Vista czarny ekran przy starcie.

[enter55]

Posiadam orginalnego Windowsa viste i podczas uruchamiania systemu po takim pasku co sie laduje ,przychodzi czas na czarny ekran i trwa on z 2minuty. Wie ktos jak go wylaczyc??

[KamilK]

Daj screna z msconfig co Ci sie tam odpala przy sytarcie. Zrób optymalizacje wg tego tematu http://forum.programosy.pl/optymalizacja-windowsa-xp-vt89133.html

[enter55]

Daje screena. Tam nizej juz bylo wszystko odzanczone to nie ma sensu robic 2 screen'a

[lamar]

Odznaczasz:
Adobe acrobat
Adobe reader
toy5knq8oc
Canaveral
launch man
catalyst
alps pointing
i daj jeszcze screena niżej, bo nie wszystko zaznaczone jest pokazane

[KamilK]

toy5knq8oc

Na bank wirus.
I widze jeszcze kupe niepotrzebnych rzeczy. Autostartem zajmiemy sia za moment a póki co zainstaluj ten program http://www.programosy.pl/program,malwarebytes-anti-malware.html , przeskanuj komp i daj logi z OTL zgodnie z tymi tematami:
http://forum.programosy.pl/obowiazkowe-zasady-wstawiania-logow-vt93842.html
http://forum.programosy.pl/otl-dds-combofix-vt95026.html

[enter55]

poki co dalsza czesc msconfiga , jak zrobie to co napisal KamilK to edytuje posta

[lamar]

Z tej dalszej części jeszcze
cdoosoft - też wirus

[enter55]

Malware Log : Klik

OTL:
extras : Klik
otl: Klik

[KamilK]

Malware daj na pełne skanowanie...logi z OTL najlepiej jakbyś założył osobny temat w dziale "bezpieczeństwo" bo ja niestety nie umiem w tej dziedzinie Ci pomóc. Radze również zainstalować jakąś dobrą zapore i antywira.Oraz rozsądek w ściąganiu i instalowaniu różntch rzeczy z netu......pozdrawiam

[lamar]

Antywius najlepiej Nod32
i jeszcze odznacz te wpisy z autostartu.

[enter55]

Nowe logi

Log z DDS:

Kod: Zaznacz wszystko

DDS (Ver_09-12-01.01) - NTFSx86 
Run by t0bi at 21:07:11,60 on 2010-03-10
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.48.1045.18.3066.2461 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\t0bi\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\t0bi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.pl/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&s=2&o=vp32&d=0310&m=aspire_5738
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&s=2&o=vp32&d=0310&m=aspire_5738
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Pomocnik rejestracji usługi Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"
uRun: [PlayNC Launcher]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

================= FIREFOX ===================

FF - ProfilePath - c:\users\t0bi\appdata\roaming\mozilla\firefox\profiles\6ezkbfq0.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2010-3-7 3033200]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-5 176128]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2010-3-5 707104]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\system32\appdrvrem01.exe svc --> c:\windows\system32\appdrvrem01.exe svc [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 FontCache;Usług systemu Windows buforowania czcionek;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]

=============== Created Last 30 ================

2010-03-10 18:23:22   0   d-----w-   c:\program files\Windows Portable Devices
2010-03-10 18:23:15   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-10 18:09:31   0   d-----w-   c:\users\t0bi\appdata\roaming\Malwarebytes
2010-03-10 18:09:28   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 18:09:27   0   d-----w-   c:\programdata\Malwarebytes
2010-03-10 18:09:26   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-03-10 18:09:26   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-03-10 16:02:48   81920   ----a-w-   c:\windows\system32\wpdbusenum.dll
2010-03-10 16:01:42   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2010-03-10 16:01:42   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
2010-03-10 16:01:42   234496   ----a-w-   c:\windows\system32\oleacc.dll
2010-03-10 12:40:01   3850760   ----a-w-   c:\windows\system32\D3DX9_38.dll
2010-03-10 11:07:24   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2010-03-10 11:07:24   1696256   ----a-w-   c:\windows\system32\gameux.dll
2010-03-10 11:07:23   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-09 21:35:38   0   d-----w-   c:\windows\system32\eu-ES
2010-03-09 21:35:38   0   d-----w-   c:\windows\system32\ca-ES
2010-03-09 21:35:37   0   d-----w-   c:\windows\system32\vi-VN
2010-03-09 19:56:18   0   d-----w-   c:\windows\system32\EventProviders
2010-03-08 16:50:06   12240896   ----a-w-   c:\windows\system32\NlsLexicons0007.dll
2010-03-08 16:50:03   3408896   ----a-w-   c:\windows\system32\SLsvc.exe
2010-03-08 16:50:03   1081344   ----a-w-   c:\windows\system32\SLCExt.dll
2010-03-08 16:50:01   65536   ----a-w-   c:\windows\system32\DevicePairingWizard.exe
2010-03-08 16:50:01   2134528   ----a-w-   c:\windows\system32\FunctionDiscoveryFolder.dll
2010-03-08 16:50:00   2644480   ----a-w-   c:\windows\system32\NlsLexicons0009.dll
2010-03-08 16:48:59   867328   ----a-w-   c:\windows\system32\wmpmde.dll
2010-03-08 16:47:52   83968   ----a-w-   c:\windows\system32\wbem\wmiutils.dll
2010-03-08 16:47:52   744448   ----a-w-   c:\windows\system32\wbem\wbemcore.dll
2010-03-08 16:47:52   614912   ----a-w-   c:\windows\system32\wbem\fastprox.dll
2010-03-08 16:47:52   30208   ----a-w-   c:\windows\system32\wbem\wbemprox.dll
2010-03-08 16:47:52   265728   ----a-w-   c:\windows\system32\wbem\repdrvfs.dll
2010-03-08 16:47:52   265728   ----a-w-   c:\windows\system32\wbem\esscli.dll
2010-03-08 16:47:52   189440   ----a-w-   c:\windows\system32\wbem\mofd.dll
2010-03-08 16:47:44   705536   ----a-w-   c:\windows\system32\SmiEngine.dll
2010-03-08 16:47:27   218624   ----a-w-   c:\windows\system32\wdscore.dll
2010-03-08 16:47:27   130560   ----a-w-   c:\windows\system32\PkgMgr.exe
2010-03-08 16:46:42   247808   ----a-w-   c:\windows\system32\drvstore.dll
2010-03-08 16:32:31   57   --sh--r-   C:\autorun.inf
2010-03-08 16:32:20   0   d-----w-   c:\program files\Valve
2010-03-08 13:41:47   0   d-----w-   C:\Root
2010-03-08 13:41:41   0   d-----w-   c:\program files\Activision
2010-03-08 13:40:43   0   d-sh--w-   c:\windows\ftpcache
2010-03-08 01:08:03   0   d-----w-   c:\users\t0bi\appdata\roaming\BitComet
2010-03-07 23:13:05   178176   ----a-w-   c:\windows\system32\unrar.dll
2010-03-07 23:13:04   839680   ----a-w-   c:\windows\system32\lameACM.acm
2010-03-07 23:13:04   414   ----a-w-   c:\windows\system32\lame_acm.xml
2010-03-07 23:13:04   38   ----a-w-   c:\windows\avisplitter.ini
2010-03-07 23:13:03   217088   ----a-w-   c:\windows\system32\yv12vfw.dll
2010-03-07 23:13:03   205824   ----a-w-   c:\windows\system32\xvidvfw.dll
2010-03-07 23:13:03   151552   ----a-w-   c:\windows\system32\ac3acm.acm
2010-03-07 23:13:01   85504   ----a-w-   c:\windows\system32\ff_vfw.dll
2010-03-07 23:13:01   547   ----a-w-   c:\windows\system32\ff_vfw.dll.manifest
2010-03-07 23:13:00   0   d-----w-   c:\program files\K-Lite Codec Pack
2010-03-07 20:12:41   0   d-----w-   c:\program files\Rockstar Games
2010-03-07 18:59:57   0   d-----w-   c:\program files\NCSoft
2010-03-07 17:47:35   0   d-----w-   c:\program files\CCleaner
2010-03-07 16:28:10   121856   --sh--r-   C:\pcxis.exe
2010-03-07 16:28:10   116736   --sh--r-   C:\2u923g01.exe
2010-03-07 15:51:12   0   d-----w-   c:\program files\GameHi_USA
2010-03-07 14:28:57   316816   ----a-w-   c:\windows\system32\appdrvrem01.exe
2010-03-07 14:28:57   3033200   ----a-w-   c:\windows\system32\drivers\appdrv01.sys
2010-03-07 13:10:49   0   d-----w-   c:\program files\ND Games
2010-03-07 01:36:51   0   d-----w-   C:\Download
2010-03-06 20:26:49   0   d-----w-   c:\users\t0bi\appdata\roaming\Ubisoft
2010-03-06 20:26:49   0   d-----w-   c:\programdata\Ubisoft
2010-03-06 20:24:01   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2010-03-06 20:24:00   238936   ----a-w-   c:\windows\system32\xactengine3_5.dll
2010-03-06 20:10:46   411648   ----a-w-   c:\windows\system32\drivers\http.sys
2010-03-06 20:10:46   30720   ----a-w-   c:\windows\system32\httpapi.dll
2010-03-06 20:10:46   24064   ----a-w-   c:\windows\system32\nshhttp.dll
2010-03-06 19:44:29   41984   ----a-w-   c:\windows\system32\netfxperf.dll
2010-03-06 19:24:42   0   d-----w-   c:\program files\DAEMON Tools Toolbar
2010-03-06 19:22:59   0   d-----w-   c:\program files\DAEMON Tools Lite
2010-03-06 19:22:53   0   d-----w-   c:\users\t0bi\appdata\roaming\DAEMON Tools Lite
2010-03-06 19:22:52   0   d-----w-   c:\programdata\DAEMON Tools Lite
2010-03-06 19:19:57   0   d-----w-   c:\programdata\OpenFM
2010-03-06 19:19:55   0   d-----w-   c:\users\t0bi\appdata\roaming\OpenFM
2010-03-06 18:01:25   0   d-----w-   c:\users\t0bi\appdata\roaming\Locktime
2010-03-06 17:59:44   0   d-----w-   c:\programdata\Locktime
2010-03-06 16:04:02   160256   ----a-w-   c:\windows\system32\wkssvc.dll
2010-03-06 15:43:00   0   d-----w-   c:\windows\pss
2010-03-06 15:37:21   72704   ----a-w-   c:\windows\system32\fontsub.dll
2010-03-06 15:37:21   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-03-06 15:37:21   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-03-06 15:37:21   23552   ----a-w-   c:\windows\system32\lpk.dll
2010-03-06 15:37:21   156672   ----a-w-   c:\windows\system32\t2embed.dll
2010-03-06 15:37:21   10240   ----a-w-   c:\windows\system32\dciman32.dll
2010-03-06 15:35:54   0   d-----w-   c:\program files\Winamp Detect
2010-03-06 15:35:47   0   d-----w-   c:\program files\common files\PX Storage Engine
2010-03-06 15:17:02   0   d-sh--w-   c:\users\t0bi\appdata\roaming\.#
2010-03-06 15:08:53   0   d-----w-   c:\users\t0bi\appdata\roaming\SoftDMA
2010-03-06 14:52:38   53248   ----a-w-   c:\windows\system32\tsgqec.dll
2010-03-06 14:52:38   2066432   ----a-w-   c:\windows\system32\mstscax.dll
2010-03-06 14:52:38   136192   ----a-w-   c:\windows\system32\aaclient.dll
2010-03-06 14:52:37   714240   ----a-w-   c:\windows\system32\timedate.cpl
2010-03-06 14:52:06   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-03-06 14:52:00   623616   ----a-w-   c:\windows\system32\localspl.dll
2010-03-06 14:47:48   904776   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2010-03-06 14:47:48   30720   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2010-03-06 14:44:59   604672   ----a-w-   c:\windows\system32\WMSPDMOD.DLL
2010-03-06 14:44:48   310784   ----a-w-   c:\windows\system32\unregmp2.exe
2010-03-06 14:44:46   8147456   ----a-w-   c:\windows\system32\wmploc.DLL
2010-03-06 14:44:46   7680   ----a-w-   c:\windows\system32\spwmp.dll
2010-03-06 14:44:46   4096   ----a-w-   c:\windows\system32\msdxm.ocx
2010-03-06 14:44:46   4096   ----a-w-   c:\windows\system32\dxmasf.dll
2010-03-06 14:44:34   212992   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2010-03-06 14:44:34   105984   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-03-06 14:40:00   0   ----a-w-   c:\users\t0bi\appdata\roaming\wklnhst.dat
2010-03-05 23:35:42   2421760   ----a-w-   c:\windows\system32\wucltux.dll
2010-03-05 23:35:33   87552   ----a-w-   c:\windows\system32\wudriver.dll
2010-03-05 23:35:29   33792   ----a-w-   c:\windows\system32\wuapp.exe
2010-03-05 23:35:29   171608   ----a-w-   c:\windows\system32\wuwebv.dll
2010-03-05 23:34:54   892928   ----a-w-   c:\windows\system32\iconv.dll
2010-03-05 23:34:54   881664   ----a-w-   c:\windows\system32\xvidcore.dll
2010-03-05 23:34:54   797184   ----a-w-   c:\windows\system32\ac3filter.ax
2010-03-05 23:34:54   0   d-----w-   c:\programdata\ALLPlayer
2010-03-05 23:32:23   0   d-----w-   c:\program files\ALLPlayer
2010-03-05 22:22:09   0   d-----w-   c:\program files\NAPI-PROJEKT
2010-03-05 22:20:13   0   d-----w-   c:\program files\SubEdit-Player
2010-03-05 21:44:57   0   d-----w-   c:\program files\Lavalys
2010-03-05 20:26:24   44224   ----a-w-   c:\windows\system32\drivers\BVRPMPR5.SYS
2010-03-05 20:23:56   0   d--h--w-   C:\MyWinLockerData
2010-03-05 20:20:12   0   d-----w-   C:\Netgear
2010-03-05 19:44:26   0   d-----w-   c:\users\t0bi\appdata\roaming\Gadu-Gadu 10
2010-03-05 19:44:26   0   d-----w-   c:\programdata\Gadu-Gadu 10
2010-03-05 19:44:08   0   d-----w-   c:\program files\Gadu-Gadu 10
2010-03-05 18:46:19   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-03-05 18:42:14   0   d-----w-   c:\programdata\AirportMania
2010-03-05 18:24:12   0   d-----w-   c:\programdata\EgisTec
2010-03-05 18:20:50   92   ----a-w-   c:\windows\GridV.UNI
2010-03-05 18:20:49   0   d-----w-   c:\program files\Acer Inc
2010-03-05 18:19:19   0   d-----w-   c:\programdata\eSobi
2010-03-05 18:16:42   0   d-----w-   c:\program files\Acer
2010-03-05 18:15:51   855   ----a-w-   c:\windows\regfile_I.cmd
2010-03-05 18:15:51   256   ----a-w-   c:\windows\regfile_E.cmd
2010-03-05 18:14:09   0   d-----w-   c:\windows\Screensavers
2010-03-05 18:13:40   83   ----a-w-   c:\windows\LManager.UNI
2010-03-05 18:13:37   0   d-----w-   c:\program files\Launch Manager
2010-03-05 18:13:30   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-03-05 18:13:24   0   d-----w-   c:\program files\Apoint2K
2010-03-05 18:13:01   195120   ----a-w-   c:\windows\system32\drivers\Apfiltr.sys
2010-03-05 18:13:01   108478   ----a-w-   c:\windows\system32\Vxdif.dll
2010-03-05 18:13:00   1419232   ----a-w-   c:\windows\system32\WdfCoInstaller01005.dll
2010-03-05 18:12:43   6318   ----a-w-   c:\windows\Suyin.reg
2010-03-05 18:12:43   626688   ----a-w-   c:\windows\Image.dll
2010-03-05 18:12:43   36   ----a-w-   c:\windows\PidList.ini
2010-03-05 18:12:43   222382   ----a-w-   c:\windows\Acer Crystal Eye webcam.ico
2010-03-05 18:12:43   20480   ----a-w-   c:\windows\USB_VIDEO_REG.exe
2010-03-05 18:12:43   200704   ----a-w-   c:\windows\PLFSetI.exe
2010-03-05 18:12:43   1380352   ----a-w-   c:\windows\Acer Crystal Eye webcam.EXE
2010-03-05 18:11:12   0   d-----w-   c:\windows\system32\RTCOM
2010-03-05 18:10:23   0   d-----w-   c:\program files\Realtek
2010-03-05 18:10:22   0   d--h--w-   c:\program files\Temp
2010-03-05 18:10:07   0   d-----w-   c:\programdata\ATI
2010-03-05 18:10:03   0   d-----w-   c:\program files\ATI
2010-03-05 18:09:17   0   d-----w-   c:\program files\ATI Technologies
2010-03-05 18:08:19   0   d-----w-   c:\programdata\Google
2010-03-05 18:06:58   0   d-----w-   c:\users\t0bi\appdata\roaming\Acer GameZone Console
2010-03-05 18:01:02   0   d-sh--we   c:\programdata\Ulubione
2010-03-05 18:01:02   0   d-sh--we   c:\programdata\Szablony
2010-03-05 18:01:02   0   d-sh--we   c:\programdata\Pulpit
2010-03-05 18:01:02   0   d-sh--we   c:\programdata\Menu Start
2010-03-05 18:01:02   0   d-sh--we   c:\programdata\Dokumenty
2010-03-05 18:01:02   0   d-sh--we   c:\programdata\Dane aplikacji
2010-03-05 18:01:02   0   d-sh--we   C:\Documents and Settings
2010-03-05 09:48:40   49152   ----a-w-   c:\windows\Interop.IWshRuntimeLibrary.dll
2010-03-05 09:48:40   380928   ----a-w-   c:\windows\AcerStore.exe
2010-03-05 09:48:23   199176   ----a-w-   c:\windows\GVUni.exe
2010-03-05 09:37:42   334   ----a-w-   c:\windows\system32\wbem\WscEapPr.mof
2010-03-05 09:37:42   1009   ----a-w-   c:\windows\system32\wbem\wcnwiz2.mof
2010-03-05 09:36:37   309768   ----a-w-   c:\windows\UNINST32.EXE
2010-03-05 09:36:37   21000   ----a-w-   c:\windows\system32\drivers\DKbFltr.sys
2010-03-05 09:36:02   1124864   ----a-w-   c:\windows\system32\drivers\athr.sys
2010-03-05 09:34:49   20480   ----a-w-   c:\windows\PATCHFUL.EXE
2010-03-05 09:34:48   193   ----a-w-   c:\windows\USER.XML
2010-03-05 09:34:48   0   d-----w-   c:\windows\Lan
2010-03-05 00:57:47   0   ----a-w-   c:\windows\ativpsrm.bin

==================== Find3M  ====================

2010-03-10 18:38:16   662056   ----a-w-   c:\windows\system32\perfh015.dat
2010-03-10 18:38:16   126908   ----a-w-   c:\windows\system32\perfc015.dat
2010-03-10 18:23:19   86016   ----a-w-   c:\windows\inf\infstor.dat
2010-03-10 18:23:19   665600   ----a-w-   c:\windows\inf\drvindex.dat
2010-03-10 18:23:19   51200   ----a-w-   c:\windows\inf\infpub.dat
2010-03-10 18:23:19   143360   ----a-w-   c:\windows\inf\infstrng.dat
2010-03-09 20:59:27   37665   ----a-w-   c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-03-05 18:11:33   319456   ----a-w-   c:\windows\DIFxAPI.dll
2010-01-25 12:00:35   471552   ----a-w-   c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35   152576   ----a-w-   c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35   152064   ----a-w-   c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22   471552   ----a-w-   c:\windows\system32\secproc.dll
2010-01-25 11:58:52   332288   ----a-w-   c:\windows\system32\msdrm.dll
2010-01-25 08:21:20   526336   ----a-w-   c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20   346624   ----a-w-   c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18   518144   ----a-w-   c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18   347136   ----a-w-   c:\windows\system32\RMActivate_ssp.exe
2010-01-02 06:38:20   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-01-02 06:32:33   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-01-02 06:32:33   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2009-03-13 03:40:01   37468   ----a-w-   c:\windows\inf\perflib\0415\perfd.dat
2009-03-13 03:40:01   37468   ----a-w-   c:\windows\inf\perflib\0415\perfc.dat
2009-03-13 03:40:01   332832   ----a-w-   c:\windows\inf\perflib\0415\perfi.dat
2009-03-13 03:40:01   332832   ----a-w-   c:\windows\inf\perflib\0415\perfh.dat
2008-01-21 02:43:21   174   --sha-w-   c:\program files\desktop.ini
2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:10:12,97 ===============


Z malware , tym razem pelne skanowanie:

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.44
Wersja bazy definicji: 3842
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

2010-03-10 19:15:39
mbam-log-2010-03-10 (19-15-31).txt

Typ skanowania: Szybkie skanowanie
Przeskanowane obiekty: 103388
Upłynęło: 4 minute(s), 21 second(s)

Zainfekowane procesy w pamięci: 1
Zainfekowane moduły pamięci: 2
Zainfekowane klucze rejestru: 5
Zainfekowane wartości rejestru: 3
Zainfekowane pliki rejestru: 1
Zainfekowane foldery: 0
Zainfekowane pliki: 8

Zainfekowane procesy w pamięci:
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.

Zainfekowane moduły pamięci:
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\Users\t0bi\AppData\Local\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.

Zainfekowane klucze rejestru:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> No action taken.

Zainfekowane wartości rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toy5knq8oc (Trojan.FakeAlert) -> No action taken.

Zainfekowane pliki rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
C:\Users\t0bi\AppData\Local\Temp\Wdv.exe (Trojan.Fraudpack) -> No action taken.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Users\t0bi\AppData\Local\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
C:\Users\t0bi\AppData\Local\Temp\cvasds1.dll (Spyware.OnlineGames) -> No action taken.
C:\Users\t0bi\AppData\Local\Temp\herss.exe (Spyware.OnlineGames) -> No action taken.
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.

[KamilK]

Typ skanowania: Szybkie skanowanie

Coś ściemniasz......albo nie ten log albo znowu niepełne skanowanie malware.

[wojtas]

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-4051080799-1819711874-1304052611-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKU\S-1-5-21-4051080799-1819711874-1304052611-1000..\Run: [Canaveral] C:\Windows\System32\sshnas21.DLL ()
O4 - HKU\S-1-5-21-4051080799-1819711874-1304052611-1000..\Run: [cdoosoft] C:\Users\t0bi\AppData\Local\Temp\herss.exe ()
O4 - HKU\S-1-5-21-4051080799-1819711874-1304052611-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-4051080799-1819711874-1304052611-1000..\Run: [TOY5KNQ8OC] C:\Users\t0bi\AppData\Local\Temp\Wdx.exe ()
O32 - AutoRun File - [2010-03-10 19:14:00 | 000,000,057 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{03d1fe88-2956-11df-bb37-000b000002df}\Shell - "" = AutoRun
O33 - MountPoints2\{03d1fe88-2956-11df-bb37-000b000002df}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{03d1ff21-2956-11df-bb37-000b000002df}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{7c293872-29cb-11df-ab81-000b000002df}\Shell\AutoRun\command - "" = F:\2u923g01.exe -- File not found
O33 - MountPoints2\{7c293872-29cb-11df-ab81-000b000002df}\Shell\open\Command - "" = F:\2u923g01.exe -- File not found
O33 - MountPoints2\{8d401b48-292c-11df-9b4a-000b000002df}\Shell\AutoRun\command - "" = E:\fk.exe -- File not found
O33 - MountPoints2\{8d401b48-292c-11df-9b4a-000b000002df}\Shell\open\Command - "" = E:\fk.exe -- File not found
O33 - MountPoints2\{fcab9cbb-2883-11df-88be-001f16c91b3a}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found

:Files
C:\Users\t0bi\AppData\Local\Temp\Wdx.exe
C:\Windows\msa.exe
C:\Users\t0bi\AppData\Local\Temp\cvasds0.dll
C:\Users\t0bi\AppData\Local\Temp\cvasds1.dll
C:\Program Files\DAEMON Tools Toolbar
C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\autorun.inf
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Users\t0bi\AppData\Local\Temp*.html
C:\pcxis.exe
C:\2u923g01.exe
C:\Windows\System32\sshnas21.dll

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]

Kliknij w Run Fix. I potwierdź reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia komputera + log z Gmera