Elektroda.pl
Elektroda.pl
X
Prosz, dodaj wyj徠ek www.elektroda.pl do Adblock.
Dzi瘯i temu, 瞠 ogl康asz reklamy, wspierasz portal i u篡tkownik闚.

[Rozwi您ano] System windows nie moze odnalezc pliku

over758 06 Pa 2018 17:16 156 7
  • #2 06 Pa 2018 17:49
    krzychupar
    Poziom 40  

    Otw鏎z notatnik systemowy i wklej:

    CloseProcesses:
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku
    Hosts:HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    AppInit_DLLs: C:\ProgramData\Voyasollam\Hotin.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Truelotlam.dll => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-194115209-380208880-8735315-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-194115209-380208880-8735315-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-194115209-380208880-8735315-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx




    CHR Extension: (Adblocker for Youtube™) - C:\Users\Julita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjgggkbpddjfaoiiiaidapcccbbphpn [2018-10-03] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR Extension: (Google Sheets Offline) - C:\Users\Julita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipdhaminpmmeecoafbfepichgohlbhif [2018-10-03] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    R2 PowerSvc; C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe [6406448 2018-06-25] () [Brak podpisu cyfrowego] <==== UWAGA
    2018-10-03 18:40 - 2018-10-03 18:40 - 000000000 ____D C:\AdwCleaner
    2018-10-03 17:09 - 2018-10-03 17:09 - 007787008 _____ () C:\Users\Julita\AppData\Local\agent.dat
    2018-10-03 17:09 - 2018-10-03 17:09 - 000070896 _____ () C:\Users\Julita\AppData\Local\Config.xml
    2018-10-03 17:02 - 2018-10-03 17:02 - 000140800 _____ () C:\Users\Julita\AppData\Local\installer.dat
    2018-10-03 17:09 - 2018-10-03 17:09 - 000005568 _____ () C:\Users\Julita\AppData\Local\md.xml
    2018-10-03 17:09 - 2018-10-03 17:09 - 000126464 _____ () C:\Users\Julita\AppData\Local\noah.dat
    2018-10-03 17:02 - 2018-10-03 17:10 - 001413120 _____ () C:\Users\Julita\AppData\Local\sham.db
    2018-01-05 23:28 - 2018-01-23 18:54 - 000006010 _____ () C:\Users\Julita\AppData\Local\unins000.dat
    2018-01-23 18:54 - 2018-01-23 18:54 - 000711640 _____ () C:\Users\Julita\AppData\Local\unins000.exe
    2018-01-05 23:28 - 2018-01-23 18:54 - 000011761 _____ () C:\Users\Julita\AppData\Local\unins000.msg
    2018-10-03 17:10 - 2018-10-03 17:10 - 000032038 _____ () C:\Users\Julita\AppData\Local\uninstall_temp.ico
    2018-10-03 17:09 - 2018-10-03 17:09 - 002019128 _____ () C:\Users\Julita\AppData\Local\Whitephase.tst
    EmptyTemp:

    Plik zapisz pod nazw fixlist.txt i umie嗆 w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 06 Pa 2018 18:05
    over758
    Poziom 2  

    Zrobilem jak kazano niestety nadal ten sam problem wystepuje

    0
  • #4 06 Pa 2018 18:26
    krzychupar
    Poziom 40  

    Zamie嗆 nowe logi z FRST.

    0
  • Pomocny post
    #5 06 Pa 2018 22:23
    Kolobos
    Spec od komputer闚

    Odinstaluj Avast Cleanup.

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {BD77DBA0-3A02-45D1-AE65-6BF801265847} - System32\Tasks\hYPwlYRCmhawMCp2 => rundll32 "C:\Program Files (x86)\KTxhztjwU\GNqSgF.dll",#1
    Hosts:
    () C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe
    (CloudBees, Inc.) C:\Users\Julita\AppData\Local\NtvHost\syssvc.exe
    (CloudBees, Inc.) C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe
    () C:\ProgramData\Microsoft\Windows\EventSvc\work0.exe
    HKU\S-1-5-21-194115209-380208880-8735315-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3884720 2017-10-04] (ALLPlayer.org)
    HKU\S-1-5-21-194115209-380208880-8735315-1001\...\Run: [AvastBrowserAutoLaunch_F23598CB540CEA70FC276E3F2A4142BB] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1704992 2018-09-17] (AVAST Software)
    AppInit_DLLs: C:\ProgramData\Voyasollam\Hotin.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Truelotlam.dll => Brak pliku
    IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\offdiag.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-10-05]
    ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
    C:\Users\Julita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctvwdsig.lnk
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    C:\Users\Julita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho
    C:\Users\Julita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjgggkbpddjfaoiiiaidapcccbbphpn
    C:\Users\Julita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipdhaminpmmeecoafbfepichgohlbhif
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Julita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjgggkbpddjfaoiiiaidapcccbbphpn [2018-10-03] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR Extension: (Video Downloader Pro) - C:\Users\Julita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2018-08-18]
    CHR Extension: (Google Sheets Offline) - C:\Users\Julita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipdhaminpmmeecoafbfepichgohlbhif [2018-10-03] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    R2 EventSvc; C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego] <==== UWAGA
    R2 PowerSvc; C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe [6406448 2018-06-25] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 SysSvc; C:\Users\Julita\AppData\Local\NtvHost\syssvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego]
    R2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2018-10-03] (Basil)
    2018-10-03 18:40 - 2018-10-03 18:40 - 000000000 ____D C:\AdwCleaner
    2018-10-03 17:11 - 2018-10-03 17:11 - 000000266 __RSH C:\Users\Julita\ntuser.pol
    2018-10-03 17:10 - 2018-10-03 17:10 - 000000000 ____D C:\Users\Julita\AppData\Roaming\Mozilla
    2018-10-03 17:09 - 2018-10-03 17:54 - 000000000 ____D C:\Program Files\KEPW9791PH
    2018-10-03 17:09 - 2018-10-03 17:54 - 000000000 ____D C:\Program Files\35OVGEM4QV
    2018-10-03 17:09 - 2018-10-03 17:54 - 000000000 ____D C:\Program Files\11OYYCVR1Y
    2018-10-03 17:09 - 2018-10-03 17:11 - 000000000 ____D C:\Users\Julita\AppData\Roaming\xqkiq0ksd0q
    2018-10-03 17:09 - 2018-10-03 17:11 - 000000000 ____D C:\Users\Julita\AppData\Roaming\bkkb3pfcqho
    2018-10-03 17:09 - 2018-10-03 17:11 - 000000000 ____D C:\Users\Julita\AppData\Roaming\4o1dthdpzvr
    2018-10-03 17:09 - 2018-10-03 17:11 - 000000000 ____D C:\Users\Julita\AppData\Roaming\4gy22c215ko
    2018-10-03 17:09 - 2018-10-03 17:09 - 007787008 _____ C:\Users\Julita\AppData\Local\agent.dat
    2018-10-03 17:09 - 2018-10-03 17:09 - 002019128 _____ C:\Users\Julita\AppData\Local\Whitephase.tst
    2018-10-03 17:09 - 2018-10-03 17:09 - 000126464 _____ C:\Users\Julita\AppData\Local\noah.dat
    2018-10-03 17:09 - 2018-10-03 17:09 - 000070896 _____ C:\Users\Julita\AppData\Local\Config.xml
    2018-10-03 17:09 - 2018-10-03 17:09 - 000005568 _____ C:\Users\Julita\AppData\Local\md.xml
    2018-10-03 17:08 - 2018-10-03 17:54 - 000000000 ____D C:\Program Files\A4ZBLH7DJT
    2018-10-03 17:08 - 2018-10-03 17:11 - 000000000 ____D C:\Users\Julita\AppData\Roaming\zl1mmfz1j5y
    2018-10-03 17:06 - 2018-10-03 17:11 - 000000000 ____D C:\ProgramData\zVmiMcGqez
    2018-10-03 17:06 - 2018-10-03 17:09 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
    2018-10-03 17:06 - 2018-10-03 17:06 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
    2018-10-03 17:06 - 2018-10-03 17:06 - 000000000 ____D C:\Program Files\Reference Assemblies
    2018-10-03 17:06 - 2018-10-03 17:06 - 000000000 ____D C:\Program Files\MSBuild
    2018-10-03 17:06 - 2018-10-03 17:06 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2018-10-03 17:05 - 2018-10-06 16:40 - 000000000 ____D C:\Users\Julita\AppData\Local\GoogleChromeUserData
    2018-10-03 17:05 - 2018-10-05 21:23 - 000000000 ____D C:\Program Files (x86)\UoZoIgkuCKdU2
    2018-10-03 17:05 - 2018-10-05 21:23 - 000000000 ____D C:\Program Files (x86)\aPpZCllEqIE
    2018-10-03 17:05 - 2018-10-03 18:41 - 000000000 ____D C:\Program Files (x86)\yCQMrlJAErjPGpRjulR
    2018-10-03 17:05 - 2018-10-03 17:15 - 000000000 ____D C:\ProgramData\WjIOjGvJCfODeXVB
    2018-10-03 17:05 - 2018-10-03 17:12 - 000000000 ____D C:\Program Files (x86)\BvbhSZLyqCrsC
    2018-10-03 17:05 - 2018-10-03 17:05 - 000000000 ____D C:\Program Files (x86)\KTxhztjwU
    2018-10-03 17:04 - 2018-10-06 14:21 - 000002704 _____ C:\WINDOWS\System32\Tasks\hYPwlYRCmhawMCp2
    2018-10-03 17:04 - 2018-10-06 13:41 - 000000000 ____D C:\Users\Julita\AppData\Local\NtvHost
    2018-10-03 17:04 - 2018-10-03 17:54 - 000000000 ____D C:\Users\Julita\AppData\Local\GoogleChromeApplication
    2018-10-03 17:04 - 2018-10-03 17:54 - 000000000 ____D C:\Program Files\ZPQ2SCAPMA
    2018-10-03 17:04 - 2018-10-03 17:16 - 000000000 ____D C:\Users\Julita\AppData\Roaming\vRfQE
    2018-10-03 17:04 - 2018-10-03 17:11 - 000000000 ____D C:\Users\Julita\AppData\Roaming\w2kz2bxsrkv
    2018-10-03 17:04 - 2018-10-03 17:05 - 000000000 ____D C:\Program Files (x86)\uLAxgEZogeUn
    2018-10-03 17:04 - 2018-10-03 17:04 - 000037552 _____ (Basil) C:\WINDOWS\system32\Drivers\WinDivert64.sys
    2018-10-03 17:04 - 2018-10-03 17:04 - 000000116 _____ C:\Users\Public\Documents\vwknvctzr.exe
    2018-10-03 17:03 - 2018-10-03 17:54 - 000000000 ____D C:\Program Files\Taconite
    2018-10-03 17:03 - 2018-10-03 17:12 - 000000000 ____D C:\Program Files\fik Taconite Updater
    2018-10-03 17:03 - 2018-10-03 17:11 - 000000000 ____D C:\Program Files (x86)\Cnikl
    2018-10-03 17:03 - 2018-10-03 17:03 - 000001080 _____ C:\Users\Public\Desktop\NetMeterX.lnk
    2018-10-03 17:03 - 2018-10-03 17:03 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
    2018-10-03 17:03 - 2018-10-03 17:03 - 000000000 ____D C:\Users\Julita\AppData\Local\AdvinstAnalytics
    2018-10-03 17:03 - 2018-10-03 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetMeterX
    2018-10-03 17:03 - 2018-10-03 17:03 - 000000000 ____D C:\Program Files (x86)\NetMeterX
    2018-10-03 17:02 - 2018-10-03 17:11 - 000000000 ____D C:\ProgramData\Blogger
    2018-10-03 17:02 - 2018-10-03 17:10 - 001413120 _____ C:\Users\Julita\AppData\Local\sham.db
    2018-10-03 17:02 - 2018-10-03 17:02 - 000140800 _____ C:\Users\Julita\AppData\Local\installer.dat

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    @krzychupar nowe logi sa zbedne, wystarczy sprawdzic poprawnie te, ktore zostaly zamieszone!

    0
  • #6 07 Pa 2018 11:07
    over758
    Poziom 2  

    Witam,
    Dzi瘯i kolobos, pomog這 ! komputer zacz掖 dzia豉 tak jak dzia豉 pr璠zej. Przez te wirusy mia貫m te problem z video bo zacze這 je 軼ina np filmiki na yt ale to r闚nie ju zanik這 ;) Clean Up'a nie usun掖em skoro jest ok, za oko這 50 dni go wywale jak sie darmowy okres sko鎍zy :D ( Janusz biznesu). Wrzucam logi

    0
  • #7 07 Pa 2018 11:41
    Kolobos
    Spec od komputer闚

    Wykonaj nowy Fixlist.txt dla FRST:
    HKLM\SYSTEM\CurrentControlSet\Services\45830DE0C2F3430E <==== UWAGA (Rootkit!)
    2018-10-06 17:13 - 2018-10-06 16:53 - 000083424 _____ C:\Users\Julita\Downloads\Extras — kopia.Txt
    2018-10-06 16:53 - 2018-10-06 16:53 - 000083424 _____ C:\Users\Julita\Downloads\Extras.Txt
    2018-10-06 16:52 - 2018-10-06 16:52 - 000246498 _____ C:\Users\Julita\Downloads\OTL.Txt
    2018-10-06 16:48 - 2018-10-06 16:48 - 000602112 _____ (OldTimer Tools) C:\Users\Julita\Downloads\OTL.exe

    Usun katlaog C:\FRST po wykonaniu i to wszystko.

    0
  • #8 07 Pa 2018 12:20
    over758
    Poziom 2  

    Dzi瘯i, do zamkni璚ia ;)

    0