Błąd "Nie można znaleźc pliku skryptu"

Oprogramowanie komputerowe Problemy z oprogramowaniem
#1

Witam serdecznie.

Od kilku dni po włączeniu komputera i zalogowaniu sie na pulpicie pojawia się taki błąd: Nie można znaleźc pliku skryptu “C:WINDOWS\system32\killVBS.vbs”

Co mam zrobic? Czytałem trochę na innych forach i nic z tego nie rozumiem. Proszę o pomoc. ![-o<

Logi z hijackthis:


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:32:54, on 2009-06-25

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Lexmark 2500 Series\lxddamon.exe

C:\Program Files\Lexmark 2500 Series\lxddmon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe

C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Documents and Settings\Komputer PC\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe

C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe

C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxddcoms.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killVBS.vbs

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: (no name) - {302D49CA-575B-4262-9B8C-2F26C2D9F83A} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe

O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Komputer PC\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: UniSpiker-2.6.lnk = ?

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Extract Flash Video with Bytescout... - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html

O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm

O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Extract Flash Video with Bytescout... - {B9794600-E162-485E-9015-6EE4D4E008BA} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: (no name) - {FAA8A9C6-6B5D-41C6-A5CC-A4995C3A2209} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html

O9 - Extra 'Tools' menuitem: Extract Flash Video with Bytescout... - {FAA8A9C6-6B5D-41C6-A5CC-A4995C3A2209} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{67023029-7A5E-44D7-8E2A-70D9F49547F9}: NameServer = 10.0.0.138,194.204.152.34

O20 - Winlogon Notify: byXQGawX - byXQGawX.dll (file missing)

O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: G DATA Scheduler (AVKService) - G DATA Software - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe

O23 - Service: Strażnik AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


--

End of file - 12087 bytes
#2

Logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link.

Fix w HiJackThis: ( Do a system scan only -> zaznaczasz pola przy podanych niżej wpisach -> Fix checked )

Daj logi z OTL - OTL.txt i Extras.txt.

#3

ok. zrobiłem jak kazałeś.

logi z OTL:

otl.txt - http://wklej.to/W0Q5

extras.txt - http://wklej.to/pRfy

#4

W Custom Scans/Fixes w OTL wklej:

:OTL

PRC - [2008-04-14 22:51:18 | 01,553,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

O4 - HKLM..\Run: [FaxCenterServer] File not found

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)


:Commands

[emptytemp]

[start explorer]

[Reboot]

Klikasz Run Fix. Restart. Pokaż log z usuwania OTL.

#5

Oto log który pojawił sie po włączeniu kompa. myśle że to o tego chodzi:

http://wklej.to/vSQg

#6

Chyba źle wkleiłeś skrypt, bo :Commands nie zadziałało poprawnie.

Ale to nie ma marginalnego znaczenia.

W OTL kliknij Clean Up.

Przeczyść system CCleanerem.

Usuń zbędniki z autostartu.

Wykonaj pełny skan Malwarebytes’ Anti-Malware - znalezione obiekty usuń.

Gdy będą wirusy pokaż raport.

#7

Zeskanowałem programem Malwarebytes’ Anti-Malware, wyniki usunąłęm.

Raport:

Malwarebytes' Anti-Malware 1.38

Wersja bazy definicji: 2333

Windows 5.1.2600 Dodatek Service Pack 3


2009-06-25 14:30:22

mbam-log-2009-06-25 (14-30-22).txt


Typ skanowania: Pełne skanowanie (C:\|)

Przeskanowane obiekty: 233126

Upłynęło: 1 hour(s), 33 minute(s), 11 second(s)


Zainfekowane procesy w pamięci: 0

Zainfekowane moduły pamięci: 0

Zainfekowane klucze rejestru: 4

Zainfekowane wartości rejestru: 1

Zainfekowane pliki rejestru: 4

Zainfekowane foldery: 5

Zainfekowane pliki: 0


Zainfekowane procesy w pamięci:

(Nie wykryto groźnych plików)


Zainfekowane moduły pamięci:

(Nie wykryto groźnych plików)


Zainfekowane klucze rejestru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{302d49ca-575b-4262-9b8c-2f26c2d9f83a} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.


Zainfekowane wartości rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{302d49ca-575b-4262-9b8c-2f26c2d9f83a} (Trojan.Vundo) -> Quarantined and deleted successfully.


Zainfekowane pliki rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdplf.exe -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.


Zainfekowane foldery:

C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\myglobalsearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.


Zainfekowane pliki:

(Nie wykryto groźnych plików)
#8

Nic szkodliwego, jeśli usunięte to powinno być :spoko:

Dla zabezpieczenia zastosuj Flash Disinfector na wszystkich dyskach oraz (szczególnie) pamięciach przenośnych.

#9

Wielkie dzięki za pomoc. sory ze tak późno. :wink: :smiley: