Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Windows 7 "Nie można znaleźć pliku skryptu C:\WINDOWS\run.vbs"

amelusia2005 04 Maj 2016 13:26 1164 8
  • #1 04 Maj 2016 13:26
    amelusia2005
    Poziom 6  

    Witam
    Po uruchomieniu Windows 7 Home Premium wyrzuca czarny ekran i komunikat "Nie można znaleźć pliku skryptu C:\WINDOWS\run.vbs"
    Zrobiłem scan programem FRST.exe i załączyłem plik z wynikiem.
    Proszę o pomoc co robić dalej?
    Z góry dziękuję

    0 8
  • #2 04 Maj 2016 13:32
    RADU23
    Moderator - Komputery Serwis

    Brak logu FRST.txt.

    0
  • #4 04 Maj 2016 16:38
    Acorus 20
    Spec od komputerów

    Wejdz do katalogu C:\Program Files (x86)\MPC Cleaner\ i uruchom uninstall.exe z prawami administratora.
    Odinstaluj AnySend, AVG Security Toolbar, Babylon Chrome Toolbar, Body Text Feathering, Cash Kitten, Complitly, Delta Chrome Toolbar, Delta toolbar, DownTango Launcher 1.6, groover, Internet Explorer Toolbar 4.6 by SweetPacks, Protected Search 1.1, Smart Suggestor, SpyHunter, SweetIM for Messenger 3.7, SweetPacks bundle uninstaller, Update Manager for SweetPacks 1.1, Yontoo 1.10.02. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {3FDD6136-5DDA-4D5C-87F2-DD9593C9BFB3} - \Pwtyfemuk Cache -> Brak pliku <==== UWAGA
    Task: {59D5B2C3-A687-4338-BFE0-6A8534B55FB8} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3D2FE5CB-228D-4641-8CF1-CDBD62D6A400}.exe
    Task: {5CB3FE82-ED79-4412-8A4B-42A7E29B188C} - \Go for FilesUpdate -> Brak pliku <==== UWAGA
    Task: {5E6CF33F-0B8B-4438-B3E1-B66832F54BD6} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rel => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe [2014-08-26] ()
    Task: {62C92B55-C160-42D4-A98D-2EBC45FADA07} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe <==== UWAGA
    Task: {7AE04DEF-3569-4310-B4CB-937058FA59E3} - \LuckyBrowse -> Brak pliku <==== UWAGA
    Task: {B6195F92-BC41-4740-A7E0-3E1D3A9137F6} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe [2014-08-26] ()
    Task: {BDB17D72-D6F9-4786-96EE-95432A08733C} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== UWAGA
    Task: {EBCBAB06-33B1-42C4-B435-65C70F041E87} - System32\Tasks\EPUpdater => C:\Users\MiAme\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== UWAGA
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3D2FE5CB-228D-4641-8CF1-CDBD62D6A400}.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\MiAme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1461797170&a=1024132&src=sh&uuid=56664c7e-52ed-490e-9cb2-59e999e70dad"
    ShortcutWithArgument: C:\Users\MiAme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1461797170&a=1024132&src=sh&uuid=56664c7e-52ed-490e-9cb2-59e999e70dad"




    ShortcutWithArgument: C:\Users\MiAme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.hohosearch.com/?ts=AHEqAHUpAnUmCE....1094652442A8F1C52E&ptid=ftp&mode=scrp
    ShortcutWithArgument: C:\Users\MiAme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1461797170&a=1024132&src=sh&uuid=56664c7e-52ed-490e-9cb2-59e999e70dad"
    ShortcutWithArgument: C:\Users\MiAme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.hohosearch.com/?ts=AHEqAHUpAnUmCE....1094652442A8F1C52E&ptid=ftp&mode=scrp
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.hohosearch.com/?ts=AHEqAHUpAnUmCE....1094652442A8F1C52E&ptid=ftp&mode=scrp
    Hosts:
    HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2662472 2016-04-18] ()
    HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
    HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-03] (AVG Secure Search)
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\...\Run: [AVG-Secure-Search-Update_0814tb] => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe [2782744 2014-08-26] ()
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\...\MountPoints2: D - D:\autorun.exe
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\...\MountPoints2: F - F:\autorun.exe
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\...\MountPoints2: {61c3da25-90c1-11e2-9c3e-685d4358e3f9} - D:\setup.exe
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\...\MountPoints2: {8a3ab78f-14da-11e5-9427-685d4358e3f9} - G:\LG_PC_Programs.exe
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\...\MountPoints2: {a201be2b-4afa-11e4-82eb-685d4358e3f9} - F:\autorun.exe
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\...\MountPoints2: {c6bbdd3b-54e6-11e2-bac8-685d4358e3f9} - D:\Autorun.exe
    AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    AutoConfigURL: [S-1-5-21-1285244978-3841898879-3903065326-1000] => hxxp://unstops.net/wpad.dat?0af3cabb40a7546d5746ff672d1788119485303
    ManualProxies: 0hxxp://unstops.net/wpad.dat?0af3cabb40a7546d5746ff672d1788119485303
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=119828&t...absrc=HP_ss_gin2g&mntrId=880D685D4358E3F6
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
    URLSearchHook: HKU\S-1-5-21-1285244978-3841898879-3903065326-1000 - (Brak nazwy) - {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - Brak pliku
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
    SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
    SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-1285244978-3841898879-3903065326-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-1285244978-3841898879-3903065326-1000 -> URL hxxp://www.searchgol.com/?q={searchTerms}&affID=119828&tt=gc_&babsrc=SP_ss_wls_Btisdt7&mntrId=880D685D4358E3F6
    SearchScopes: HKU\S-1-5-21-1285244978-3841898879-3903065326-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.max-start.com/?q={searchTerms}&affID=119828&tt=gc_&babsrc=SP_ss_wls_mib2&mntrId=880D685D4358E3F6
    SearchScopes: HKU\S-1-5-21-1285244978-3841898879-3903065326-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-21-1285244978-3841898879-3903065326-1000 -> {7947FDF1-84E6-4740-8407-21D3426B1927} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008653
    SearchScopes: HKU\S-1-5-21-1285244978-3841898879-3903065326-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-1285244978-3841898879-3903065326-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110055&tt=021012_ccp_4012_5&babsrc=SP_ss&mntrId=880d7f30000000000000685d4358e3f6
    SearchScopes: HKU\S-1-5-21-1285244978-3841898879-3903065326-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={A35A1F9E-830A-4830-9A13-72CCB516C70A}
    SearchScopes: HKU\S-1-5-21-1285244978-3841898879-3903065326-1000 -> ŰźĆîZ§’2ąŢpv¨IÍá*X(Ž2s(ŰÎŔJşÔÓµť± vË°!×—(äĽ48иpatm6ęo^Mp`Ëő÷_iŁw˜ľ!„Áű†x˘8€ŮjŔ˙ţ ´Ń;áa´[¦†8 ş~ŹRŮxśňÜ8'Ł-)x­ä­ URL =
    BHO: Complitly -> {0FB6A909-6086-458F-BD92-1F8EE10042A0} -> C:\Users\MiAme\AppData\Roaming\Complitly\64\Complitly64.dll [2012-04-08] (SimplyGen)
    BHO: Thfejo -> {461990CE-BB23-4AAB-8DFE-B03B7B1FFC1C} -> C:\Program Files\Thfejo\Zohoxo64.dll => Brak pliku
    BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\19.4.0.508\AVG Secure Search_toolbar.dll [2016-04-18] (AVG Secure Search)
    BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll [2013-05-20] (Delta-search.com)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
    BHO-x32: Smart Suggestor -> {DB536AF2-E422-402d-B7FD-887297F1A198} -> C:\Program Files (x86)\Smart Suggestor\SmartSuggestor.dll => Brak pliku
    BHO-x32: DownTango Launcher -> {e327b07a-0e11-4fd4-bef2-b2c5605b59c6} -> C:\Users\MiAme\AppData\Roaming\DownTangoFTToolbar\DownTangoFTToolbar.dll [2012-10-30] (Simplytech Ltd.)
    BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll => Brak pliku
    BHO-x32: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo\YontooIEClient.dll => Brak pliku
    Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\19.4.0.508\AVG Secure Search_toolbar.dll [2016-04-18] (AVG Secure Search)
    Toolbar: HKLM-x32 - DownTango Launcher - {e327b07a-0e11-4fd4-bef2-b2c5605b59c6} - C:\Users\MiAme\AppData\Roaming\DownTangoFTToolbar\DownTangoFTToolbar.dll [2012-10-30] (Simplytech Ltd.)
    Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll Brak pliku
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll [2013-05-20] (Delta-search.com)
    Toolbar: HKU\S-1-5-21-1285244978-3841898879-3903065326-1000 -> Brak nazwy - {3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} - Brak pliku
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.4.0\ViProtocol.dll [2016-04-18] (AVG Secure Search)
    FF DefaultSearchEngine: hohosearch
    FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=hohosearch
    FF Keyword.URL: hxxp://www.hohosearch.com/chrome.php?uid=3E77....&v=20160425&mode=ffexttoolbar&q=
    FF SearchPlugin: C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\7glaqw7p.default-1353760658690\searchplugins\babylon.xml [2013-06-01]
    FF SearchPlugin: C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\7glaqw7p.default-1353760658690\searchplugins\babylon1.xml [2013-01-16]
    FF SearchPlugin: C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\7glaqw7p.default-1353760658690\searchplugins\BrowserDefender.xml [2013-06-01]
    FF SearchPlugin: C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\7glaqw7p.default-1353760658690\searchplugins\delta.xml [2013-05-31]
    FF SearchPlugin: C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\babylon.xml [2013-06-01]
    FF SearchPlugin: C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\babylon1.xml [2013-01-16]
    FF SearchPlugin: C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\BrowserDefender.xml [2013-06-01]
    FF SearchPlugin: C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-04-28]
    FF SearchPlugin: C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\delta.xml [2013-05-31]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2016-04-18]
    CHR HomePage: Default -> hxxp://www.hohosearch.com/?mode=nnnb&ptid...F1C52E&v=20160425&ts=AHEqAHUpAnUmCE....
    CHR StartupUrls: Default -> "hxxp://www.hohosearch.com/?mode=nnnb&ptid=ftp&uid=3E773B471316331094652442A8F1C52E&v=20160425&ts=AHEqAHUpAnUmCE.."
    CHR DefaultSearchURL: Default -> hxxp://www.hohosearch.com/chrome.php?q={searchTerms}&ts=AHEqAHUpAnUmCE..&v=20160425&uid=3E773B471316331094652442A8F1C52E&ptid=ftp&mode=nnnb
    CHR DefaultSearchKeyword: Default -> hohosearch
    R2 D1CDD011-C345-4723-828C-CBCAEF9498D2; "C:\Program Files\Thfejo\Noeousxu.exe" [X]
    R2 NeevjKinte; "C:\Program Files\Thfejo\NeevjKinte.exe" [X]
    S2 Thfejo Updater; C:\Program Files\Thfejo\Rivuo.exe [X]
    S2 Update Mgr CashKitten; "C:\Program Files (x86)\Common Files\d8986107-dff3-4565-a17b-637d7c3968d3\updater.exe" [X] <==== UWAGA
    S1 cherimoya; system32\drivers\cherimoya.sys [X]
    2016-04-30 13:38 - 2016-05-01 13:35 - 00000000 ____D C:\Program Files\Thfejo
    2016-04-30 13:38 - 2016-04-30 17:09 - 00000000 ____D C:\Users\MiAme\AppData\Roaming\QarmKunbuj
    2016-04-30 13:38 - 2016-04-30 13:38 - 00027456 _____ C:\Windows\system32\Drivers\bsdpf64.sys
    2016-04-30 13:38 - 2016-04-30 13:38 - 00026944 _____ C:\Windows\system32\Drivers\bsdpr64.sys
    2016-04-30 13:38 - 2016-04-30 13:38 - 00000000 ____D C:\Users\MiAme\AppData\LocalLow\Company
    2016-04-30 13:38 - 2016-04-30 13:38 - 00000000 ____D C:\Users\MiAme\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2016-04-30 13:38 - 2016-04-30 13:38 - 00000000 ____D C:\Users\MiAme\AppData\Local\Tempfolder
    2016-04-30 13:38 - 2016-04-30 13:38 - 00000000 ____D C:\uninst
    2016-04-30 13:38 - 2016-04-30 13:38 - 00000000 ____D C:\Program Files\ThfejoUn
    2016-04-30 13:38 - 2016-04-30 13:38 - 00000000 _____ C:\Windows\SysWOW64\Number of results
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pokaż nowy raport z FRST bez Addition i Shortcut.

    0
  • #5 05 Maj 2016 09:39
    amelusia2005
    Poziom 6  

    Witam
    Wykonałem wszystko tak jak w instrukcji. Były problemy z usunięciem niektórych programów, ale jakoś się udało.

    Jedyne po uruchomieniu wyskakuje komunikat.
    Nie można znaleźć aparatu skryptu "VBScript" dla skryptu "C:\Program Data\Sony Corporation\VAIO Care\DelSelfPatch.vbs"
    Poza tym komputer strasznie muli. Po każdym kliknięciu czekam kilka kilkanaście sekund.
    Dołączam plik FRST.txt

    Z góry dziękuje za pomoc :spoko:

    0
  • #7 05 Maj 2016 09:55
    Kolobos
    Spec od komputerów

    Nie pobieraj programow z dobrychprogramow przy pomocy ich menadzera pobierania, ktory instaluje szkodliwe oprogramowanie.

    Uzyj: http://www.bleepingcomputer.com/download/adwcleaner/ - Opcja Szukaj i Usun.

    Wykonaj nowy Fixlist.txt dla FRST:
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\...\MountPoints2: {61c3da25-90c1-11e2-9c3e-685d4358e3f9} - D:\setup.exe
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\...\MountPoints2: {a201be2b-4afa-11e4-82eb-685d4358e3f9} - F:\autorun.exe
    Tcpip\..\Interfaces\{29BA5FDA-404C-4266-B0B4-067BFD09D322}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{341C7144-9AF7-4179-8A1E-5926F925A293}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{551138DE-E6E9-4BAF-BB9B-2328BEDDF6DB}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{7AE77E75-8DA4-485C-8AE1-048C1FC25258}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{C094D053-20AF-403E-A6D0-2337A9020A98}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{C46C74EF-5F5D-4F54-A514-F936675541BD}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{C850164B-F77B-4721-83E0-AC3DC3FB62FD}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{D5A3C10A-C36D-4287-B63F-D6E57C97B030}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{FFF10FCC-B6FF-422D-B05A-7224EA6150C1}: [NameServer] 104.197.191.4
    BHO-x32: Complitly -> {0FB6A909-6086-458F-BD92-1F8EE10042A0} -> C:\Users\MiAme\AppData\Roaming\Complitly\Complitly.dll => Brak pliku
    BHO-x32: Thfejo -> {461990CE-BB23-4AAB-8DFE-B03B7B1FFC1C} -> C:\Program Files\Thfejo\Zohoxo.dll => Brak pliku
    FF NewTab:
    FF SearchEngineOrder.1:
    FF SelectedSearchEngine:
    FF Homepage: search.mpc.am
    FF user.js: detected! => C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\7glaqw7p.default-1353760658690\user.js [2016-04-30]
    FF Extension: Star Stable Online - C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\plugin@starstable.com [2016-04-28] [Brak podpisu cyfrowego]
    FF Extension: Babylon Toolbar - C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\7glaqw7p.default-1353760658690\Extensions\ffxtlbr@babylon.com [2013-01-16] [Brak podpisu cyfrowego]
    FF Extension: Delta Toolbar - C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\7glaqw7p.default-1353760658690\Extensions\ffxtlbr@delta.com [2013-05-31] [Brak podpisu cyfrowego]
    FF Extension: Star Stable Online - C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\7glaqw7p.default-1353760658690\Extensions\plugin@starstable.com [2015-04-04] [Brak podpisu cyfrowego]
    FF Extension: Cash Kitten - C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\7glaqw7p.default-1353760658690\Extensions\{a8edd05a-a96c-48c2-8eb2-1e65dc4461b7}.xpi [2016-04-26] [Brak podpisu cyfrowego]
    FF Extension: GsearchFinder - C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-04-18]
    FF Extension: Babylon Toolbar - C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\ffxtlbr@babylon.com [2016-04-28] [Brak podpisu cyfrowego]
    FF Extension: Delta Toolbar - C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\ffxtlbr@delta.com [2016-04-28] [Brak podpisu cyfrowego]
    FF Extension: Cash Kitten - C:\Users\MiAme\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{a8edd05a-a96c-48c2-8eb2-1e65dc4461b7}.xpi [2016-04-26] [Brak podpisu cyfrowego]
    FF Extension: Brak nazwy - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2016-03-21] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.9.0.230 => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => nie znaleziono
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono
    FF HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension => nie znaleziono
    CHR Extension: (Cash Kitten) - C:\Users\MiAme\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddcelihmlalhjjdlleholbkejipbcemf [2016-04-28] [UpdateUrl: hxxp://cdn.cashkitten.net/update] <==== UWAGA
    CHR Extension: (Babylon Toolbar) - C:\Users\MiAme\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2014-04-16] [UpdateUrl: hxxp://img.babylon.com/ext/chrome/update/update2.xml] <==== UWAGA
    CHR Extension: (Complitly plugin for chrome) - C:\Users\MiAme\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda [2014-04-16] [UpdateUrl: hxxp://www.predictad.com/update/chrome/?si=26525&ver=1.1] <==== UWAGA
    CHR Extension: (Delta Toolbar) - C:\Users\MiAme\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2014-04-16] [UpdateUrl: hxxp://upd.info-stream.net/chromecrx/update.php] <==== UWAGA
    CHR Extension: (DownTango Launcher) - C:\Users\MiAme\AppData\Local\Google\Chrome\User Data\Default\Extensions\gladcbhcbkdeddbidiblppadjdjalidb [2014-04-16] [UpdateUrl: hxxp://update.toolbar.widdit.com/chrome/?si=41460&ti=2937&ver=1.6] <==== UWAGA
    CHR HKLM-x32\...\Chrome\Extension: [gladcbhcbkdeddbidiblppadjdjalidb] - C:\Program Files (x86)\DownTangoFTToolbar\chrome\DownTangoFTToolbar.crx [2012-11-04]
    CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2012-10-03]
    S1 bsdpf64; \??\C:\Windows\system32\Drivers\bsdpf64.sys [X]
    S1 bsdpr64; \??\C:\Windows\system32\Drivers\bsdpr64.sys [X]
    S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
    Task: {30AFB2F5-9FE7-481C-9513-8BA5EF07BB05} - System32\Tasks\Sony Corporation\VAIO Care\DelSelfPatch => C:\ProgramData\Sony Corporation\VAIO Care\DelSelfPatch.vbs [2011-11-30] ()
    2016-04-30 13:58 - 2016-04-30 14:43 - 00000000 ____D C:\Users\MiAme\AppData\Local\app
    2016-04-30 13:57 - 2016-04-30 13:58 - 00000000 ____D C:\Program Files (x86)\ContentPush
    2016-04-30 13:38 - 2016-05-04 17:28 - 00000000 ____D C:\Users\MiAme\AppData\Local\4F5F7B10-1462023493-11E0-BB3E-30F9EDEB5240
    2016-04-30 13:38 - 2016-05-01 13:35 - 00000000 ____D C:\Users\MiAme\AppData\Roaming\Duhfhzudi
    2016-04-28 16:49 - 2016-04-28 16:49 - 00000000 ____D C:\Users\MiAme\AppData\Roaming\MCorp
    2016-04-28 16:30 - 2016-05-04 18:35 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-04-28 16:30 - 2016-04-30 13:48 - 00000000 ____D C:\Program Files (x86)\hohobnd_1f8288
    2016-04-28 16:30 - 2016-04-28 16:43 - 00000000 ____D C:\Program Files (x86)\hohobnd
    2016-04-28 16:30 - 2016-04-28 16:30 - 00000000 ____D C:\Users\MiAme\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
    2016-04-28 16:29 - 2016-04-28 16:30 - 00000000 ____D C:\Users\Public\Documents\dmp
    2016-04-28 15:57 - 2016-05-04 19:34 - 00000008 __RSH C:\ProgramData\ntuser.pol
    2016-04-28 00:49 - 2016-05-04 17:25 - 00000000 ____D C:\Users\MiAme\AppData\Roaming\ASPackage
    2016-04-28 00:49 - 2016-05-01 14:04 - 00000000 ____D C:\Program Files (x86)\4F5F7B10-1461797377-11E0-BB3E-30F9EDEB5240
    2016-04-28 00:49 - 2016-04-30 17:36 - 00000000 ____D C:\Program Files (x86)\SrpnFiles
    2016-04-28 00:49 - 2016-04-28 00:49 - 00001907 _____ C:\Users\Public\Desktop\SrpnFiles.lnk
    2016-04-28 00:49 - 2016-04-28 00:49 - 00000000 ____D C:\Users\MiAme\AppData\Roaming\SpringFiles
    2016-04-28 00:49 - 2016-04-28 00:49 - 00000000 ____D C:\Users\MiAme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
    2016-04-28 00:49 - 2016-04-28 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles
    2016-04-28 00:49 - 2016-04-28 00:47 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2016-04-28 00:48 - 2016-04-28 00:48 - 00003590 _____ C:\Windows\System32\Tasks\Internet Quick Access Updater
    2016-04-28 00:48 - 2016-04-28 00:48 - 00003376 _____ C:\Windows\System32\Tasks\IQA
    2016-04-28 00:47 - 2016-04-28 00:47 - 00000000 ____D C:\Users\MiAme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Quick Access
    2016-04-28 00:46 - 2016-04-30 17:22 - 00000000 ____D C:\Program Files (x86)\Cash Kitten
    2016-04-28 00:46 - 2016-04-30 17:05 - 00000000 ____D C:\ProgramData\d8986107-dff3-4565-a17b-637d7c3968d3
    2016-04-28 00:46 - 2016-04-30 13:48 - 00015840 _____ C:\Users\MiAme\AppData\Roaming\InstallationConfiguration.xml
    2016-04-28 00:46 - 2016-04-30 13:47 - 00127488 _____ C:\Users\MiAme\AppData\Roaming\Installer.dat
    2016-04-28 00:46 - 2016-04-28 00:47 - 00000000 ____D C:\Users\MiAme\AppData\Local\Chromium
    2016-04-28 00:46 - 2016-04-28 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
    2016-04-28 00:46 - 2016-04-28 00:46 - 00000000 ____D C:\ProgramData\LuckyBrowse
    2016-04-28 00:46 - 2016-04-28 00:46 - 00000000 ____D C:\Program Files (x86)\LuckyBrowse
    2016-04-28 00:35 - 2016-04-28 00:35 - 00971123 _____ ( ) C:\Users\MiAme\Downloads\ClipGrab-35426-dp.exe
    2016-04-07 14:15 - 2016-04-07 14:15 - 00003662 _____ C:\Windows\System32\Tasks\ShdUpdate
    2016-05-04 19:28 - 2012-11-04 11:53 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
    2016-05-04 18:03 - 2012-11-06 20:03 - 00000000 ____D C:\Program Files (x86)\SweetIM
    2016-05-04 17:35 - 2012-10-03 14:40 - 00000000 ____D C:\Program Files (x86)\Smart Suggestor
    2016-05-04 17:31 - 2012-11-04 11:53 - 00000000 ____D C:\Program Files (x86)\DownTangoFTToolbar
    2016-05-04 17:28 - 2013-01-16 02:55 - 00000000 ____D C:\Users\MiAme\AppData\Roaming\BabSolution
    2016-05-01 14:05 - 2012-10-03 14:40 - 00000000 ____D C:\Program Files (x86)\Yontoo
    2013-06-29 22:57 - 2014-06-26 07:36 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    2016-04-28 00:46 - 2016-04-30 13:48 - 0015840 _____ () C:\Users\MiAme\AppData\Roaming\InstallationConfiguration.xml
    2016-04-28 00:46 - 2016-04-30 13:47 - 0127488 _____ () C:\Users\MiAme\AppData\Roaming\Installer.dat


    Zrob pelny skan przy pomocy http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ i usun to co wykryje.

    Zamiesc nowe logi z FRST, ze skanowania, lacznie z NOWYM addition.txt.

    0
  • #9 05 Maj 2016 16:25
    Kolobos
    Spec od komputerów

    Zainstaluj aktualizacje stad: https://support.microsoft.com/en-us/kb/2545227

    Wykonaj nowy Fixlist.txt dla FRST:
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpf64.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpr64.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpf64.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpr64.sys => ""="Driver"
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\...\MountPoints2: {61c3da25-90c1-11e2-9c3e-685d4358e3f9} - D:\setup.exe
    HKU\S-1-5-21-1285244978-3841898879-3903065326-1000\...\MountPoints2: {a201be2b-4afa-11e4-82eb-685d4358e3f9} - F:\autorun.exe
    FF Keyword.URL: undefined://undefined/
    2016-05-05 13:49 - 2016-05-05 14:01 - 00000000 ____D C:\AdwCleaner

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    Mbam zostaw i skanuj co jakis czas.

    0