"System.IsPinnedToNameSpaceTree"="1"
"SortOrderIndex"="0"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{E8937465-90A4-4E0E-BF84-3628075DA6CB}\DefaultIcon]
""="C:\Users\l\AppData\Local\MEGAsync\MEGAsync.exe"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{E8937465-90A4-4E0E-BF84-3628075DA6CB}\InProcServer32]
""="%systemroot%\system32\shell32.dll"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{E8937465-90A4-4E0E-BF84-3628075DA6CB}\Instance]
"CLSID"="{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{E8937465-90A4-4E0E-BF84-3628075DA6CB}\Instance\InitPropertyBag]
"Attributes"="16"
"TargetFolderPath"="D:\UCTO\UCTO6419\{Zal_hb}"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{E8937465-90A4-4E0E-BF84-3628075DA6CB}\ShellFolder]
"FolderValueFlags"="40"
"Attributes"="-260046771"
=== End of ExportKey ===
========================= File: C:\Windows\unins000.exe ========================
C:\Windows\unins000.exe
File not signed
MD5: 6E53311EFD9C951066106136F3356D5B
Creation and modification date: 2019-07-29 13:02 - 2019-07-29 13:02
Size: 001188443
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description: Setup/Uninstall
File Version: 51.1050.0.0
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/d166d92 ... 309756114/
====== End of File: ======
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*EmptyTemp" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*FRST" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore" => not found
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
"C:\Windows\system32\Drivers\etc\hosts.tmp" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10521851 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 6660868 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 118294 B
LocalService => 0 B
NetworkService => 31302 B
NetworkService => 0 B
l => 38691473 B
Admin => 15808598 B
MSSQL$SQL12 => 0 B
MSSQL$SQL12 => 0 B
RecycleBin => 39105 B
EmptyTemp: => 76.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:37:17 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 07-08-2019 02
Ran by Admin (10-08-2019 12:36:45) Run:2
Running from E:\Download\AntiVir
Loaded Profiles: l & Admin & MSSQL$SQL12 (Available Profiles: l & Admin & MSSQL$SQL12)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
ExportKey: HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{510898EA-F33D-48F5-99AA-AAA73CEE6C6C}
ExportKey: HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{9BFA7F9D-E08F-45FB-9B2A-0EAA2F11B35C}
ExportKey: HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{E8937465-90A4-4E0E-BF84-3628075DA6CB}
File: C:\Windows\unins000.exe
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKLM\...\RunOnce: [*FRST] => "E:\Download\AntiVir\FRST64.exe"
HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [268800 2019-07-31] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath
2019-08-07 11:05 - 2019-08-07 11:05 - 000000000 _____ C:\Windows\system32\Drivers\etc\hosts.tmp
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========
Count : 6
Average :
Sum : 5880
Maximum :
Minimum :
Property : Length
========= End of Powershell: =========
================== ExportKey: ===================
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{510898EA-F33D-48F5-99AA-AAA73CEE6C6C}]
""="w"
"System.IsPinnedToNameSpaceTree"="1"
"SortOrderIndex"="0"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{510898EA-F33D-48F5-99AA-AAA73CEE6C6C}\DefaultIcon]
""="C:\Users\l\AppData\Local\MEGAsync\MEGAsync.exe"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{510898EA-F33D-48F5-99AA-AAA73CEE6C6C}\InProcServer32]
""="%systemroot%\system32\shell32.dll"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{510898EA-F33D-48F5-99AA-AAA73CEE6C6C}\Instance]
"CLSID"="{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{510898EA-F33D-48F5-99AA-AAA73CEE6C6C}\Instance\InitPropertyBag]
"Attributes"="16"
"TargetFolderPath"="D:\DATA\w"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{510898EA-F33D-48F5-99AA-AAA73CEE6C6C}\ShellFolder]
"FolderValueFlags"="40"
"Attributes"="-260046771"
=== End of ExportKey ===
================== ExportKey: ===================
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{9BFA7F9D-E08F-45FB-9B2A-0EAA2F11B35C}]
""="{ZALVov}"
"System.IsPinnedToNameSpaceTree"="1"
"SortOrderIndex"="0"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{9BFA7F9D-E08F-45FB-9B2A-0EAA2F11B35C}\DefaultIcon]
""="C:\Users\l\AppData\Local\MEGAsync\MEGAsync.exe"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{9BFA7F9D-E08F-45FB-9B2A-0EAA2F11B35C}\InProcServer32]
""="%systemroot%\system32\shell32.dll"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{9BFA7F9D-E08F-45FB-9B2A-0EAA2F11B35C}\Instance]
"CLSID"="{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{9BFA7F9D-E08F-45FB-9B2A-0EAA2F11B35C}\Instance\InitPropertyBag]
"Attributes"="16"
"TargetFolderPath"="D:\UCTO\UCTO6419\{ZALVov}"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{9BFA7F9D-E08F-45FB-9B2A-0EAA2F11B35C}\ShellFolder]
"FolderValueFlags"="40"
"Attributes"="-260046771"
=== End of ExportKey ===
================== ExportKey: ===================
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{E8937465-90A4-4E0E-BF84-3628075DA6CB}]
""="{Zal_hb}"
"System.IsPinnedToNameSpaceTree"="1"
"SortOrderIndex"="0"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{E8937465-90A4-4E0E-BF84-3628075DA6CB}\DefaultIcon]
""="C:\Users\l\AppData\Local\MEGAsync\MEGAsync.exe"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{E8937465-90A4-4E0E-BF84-3628075DA6CB}\InProcServer32]
""="%systemroot%\system32\shell32.dll"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{E8937465-90A4-4E0E-BF84-3628075DA6CB}\Instance]
"CLSID"="{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{E8937465-90A4-4E0E-BF84-3628075DA6CB}\Instance\InitPropertyBag]
"Attributes"="16"
"TargetFolderPath"="D:\UCTO\UCTO6419\{Zal_hb}"
[HKU\S-1-5-21-425709693-368308411-957612246-1001_Classes\CLSID\{E8937465-90A4-4E0E-BF84-3628075DA6CB}\ShellFolder]
"FolderValueFlags"="40"
"Attributes"="-260046771"
=== End of ExportKey ===
========================= File: C:\Windows\unins000.exe ========================
C:\Windows\unins000.exe
File not signed
MD5: 6E53311EFD9C951066106136F3356D5B
Creation and modification date: 2019-07-29 13:02 - 2019-07-29 13:02
Size: 001188443
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description: Setup/Uninstall
File Version: 51.1050.0.0
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/d166d92 ... 309756114/
====== End of File: ======
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*EmptyTemp" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*FRST" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore" => not found
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
"C:\Windows\system32\Drivers\etc\hosts.tmp" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10521851 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 6660868 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 118294 B
LocalService => 0 B
NetworkService => 31302 B
NetworkService => 0 B
l => 38691473 B
Admin => 15808598 B
MSSQL$SQL12 => 0 B
MSSQL$SQL12 => 0 B
RecycleBin => 39105 B
EmptyTemp: => 76.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:37:17 ====
Precistene. Ak uz teda nie su ziadne problemy, tak este upraceme po pouzitych nastrojoch:
