Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Błąd nie można znaleźć pliku skryptu C:\Windows\run.vbs oraz czarny ekran

Adichuck 14 Mar 2016 09:32 966 4
  • #1 14 Mar 2016 09:32
    Adichuck
    Poziom 2  

    Witam wszystkich.

    Mam problem z systemem Winodws 10, po włączeniu komputera
    i wpisaniu hasła pojawia się czarny ekran
    oraz błąd Nie można znaleźć pliku skryptu C:\WINDOWS\run.vbs.
    Przeskanowałem komputer FRST i dalej nie wiem co mam robić.

    Proszę o pomoc

    Dołączam pliki z FRST

    0 4
  • Pomocny post
    #2 14 Mar 2016 10:29
    Kolobos
    Spec od komputerów

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CloseProcesses:
    CreateRestorePoint:
    CMD: fltmc detach bsdriver c: bsdriver
    Task: {037AB586-392C-4493-91E4-E2A6809F9AE0} - System32\Tasks\Ameanh => C:\PROGRA~1\GROOVE~1\Byljh.bat
    Task: {10EFF170-B63C-46DB-886F-840E8423D22E} - System32\Tasks\Ibogjil => C:\PROGRA~1\SHOPPE~1\Gosjh.bat
    Task: {19E5BDFD-ACB2-455E-B6A3-55262A70ACBC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {1E4F8644-EC20-47B0-BE86-313D12247D1A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {2918F333-2951-41C2-8D94-C9ED598B15FF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {573C7EA9-73A6-4C6D-9A43-AD35849D577B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {73E2E687-E373-4D69-A05F-8F509923BC1E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {9D663EC0-A67A-4AF7-B47C-BFA9CFDC7414} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {CEC0AB5D-3EF8-41B2-9B11-C4EDF92A9900} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D9CF269B-B391-4174-9606-FC10CB326C70} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {DDABED6D-A920-44D9-AFB4-18010F388CBA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {EF6CE20C-B886-45EF-9929-D41C09773673} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {F77760D0-13A2-4FBB-A666-DDD87548A7E7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {FE0B3343-7645-42D7-9586-6DDBE7E12338} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    ShortcutWithArgument: C:\Users\Natalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1457024874&a=1003081&src=sh&uuid=d3917135-f9ac-4e6b-afe3-6b7ef22b8619"
    ShortcutWithArgument: C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    Hosts:
    HKLM-x32\...\Run: [mpck_en_005030256] => [X]
    HKLM-x32\...\Run: [rec_pl_215] => [X]
    HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
    AppInit_DLLs: C:\ProgramData\Holdtam\Freshtoin.dll => C:\ProgramData\Holdtam\Freshtoin.dll [805376 2016-03-03] ()
    AppInit_DLLs-x32: C:\ProgramData\Holdtam\Freshtam.dll => No File
    AutoConfigURL: [S-1-5-21-3060489064-1735536452-3242977127-1002] => hxxp://un-stop.com/wpad.dat?5d9db252bb9d48b982eb8c331d089f187061486




    ManualProxies: 0hxxp://un-stop.com/wpad.dat?5d9db252bb9d48b982eb8c331d089f187061486
    HKU\S-1-5-21-3060489064-1735536452-3242977127-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...VCgBNpStidLy0mck35wOU6ibeSkLdAWiY981vA&q={searchTerms}
    HKU\S-1-5-21-3060489064-1735536452-3242977127-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.bing.com?pc=HPNTDFJS
    HKU\S-1-5-21-3060489064-1735536452-3242977127-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...VCgBNpStidLy0mck35wOU6ibeSkLdAWiY981vA&q={searchTerms}
    HKU\S-1-5-21-3060489064-1735536452-3242977127-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...VCgBNpStidLy0mck35wOU6ibeSkLdAWiY981vA&q={searchTerms}
    HKU\S-1-5-21-3060489064-1735536452-3242977127-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> {1D340984-D0FE-4459-99E7-AB3DFCB8598E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> {1D340984-D0FE-4459-99E7-AB3DFCB8598E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-3060489064-1735536452-3242977127-1002 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-3060489064-1735536452-3242977127-1002 -> {1D340984-D0FE-4459-99E7-AB3DFCB8598E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=...p;uid=TOSHIBAXMQ01ABF050_7431S5OKSXX7431S5OKS
    CHR HomePage: Default -> search.mpc.am
    CHR StartupUrls: Default -> "search.mpc.am"
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.istartpageing.com/?type=sc&ts=...p;uid=TOSHIBAXMQ01ABF050_7431S5OKSXX7431S5OKS
    S2 Holdtam; C:\ProgramData\\Holdtam\\Holdtam.exe shuz -f "C:\ProgramData\\Holdtam\\Holdtam.dat" -l -a
    R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2016-03-03] ()
    S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
    2016-03-13 17:44 - 2016-03-13 17:54 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
    2016-03-04 11:51 - 2016-03-04 11:51 - 00003406 _____ C:\WINDOWS\System32\Tasks\Ibogjil
    2016-03-04 11:51 - 2016-03-04 11:51 - 00000000 ____D C:\Users\Natalia\AppData\Roaming\TetaloBasforc
    2016-03-03 18:28 - 2016-03-13 17:53 - 00000000 ____D C:\Users\Natalia\AppData\Local\app
    2016-03-03 18:25 - 2016-03-13 17:55 - 00000000 ____D C:\Program Files\groover030320161858
    2016-03-03 18:25 - 2016-03-04 11:51 - 00000000 ____D C:\Users\Natalia\AppData\Local\Tempfolder
    2016-03-03 18:25 - 2016-03-03 18:25 - 00034712 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
    2016-03-03 18:25 - 2016-03-03 18:25 - 00003404 _____ C:\WINDOWS\System32\Tasks\Ameanh
    2016-03-03 18:25 - 2016-03-03 18:25 - 00000000 ____D C:\Users\Natalia\AppData\Roaming\MombVegi
    2016-03-03 18:25 - 2016-03-03 18:25 - 00000000 ____D C:\Users\Natalia\AppData\LocalLow\Company
    2016-03-03 18:25 - 2016-03-03 18:25 - 00000000 ____D C:\uninst
    2016-03-03 18:09 - 2016-03-04 13:26 - 00000000 ____D C:\ProgramData\Holdtam
    2016-03-03 18:09 - 2016-03-03 18:09 - 08037888 _____ C:\Users\Natalia\AppData\Roaming\agent.dat
    2016-03-03 18:09 - 2016-03-03 18:09 - 01901932 _____ C:\Users\Natalia\AppData\Roaming\Trueair.tst
    2016-03-03 18:09 - 2016-03-03 18:09 - 00126464 _____ C:\Users\Natalia\AppData\Roaming\noah.dat
    2016-03-03 18:09 - 2016-03-03 18:09 - 00065040 _____ C:\Users\Natalia\AppData\Roaming\Config.xml
    2016-03-03 18:09 - 2016-03-03 18:09 - 00018432 _____ C:\Users\Natalia\AppData\Roaming\Main.dat
    2016-03-03 18:09 - 2016-03-03 18:09 - 00000000 ____D C:\ProgramData\Holdtams
    2016-03-03 18:09 - 2016-03-03 18:08 - 00764416 _____ C:\Users\Natalia\AppData\Roaming\Trueair.exe
    2016-03-03 18:08 - 2016-03-03 18:09 - 00005568 _____ C:\Users\Natalia\AppData\Roaming\md.xml
    2016-03-03 18:08 - 2016-03-03 18:08 - 00848437 _____ C:\Users\Natalia\AppData\Roaming\VolDinfan.bin
    2016-03-03 18:08 - 2016-03-03 18:08 - 00764416 _____ C:\Users\Natalia\AppData\Roaming\RoundTip.exe
    2016-03-03 18:08 - 2016-03-03 18:08 - 00127488 _____ C:\Users\Natalia\AppData\Roaming\Installer.dat
    2016-03-03 18:08 - 2016-03-03 18:08 - 00126464 _____ C:\Users\Natalia\AppData\Roaming\lobby.dat
    2016-03-03 18:08 - 2016-03-03 18:08 - 00072851 _____ C:\Users\Natalia\AppData\Roaming\RoundTip.tst
    2016-03-03 18:08 - 2016-03-03 18:08 - 00054272 _____ C:\Users\Natalia\AppData\Roaming\ApplicationHosting.dat
    2016-03-03 18:08 - 2016-03-03 18:08 - 00015840 _____ C:\Users\Natalia\AppData\Roaming\InstallationConfiguration.xml
    2016-03-03 18:01 - 2016-03-03 18:25 - 00056728 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
    2016-03-03 18:09 - 2016-03-03 18:09 - 0032038 _____ () C:\Users\Natalia\AppData\Roaming\uninstall_temp.ico
    CMD: fltmc instances
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ i usun to co wykryje.

    Po wykonaniu zamiesc fixlog.txt oraz nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #4 14 Mar 2016 18:09
    Kolobos
    Spec od komputerów

    W ustawieniach Chrome zmien strone startowa na np. google.pl, wylacz tez przywracanie zestawu stron po starcie.

    Usun katalog C:\FRST i to wszystko.

    0
  • #5 14 Mar 2016 19:20
    Adichuck
    Poziom 2  

    Wszystko działa. Wielkie dzięki za pomoc.

    0