Live platinum security + bluescreeny po starcie systemu

[Robert]

Wczoraj dopadł mnie ten syf. Przeszedłem od razu w tryb awaryjny i odpaliłem Malwarebytes Anti-Malware. Niby wywaliło ten syf, ale po restarcie i wpisaniu hasła do konta mam bluescreena. Działa tylko tryb awaryjny. Dzisiaj rano znowu przeskanowałem Malwarebytes i znów wywalił niby tego wirusa, ale nadal mam bluescreena po każdorazowym normalnym uruchomieniu systemu. Tak mi się wydaje ,że ten wir uszkodził mi coś w systemie.

Prosiłbym o pomoc.

System Vista 64bit

Log:
Dołączam też logi z mbam o które prosił filas.

[defacto19]

Uruchom SystemLook -> http://jpshortstuff.247fixes.com/SystemLook.html

w oknie wklej:

:reg
HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s

:filefind
services.exe

Kliknij Look. Przedstaw wynikowy raport.

[Robert]

Kod: Zaznacz wszystko

SystemLook 30.07.11 by jpshortstuff
Log created at 13:03 on 07/08/2012 by Robert
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
(No values found)

[HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32]
"ThreadingModel"="Both"
@="C:\Users\Robert\AppData\Local\{8c4be884-853b-f9c4-a115-d5ae581e1007}\n."


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}]
@="Microsoft WBEM New Event Subsystem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
@="%systemroot%\system32\wbem\wbemess.dll"
"ThreadingModel"="Both"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
@="MruPidlList"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
@="%SystemRoot%\system32\shell32.dll"
"ThreadingModel"="Apartment"


========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe   --a---- 384512 bytes   [08:33 29/11/2009]   [23:10 10/04/2009] BC81150939BD52DBC7A08C245F1FB229
C:\Windows\SysWOW64\services.exe   --a---- 279552 bytes   [08:33 29/11/2009]   [22:28 10/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_294799ef88bb616c\services.exe   --a---- 389632 bytes   [09:10 02/11/2006]   [11:16 02/11/2006] 0A87F57DFC2C0EB9BBA8BE1C87BAFE1A
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe   --a---- 384512 bytes   [14:23 02/11/2009]   [23:00 18/01/2008] DFAC660F0F139276CC9299812DE42719
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe   --a---- 384512 bytes   [08:33 29/11/2009]   [23:10 10/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe   --a---- 279552 bytes   [12:21 02/11/2006]   [09:45 02/11/2006] 329CF3C97CE4C19375C8ABCABAE258B0
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe   --a---- 279040 bytes   [14:23 02/11/2009]   [22:33 18/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe   --a---- 279552 bytes   [08:33 29/11/2009]   [22:28 10/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

-= EOF =-

To pokazał

[defacto19]

Start -> w polu szukania wpisz cmd -> z prawokliku uruchom jako Administrator i wklej:

reg delete HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /f

Zastosuj AdwCleaner z opcji Delete.
http://general-changelog-team.fr/fr/dow

Uruchom OTL i w sekcji (Własne opcje skanowania/Skrypt) wklej:

:OTL
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKU\S-1-5-21-2509891365-3541056191-2371149468-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKU\S-1-5-21-2509891365-3541056191-2371149468-1000..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O33 - MountPoints2\{3a2582e3-ecfe-11e0-9872-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{3a2582e3-ecfe-11e0-9872-0019dbf418f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3a2582e5-ecfe-11e0-9872-0019dbf418f8}\Shell - "" = Autorun
O33 - MountPoints2\{3a2582e5-ecfe-11e0-9872-0019dbf418f8}\Shell\AutoRun\command - "" = H:\Install_Nokia_Ovi_Suite.exe
O33 - MountPoints2\{5622d291-ed8f-11e0-bd80-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{5622d291-ed8f-11e0-bd80-0019dbf418f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5bcbda19-ecf5-11e0-9ca1-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{5bcbda19-ecf5-11e0-9ca1-0019dbf418f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5bcbda33-ecf5-11e0-9ca1-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{5bcbda33-ecf5-11e0-9ca1-0019dbf418f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5bcbda35-ecf5-11e0-9ca1-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{5bcbda35-ecf5-11e0-9ca1-0019dbf418f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5ed4db4e-7b6e-11df-bdc2-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{5ed4db4e-7b6e-11df-bdc2-0019dbf418f8}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{71456561-ecf9-11e0-8ee4-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{71456561-ecf9-11e0-8ee4-0019dbf418f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{93f3ed27-b904-11de-8ff3-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{93f3ed27-b904-11de-8ff3-0019dbf418f8}\Shell\AutoRun\command - "" = D:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{93f3ed27-b904-11de-8ff3-0019dbf418f8}\Shell\dinstall\command - "" = D:\Directx\dxsetup.exe
O33 - MountPoints2\{9d9d8065-ec4f-11e0-8982-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{9d9d8065-ec4f-11e0-8982-0019dbf418f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c47f058e-f2fd-11de-ac71-0019dbf418f8}\Shell\AutoRun\command - "" = H:\installer.exe
O33 - MountPoints2\{c47f058e-f2fd-11de-ac71-0019dbf418f8}\Shell\verb\command - "" = H:\installer.exe
O33 - MountPoints2\{e03fcb75-ec0b-11e0-8432-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e03fcb75-ec0b-11e0-8432-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e03fcbc0-ec0b-11e0-8432-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{e03fcbc0-ec0b-11e0-8432-0019dbf418f8}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{fdd9a084-ecdf-11e0-b3c9-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd9a084-ecdf-11e0-b3c9-0019dbf418f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fdd9a08e-ecdf-11e0-b3c9-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd9a08e-ecdf-11e0-b3c9-0019dbf418f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fdd9a092-ecdf-11e0-b3c9-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd9a092-ecdf-11e0-b3c9-0019dbf418f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fdd9a0b5-ecdf-11e0-b3c9-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd9a0b5-ecdf-11e0-b3c9-0019dbf418f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fdd9a0b7-ecdf-11e0-b3c9-0019dbf418f8}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd9a0b7-ecdf-11e0-b3c9-0019dbf418f8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\F\Shell\LVIPCAP\command - "" = F:\techsupt\CaptureTest\LVidCap.exe

:Files
C:\Windows\Installer\{8c4be884-853b-f9c4-a115-d5ae581e1007}
C:\Users\Robert\AppData\Local\{8c4be884-853b-f9c4-a115-d5ae581e1007}
C:\ProgramData\0C1CFAEF03080DDEEB4922EE2F3B6FDA

:Commands
[emptytemp]

Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, i kliknij skanuj.
Pokaż nowy log OTL.txt oraz raporty z usuwania.

Autor postu otrzymał pochwałę

[Robert]

Poszedłem wg rad z innego forum gdyż były identyczne z twoimi lecz pojawiły się kilka minut wcześniej. Ale tak czy siak dziękuję bardzo za zainteresowanie i pomoc.