Brontok, nie można wejść na dyski, program Autoruns zablokowany

baciar · 23 Lipca 2011

Witam

Mam następujący problem z komputerem

Windows przestał się uruchamiać. Tzn startował ale pojawiała się tapeta bez ikon. Jeśli dałem Alt+crtl+delete to pojawiał się Menadzer zadań i chciałem uruchomić explorer.exe ale nic się nie pojawiało. Ale jak wpisałem w Nowe Zadanie (uruchom) np c: to wyskakiwał jakiś błąd ale pojawiały się ikony. Jednak po chwili wyskakiwała strona w IE w jakimś dziwnym języku, coś z napisami Brontok i za chwilę system uruchamiał się ponownie.

Postanowiłem podpiąć dysk do innego kompa i go przeskanować. Zapuściłem Kaspersky Virus Removal Tool. Nie jestem w stanie umieścić raportu z niego bo nie wiem czemu ale po restarcie skasował się z kompa. W każdym bądź razie znalazł na pewno mnóstwo wystąpień wirusa Brontok chyba H i jakiegoś Autoruns. Z tego co pamiętam na dyskach były także pliki explore.exe. z jakimś trojanem chyba. Wszystko usunąłem.

Po przeskanowaniu i zapięciu dysku z powrotem do kompa system wstaje i pojawiają się ikony.

Pojawiają się jednak błędy.

Dwa pierwsze będące w jednej linijce pojawiają się przy starcie systemu

Dwa poniższe takie same pojawiają się jak chcę otworzyć z mojego komputera dyski D oraz E. Dysk C otwiera się normalnie.

Da się otworzyć wybierając z menu kontekstowego eksploruj. Jeśli dobrze pamiętam wcześniej zamiast eksploruj były jakieś dziwne krzaczki.

Ostatni błąd występuje podczas uruchomienia programu autoruns. Co ciekawe zmiana nazwy programu pozwala go uruchomić.

Automatycznie przy starcie pojawia się na całym ekranie folder Moje dokumenty.

Nie ma logów z GMER ponieważ w trybie normalnym po uruchomieniu występuje od razu BSOD.

Miałem zainstalowany Deamon Tools ale odinstalowałem zgodnie z instrukcją i wyrzuciłem sterownik SPTD przy udziale narzędzia SPTDinst

Tryb awaryjny w komputerze w ogóle się nie uruchamia - występuje BSOD podczas startu.

Mam nadzieję, że to wszystko da się naprawić. Proszę o pomoc.

Pozdrawiam

Extras.Txt

OTL.Txt

RootRepeal report 07-23-11 (23-24-38).txt

Landuss · 24 Lipca 2011

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst:

:Files
autorun.inf /alldrives
C:\WINDOWS\System\win32out.dll
C:\WINDOWS\System\win32in.dll
C:\WINDOWS\System32\explorxp.exe
C:\WINDOWS\System32\settings.dll
C:\WINDOWS\System32\drivers\str.sys
 
:Services
famxkotm
CreateProcess
 
:OTL
IE - HKU\S-1-5-21-1123561945-2000478354-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fmz.qiwa.com
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -  File not found
O4 - HKLM..\Run: [bron-Spizaetus]  File not found
O4 - HKLM..\Run: [mhlclyg]  File not found
O4 - HKLM..\Run: [nhbivui]  File not found
O4 - HKU\S-1-5-21-1123561945-2000478354-1417001333-1003..\Run: []  File not found
O4 - HKU\S-1-5-21-1123561945-2000478354-1417001333-1003..\Run: [Tok-Cirrhatus]  File not found
O4 - HKU\S-1-5-21-1123561945-2000478354-1417001333-1003..\Run: [wsctf.exe]  File not found
O7 - HKU\S-1-5-21-1123561945-2000478354-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-1123561945-2000478354-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O27 - HKLM IFEO\360rpt.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\360Safe.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\360tray.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\adam.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\AgentSvr.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\AppSvc32.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\ArSwp.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\AST.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\autoruns.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\AvastU3.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\avconsol.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\avgrssvc.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\AvMonitor.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\avp.com: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\avp.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\CCenter.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\ccSvcHst.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\EGHOST.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\FileDsty.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\FTCleanerShell.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\FYFireWall.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\ghost.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\HijackThis.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\IceSword.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\iparmo.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\Iparmor.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\irsetup.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\isPwdSvc.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\kabaload.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KaScrScn.SCR: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KASMain.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KASTask.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KAV32.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KAVDX.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KAVPF.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KAVPFW.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KAVSetup.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KAVStart.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KISLnchr.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KMailMon.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KMFilter.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KPFW32.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KPFW32X.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KPfwSvc.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KRegEx.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KRepair.com: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KsLoader.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KVCenter.kxp: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KvDetect.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KvfwMcl.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KVMonXP.kxp: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KVMonXP_1.kxp: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\kvol.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\kvolself.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KvReport.kxp: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KVScan.kxp: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KVSrvXP.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KVStub.kxp: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\kvupload.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\kvwsc.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KvXP.kxp: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KvXP_1.kxp: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KWatch.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KWatch9x.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\KWatchX.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\loaddll.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\MagicSet.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\mcconsol.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\mmqczj.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\mmsk.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\Navapsvc.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\Navapw32.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\nod32.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\nod32krn.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\nod32kui.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\NPFMntor.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\PFW.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\PFWLiveUpdate.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\QHSET.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\QQDoctor.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\QQKav.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\QQSC.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\Ras.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\Rav.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\RavMon.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\RavMonD.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\RavStub.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\RavTask.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\RegClean.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\rfwcfg.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\rfwmain.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\rfwsrv.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\RsAgent.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\Rsaupd.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\rstrui.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\runiep.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\safelive.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\scan32.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\shcfg32.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\SmartUp.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\SREng.EXE: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\symlcsvc.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\SysSafe.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\TrojanDetector.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\Trojanwall.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\TrojDie.kxp: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\UIHost.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\UmxAgent.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\UmxAttachment.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\UmxCfg.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\UmxFwHlp.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\UmxPol.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\upiea.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\UpLive.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\USBCleaner.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\vsstat.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\webscanx.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\WoptiClean.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
O27 - HKLM IFEO\zjb.exe: Debugger - C:\Program Files\Common Files\Microsoft Shared\xnxlufi.exe File not found
 
:Reg
[HKEY_USERS\S-1-5-21-1123561945-2000478354-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"EXPLORER.EXE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""
 
:Commands
[emptyflash]
[emptytemp]

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowe logi z OTL.

baciar · 24 Lipca 2011

Wykonałem skrypt.

Dyski ładnie się otwierają z mojego komputera.

Autoruns także się otwiera z oryginalna nazwą.

Okienko "Scieżka c:\windows\explorasi.exe nie istnieje lub nie okresla katalogu nie pojawia sie przy starcie.

Moje dokumenty także się nie pokazują na starcie.

Pozostało okienko z tym komunikatem MOM.Implementation.

Nadal nie działa tryb awaryjny oraz GMER wywala BSOD ale nie wiem czy w tym skrypcie coś miał to naprawiać.

07242011_105657.txt

OTL.Txt

Landuss · 24 Lipca 2011

Gmera sobie odpuśćmy już. Natomiast błąd MOM.Implementation pochodzi od sterowników ATI do twojej karty graficznej i to nie jest związane z infekcją.

Wklej do Notatnika ten tekst:

Windows Registry Editor Version 5.00
 
[HKEY_USERS\S-1-5-21-1123561945-2000478354-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=-
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
@="FSFilter System Recovery"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
@="Driver Group"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
@="Driver"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
@="Service"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na Wszystkie pliki >>> Zapisz jako FIX.REG >>> uruchom ten plik

Wykonaj restart i sprawdź czy błąd jest nadal i czy działa tryb awaryjny. Jeśli jest OK to przejdziemy do końcowych działań.

baciar · 24 Lipca 2011

Awaryjny się ładuje.

Komunikat o MOM.implementation już się nie pojawia.

Wygląda na to, że wszystko jest ok.

Landuss · 24 Lipca 2011

W takim razie przejdźmy do czynności końcowych.

1. Użyj opcji Sprzątanie w OTL.

2. Zabezpiecz się przed infekcjami z mediów przenośnych przez Panda USB Vaccine

3. Przeskanuj się za pomocą Malwarebytes Anti-Malware

4. Zaktualizuj Internet Explorer, Firefox, java i Adobe Reader: KLIK.

5. Opróżnij folder Przywracania systemu: KLIK.

.

baciar · 24 Lipca 2011

W pełnym skanowaniu MBAM wykrył coś takiego:

mbam-log-2011-07-24 (17-01-08).txt

Czy wszystko usunąć?

Landuss · 24 Lipca 2011

Możesz to usunąć. Wyniki z System Volume Information są właściwie nieistotne bo to folder przywracania systemu więc i tak zostanie opróżniony zgodnie z zaleceniami z punktu 5.

baciar · 24 Lipca 2011

Czyli jak zrobiłem wszystkie kroki z ostatniego posta i jest wszystko ok to temat chyba do zamknięcia.

Dzięki serdeczne za pomoc.

pozdrawiam

Zaloguj się

Brontok, nie można wejść na dyski, program Autoruns zablokowany

Rekomendowane odpowiedzi

baciar

Odnośnik do komentarza

Landuss

Odnośnik do komentarza

baciar

Odnośnik do komentarza

Landuss

Odnośnik do komentarza

baciar

Odnośnik do komentarza

Landuss

Odnośnik do komentarza

baciar

Odnośnik do komentarza

Landuss

Odnośnik do komentarza

baciar

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność