Brak dostępu do folderów i programów


(czeslaw89) #1

Witam Od wczoraj mam problem z Windowsem XP. nie mam dostępu do folderów na partycji systemowej. Nie mogę również uruchamiać niektórych programów np Malwarebytes Anti-Malware. system nie możę odnaleźć plików exe. W menadzerze programów pojawił mi się dziwny proces 392817338.exe. po uruchomieniu kompanie uruchamiają mi się aplikacje ładujące się przy starcie systemu takie jak CCC, realtek, rocket dock. Proszę o sprawdzenie logów z OTL. Z góry dziękuję za pomoc.

OTL

www.wklej.org/id/1237994/

EXTRAS

http://www.wklej.org/id/1237995/


(Acorus) #2

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\program files\kingsoft\kingsoft antivirus\kusbquery.sys -- (KUsbGuard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Czesio\USTAWI~1\Temp\catchme.sys -- (catchme)
O4 - HKLM..\Run: [Windows Configuration] C:\{$5365-6581-2698-7441-1850$}\nacl64.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows" File not found
O4 - Startup: C:\Documents and Settings\Czesio\Menu Start\Programy\Autostart\Windows.ini.url ()
O4 - Startup: C:\Documents and Settings\tyyy\Menu Start\Programy\Autostart\Windows.ini.url ()
F3 - HKU\S-1-5-21-1229272821-1060284298-682003330-1004 WinNT: Load - (C:\{$5365-6581-2698-7441-1850$}\nacl64.exe) - C:\{$5365-6581-2698-7441-1850$}\nacl64.exe ()
O27 - HKLM IFEO\avcenter.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\avguard.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\avp.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\ccuac.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\ComboFix.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\keyscrambler.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\mbam.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\wireshark.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\zlclient.exe: Debugger - euaie.exe File not found
[2014-01-15 19:55:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-01-15 15:25:37 | 000,000,000 | -H-D | C] -- C:\{$5365-6581-2698-7441-1850$}
[2014-01-11 11:30:12 | 000,000,000 | -H-D | C] -- C:\{$3483-6183-1568-3845$}
[2014-01-15 15:26:12 | 000,000,090 | ---- | M] () -- C:\Documents and Settings\Czesio\Menu Start\Programy\Autostart\Windows.ini.url
[2014-01-15 15:25:15 | 000,625,152 | RHS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\392817338.exe
[2014-01-15 15:24:58 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\335936624.vbs
[2014-01-11 03:51:30 | 000,360,448 | RHS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\335936624.exe

:Commands
[emptytemp]

Kliknij Wykonaj skrypt.  Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).


(czeslaw89) #3

nowy log z OTL

http://www.wklej.org/id/1238022/

http://www.wklej.org/id/1238024/


(Acorus) #4

Przeskanuj programem Dr.WEB CureIt http://www.freedrweb.com/cureit/?lng=pl

Pokaż nowe logi.


(czeslaw89) #5

nowy log z OTL

http://www.wklej.org/id/1238340/


(Acorus) #6

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL
O4 - HKU\S-1-5-21-1229272821-1060284298-682003330-1004..\Run: [Windows Configuration] C:\Documents and Settings\All Users\Dane aplikacji\392817338.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows" File not found
O27 - HKLM IFEO\avcenter.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\avguard.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\avp.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\ccuac.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\ComboFix.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\keyscrambler.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\mbam.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\wireshark.exe: Debugger - euaie.exe File not found
O27 - HKLM IFEO\zlclient.exe: Debugger - euaie.exe File not found
[2014-01-16 13:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web
[2014-01-16 13:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Czesio\Doctor Web
[2014-01-15 15:25:37 | 000,000,000 | -H-D | C] -- C:\{$5365-6581-2698-7441-1850$}
[2014-01-03 08:21:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014-01-03 08:21:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014-01-03 08:21:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014-01-03 08:21:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-12-29 19:08:24 | 4286,054,400 | ---- | M] () -- C:\3590F75ABA9E485486C100C1A9D4FF06KLJFIOMVHWOWTUAC
[2014-01-03 08:21:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014-01-03 08:21:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014-01-03 08:21:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014-01-03 08:21:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014-01-03 08:21:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

:Commands
[emptytemp]

Kliknij Wykonaj skrypt.