Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

HP 2000, Win 8 - "Nie można znaleźć pliku skryptu C:\WINDOWS\run.vbs"

Nifrija 16 Mar 2016 23:04 588 4
  • #1 16 Mar 2016 23:04
    Nifrija
    Poziom 2  

    Komputer uruchamia się do momentu kiedy powinien pojawić się pulpit. Wyskakuje komunikat "Nie można znaleźć pliku skryptu C:\WINDOWS\run.vbs". Nie da się uruchomić pulpitu poprzez menadżera zadań: C:\Windows\explorer.exe Poniżej zamieszczam logi z FRST. Z góry dziękuję za pomoc :)

    0 4
  • CControls
  • #2 17 Mar 2016 07:20
    krzychupar
    Poziom 40  

    Uaktualnij Javę.
    Odinstaluj:
    MobilePCStarterKit 000.005030269 (HKLM-x32\...\mpck_en_005030269_is1) (Version: - MOBILEPCSTARTERKIT) <==== ATTENTION
    MPC Cleaner

    Otwórz notatnik i wklej zawartość:
    Task: {3706556B-C2EB-4FD4-947D-D6AD55E0968A} - System32\Tasks\{14FAD6B9-23BE-4E3F-9343-C4BE618AA17E} => pcalua.exe -a C:\Users\Agnes\Downloads\cenega_poland_oblivion_pl.exe -d C:\Users\Agnes\Downloads
    Task: {7E856275-89F2-44BF-B670-4FB9BE83D596} - System32\Tasks\Opera scheduled Autoupdate 1377836439 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-01] (Opera Software)
    Hosts:
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
    HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
    HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\MountPoints2: {3bb15eca-d091-11e5-bf55-7446a0cab722} - "G:\LaunchU3.exe" -a
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\MountPoints2: {4daa481b-103e-11e4-beab-7446a0cab722} - "G:\LGAutoRun.exe"
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\MountPoints2: {4eac68fb-3c45-11e5-bf0f-7446a0cab722} - "G:\LGAutoRun.exe"
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\MountPoints2: {511c7434-74e9-11e4-beb7-7446a0cab722} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL G:\Common_Handset_USB_Driver.exe
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\MountPoints2: {c0432e49-637b-11e4-beb4-7446a0cab722} - "G:\LGAutoRun.exe"
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\MountPoints2: {eaccec54-0c58-11e3-be7e-7446a0cab722} - "H:\AutoRun.exe"
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\MountPoints2: {eaccec97-0c58-11e3-be7e-7446a0cab722} - "F:\AutoRun.exe"
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_re...ndex.jsp?lg=en&pid=NIS&pvid=20.4.0.40
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_re...ndex.jsp?lg=en&pid=NIS&pvid=20.4.0.40




    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_re...ndex.jsp?lg=en&pid=NIS&pvid=20.4.0.40
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.bing.com?pc=HPNTDFJS
    SearchScopes: HKLM -> {CEE37EE4-59E4-46A6-AB0E-E869AA39F7D5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {CEE37EE4-59E4-46A6-AB0E-E869AA39F7D5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKU\S-1-5-21-2283067170-4182370499-1660799335-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    IE Session Restore: HKU\S-1-5-21-2283067170-4182370499-1660799335-1001 -> is enabled.
    FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Agnes\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
    CHR StartupUrls: Default -> "hxxp://www.mysites123.com/?type=hp&ts=1458162606&z=aa46dc6cb493471848b360dg6zdwabag1q6odqeg3g&from=tt4u&uid=ST500LT012-9WS142_W0V7DLH1"
    CHR DefaultSearchURL: Default -> hxxp://mysites123.com/web?type=ds&ts=1458...t4u&uid=ST500LT012-9WS142_W0V7DLH1&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> mysites123
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.mysites123.com/?type=sc&ts=145...;from=tt4u&uid=ST500LT012-9WS142_W0V7DLH1
    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
    S1 wfdrvr_vw_1_10_0_28; system32\drivers\wfdrvr_vw_1_10_0_28.sys [X]
    S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnet; \SystemRoot\system32\DRIVERS\ZTEusbnet.sys [X]
    S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]
    2016-03-16 22:10 - 2016-03-16 22:11 - 00000000 ____D C:\ProgramData\pWdMp
    2016-03-16 22:05 - 2016-03-16 22:05 - 00000000 ____D C:\ProgramData\FWdMF
    2016-03-16 22:04 - 2016-03-16 22:04 - 00000000 ____D C:\ProgramData\9WdM9
    2016-03-16 22:03 - 2016-03-16 22:03 - 00000000 ____D C:\Users\Agnes\AppData\Roaming\MCorp
    2016-03-16 22:02 - 2016-03-16 22:09 - 00000000 ____D C:\Program Files (x86)\SunnyDayApps
    2016-03-16 22:02 - 2016-03-16 22:09 - 00000000 ____D C:\Program Files (x86)\rec_pl_227
    2016-03-16 22:02 - 2016-03-16 22:02 - 00000000 ____D C:\Users\Agnes\AppData\Local\rec_pl_227
    2016-03-16 21:49 - 2016-03-16 22:09 - 00000000 ____D C:\Users\Agnes\AppData\Local\SunnyDay21
    2016-03-16 21:49 - 2016-03-16 22:05 - 00000000 ____D C:\Program Files (x86)\SunnyDay21
    2016-03-16 21:48 - 2016-03-16 21:48 - 00000000 ____D C:\Users\Agnes\AppData\Local\app
    2016-03-16 21:47 - 2016-03-16 22:17 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-03-16 21:47 - 2016-03-16 21:59 - 00000000 ____D C:\Users\Agnes\AppData\Local\mpck_en_005030269
    2016-03-16 21:47 - 2016-03-16 21:48 - 00000000 ____D C:\Program Files (x86)\mpck_en_005030269
    2016-03-16 21:47 - 2016-03-16 21:47 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-03-16 22:18 - 2015-02-04 22:42 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze obok C:\Users\Magda\Downloads\FRST64.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • Pomocny post
    #3 17 Mar 2016 07:21
    Kolobos
    Spec od komputerów

    Niestety z poziomu systemu nie usuniesz tej infekcji.

    Odinstaluj:
    MobilePCStarterKit 000.005030269
    SunnyDayApps Maintenance 008.227
    SunnyDay


    Uruchom winre o tak: http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartuj%C4%85cych-windows/ i dopiero tam wlacz frst i wykonaj reszte.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {3706556B-C2EB-4FD4-947D-D6AD55E0968A} - System32\Tasks\{14FAD6B9-23BE-4E3F-9343-C4BE618AA17E} => pcalua.exe -a C:\Users\Agnes\Downloads\cenega_poland_oblivion_pl.exe -d C:\Users\Agnes\Downloads
    Task: {7E856275-89F2-44BF-B670-4FB9BE83D596} - System32\Tasks\Opera scheduled Autoupdate 1377836439 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-01] (Opera Software)
    Hosts:
    HKLM-x32\...\Run: [mpck_en_005030269] => C:\Program Files (x86)\mpck_en_005030269\mpck_en_005030269.exe [3967664 2016-03-16] ()
    HKLM-x32\...\Run: [sun21] => C:\Program Files (x86)\SunnyDay21\SunnyDay.exe [3964592 2016-03-16] ()
    HKLM-x32\...\Run: [rec_pl_227] => C:\Program Files (x86)\rec_pl_227\rec_pl_227.exe [3967152 2016-03-14] ()
    HKLM\...\RunOnce: [WINDOWS_SCREEN_MANAGER_UPDATER] => C:\Program Files\Windows Screen Manager\Windows screen manage updater.exe [15360 2016-03-16] (Wizzservices)
    HKLM-x32\...\RunOnce: [upmpck_en_005030269.exe] => C:\Users\Agnes\AppData\Local\mpck_en_005030269\upmpck_en_005030269.exe [3159728 2016-03-16] ()
    HKLM-x32\...\RunOnce: [usun.exe] => C:\Users\Agnes\AppData\Local\SunnyDay21\usun.exe [3161776 2016-03-16] ()
    HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
    HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\Run: [Media Assistant] => C:\Users\Agnes\AppData\Roaming\Media-Assistant\Updater.exe [1140224 2015-08-06] ()
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [24226 2016-03-16] ()
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\MountPoints2: {3bb15eca-d091-11e5-bf55-7446a0cab722} - "G:\LaunchU3.exe" -a
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\MountPoints2: {4daa481b-103e-11e4-beab-7446a0cab722} - "G:\LGAutoRun.exe"
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\MountPoints2: {4eac68fb-3c45-11e5-bf0f-7446a0cab722} - "G:\LGAutoRun.exe"
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\MountPoints2: {511c7434-74e9-11e4-beb7-7446a0cab722} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL G:\Common_Handset_USB_Driver.exe
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\MountPoints2: {c0432e49-637b-11e4-beb4-7446a0cab722} - "G:\LGAutoRun.exe"
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\MountPoints2: {eaccec54-0c58-11e3-be7e-7446a0cab722} - "H:\AutoRun.exe"
    HKU\S-1-5-21-2283067170-4182370499-1660799335-1001\...\MountPoints2: {eaccec97-0c58-11e3-be7e-7446a0cab722} - "F:\AutoRun.exe"
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    SearchScopes: HKLM -> {CEE37EE4-59E4-46A6-AB0E-E869AA39F7D5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {CEE37EE4-59E4-46A6-AB0E-E869AA39F7D5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKU\S-1-5-21-2283067170-4182370499-1660799335-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    IE Session Restore: HKU\S-1-5-21-2283067170-4182370499-1660799335-1001 -> is enabled.
    FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Agnes\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
    CHR HomePage: Default -> gazeta.allplayer.org/
    CHR StartupUrls: Default -> "hxxp://www.mysites123.com/?type=hp&ts=1458162606&z=aa46dc6cb493471848b360dg6zdwabag1q6odqeg3g&from=tt4u&uid=ST500LT012-9WS142_W0V7DLH1"
    CHR DefaultSearchURL: Default -> hxxp://mysites123.com/web?type=ds&ts=1458...t4u&uid=ST500LT012-9WS142_W0V7DLH1&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> mysites123
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.mysites123.com/?type=sc&ts=145...;from=tt4u&uid=ST500LT012-9WS142_W0V7DLH1
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-03-16] (DotC United Inc)
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-03-16] (DotC United Inc)
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
    S1 wfdrvr_vw_1_10_0_28; system32\drivers\wfdrvr_vw_1_10_0_28.sys [X]
    S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnet; \SystemRoot\system32\DRIVERS\ZTEusbnet.sys [X]
    S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]
    2016-03-16 22:10 - 2016-03-16 22:11 - 00000000 ____D C:\ProgramData\pWdMp
    2016-03-16 22:05 - 2016-03-16 22:05 - 00000000 ____D C:\ProgramData\FWdMF
    2016-03-16 22:04 - 2016-03-16 22:04 - 00000000 ____D C:\ProgramData\9WdM9
    2016-03-16 22:03 - 2016-03-16 22:03 - 00000000 ____D C:\Users\Agnes\AppData\Roaming\MCorp
    2016-03-16 22:02 - 2016-03-16 22:09 - 00000000 ____D C:\Program Files (x86)\SunnyDayApps
    2016-03-16 22:02 - 2016-03-16 22:09 - 00000000 ____D C:\Program Files (x86)\rec_pl_227
    2016-03-16 22:02 - 2016-03-16 22:02 - 00000000 ____D C:\Users\Agnes\AppData\Local\rec_pl_227
    2016-03-16 21:49 - 2016-03-16 22:09 - 00000000 ____D C:\Users\Agnes\AppData\Local\SunnyDay21
    2016-03-16 21:49 - 2016-03-16 22:05 - 00000000 ____D C:\Program Files (x86)\SunnyDay21
    2016-03-16 21:48 - 2016-03-16 21:48 - 00000000 ____D C:\Users\Agnes\AppData\Local\app
    2016-03-16 21:48 - 2016-03-16 21:48 - 00000000 ____D C:\Program Files\Windows Screen Manager
    2016-03-16 21:47 - 2016-03-16 22:17 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-03-16 21:47 - 2016-03-16 21:59 - 00000000 ____D C:\Users\Agnes\AppData\Local\mpck_en_005030269
    2016-03-16 21:47 - 2016-03-16 21:48 - 00000000 ____D C:\Program Files (x86)\mpck_en_005030269
    2016-03-16 21:47 - 2016-03-16 21:47 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-03-16 21:46 - 2016-03-16 21:46 - 00000000 _____ C:\Windows\SysWOW64\Number of results
    2016-03-16 22:18 - 2015-02-04 22:42 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    W FRST wybierz Napraw.

    1
  • #4 17 Mar 2016 19:12
    Nifrija
    Poziom 2  

    Wszystko działa :) Dziękuję bardzo :)

    0
  • #5 17 Mar 2016 23:22
    RADU23
    Moderator - Komputery Serwis

    Usuń folder C:\FRST i to wszystko.
    HP 2000, Win 8 - "Nie można znaleźć pliku skryptu C:\WINDOWS\run.vbs"

    0