Hi.How are you vir

Zpráva

riksa · #1 Příspěvek od **riksa** » 22 črc 2011 14:24

Zdravím, včera jsem dostal po FB zprávu, že se mám podívat na video, bohužel jsem si měl nainstalovat nějakou novou verzi ADOBE a pak mi to zahlásilo chybu a systém šel dolů. Když jsem pak zapínal PC, napsalo mi to, že se systém pokusí opravit chyby a zkusí se dostat do bodu obnovy, když se systém zapnul po restartování, naběhl nouzový režim, kde je pouze CMD.exe a černá obrazovka, je možné to nějak nahodit nebo co s tím můžu dělat, bohužel mám v PC velice potřebné souboru, takže nemůžu přeinstalovat systém.

Díky za rady

#2 Příspěvek od **vyosek** » 22 črc 2011 14:35

Zdravim, pekne odpoledne preji a vitam Vas u nas na foru

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
msconfig
```
Kliknete na OK
Prepnete se na zalozku Spuštění počítače
Podivejte se, ci nemate zaskrtnute Bezpecne spousteni - pokud ano, tak odskrtnete
Nasledny restart by jiz mel vest do normalniho rezimu

zkuste dat log z RSIT - viz muj podpis - at se mame od ceho odpichnout

riksa · #3 Příspěvek od **riksa** » 22 črc 2011 14:46

Omlouvám se, ale moc jsem nepochopil, co mám zadat. Mám k dispozici před sebou pouze černou obrazovku a cmd bez panelu atd.

#4 Příspěvek od **vyosek** » 22 črc 2011 14:48

Napiste tedy jen msconfig a dale postupujte dle navodu

riksa · #5 Příspěvek od **riksa** » 22 črc 2011 14:56

Dobrá, tak jsem na ploše

#6 Příspěvek od **vyosek** » 22 črc 2011 14:59

Vyborne, tak jdem pomalu ale jiste havet mazat

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Aplikujte RogueKiller

stell píše: pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205

Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4

RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

riksa · #7 Příspěvek od **riksa** » 22 črc 2011 15:08

rkill:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 22.07.2011 at 16:03:51.
Operating System: Windows Vista (TM) Home Premium

Processes terminated by Rkill or while it was running:

C:\Users\jancerva\AppData\Local\Temp\sycomctl32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

Rkill completed on 22.07.2011 at 16:03:59.

exeHelper by Raktor
Build 20100414
Run at 16:04:54 on 07/22/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: jancerva [Admin rights]
Mode: Scan -- Date : 07/22/2011 16:06:19

Bad processes: 1
[SUSP PATH] exeHelper.com -- c:\users\jancerva\desktop\exehelper.com -> KILLED

Registry Entries: 9
[SUSP PATH] HKCU\[...]\Run : Display Driver (C:\Users\jancerva\AppData\Local\Temp\sycomctl32.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-971304663-1475225163-2233371715-1000[...]\Run : Display Driver (C:\Users\jancerva\AppData\Local\Temp\sycomctl32.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : onscreenkeyboard.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : orient.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : smartboardtools.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : smartbrd.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ucgui.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: jancerva [Admin rights]
Mode: HOSTSFix -- Date : 07/22/2011 16:07:24

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
::1 localhost

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: jancerva [Admin rights]
Mode: ProxyFix -- Date : 07/22/2011 16:07:32

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

riksa · #8 Příspěvek od **riksa** » 22 črc 2011 15:24

2

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: jancerva [Admin rights]
Mode: Remove -- Date : 07/22/2011 16:24:22

Bad processes: 0

Registry Entries: 8
[SUSP PATH] HKCU\[...]\Run : Display Driver (C:\Users\jancerva\AppData\Local\Temp\sycomctl32.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : onscreenkeyboard.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : orient.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : smartboardtools.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : smartbrd.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ucgui.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

riksa · #9 Příspěvek od **riksa** » 22 črc 2011 15:40

Je to už hotovo?

#10 Příspěvek od **vyosek** » 22 črc 2011 15:44

NeNe neni, tohle byla jen priprava, ale zvladl jste ji dobre

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

riksa · #11 Příspěvek od **riksa** » 22 črc 2011 15:48

Jak zjistím, že jsem všechny antispamy atd. vypnul?

#12 Příspěvek od **vyosek** » 22 črc 2011 15:53

Tim se ted nezaobirejte, CFko bude asi pripadne kricet, ale jen to odklikejte

hell-ghost · #13 Příspěvek od **hell-ghost** » 22 črc 2011 15:59

tak už se mi to taky stalo, bohužel než stisknu win+R tak se restartuje, takže podle návodu nemohu postupovat

riksa · #14 Příspěvek od **riksa** » 22 črc 2011 16:15

ComboFix 11-07-22.02 - jancerva 22.07.2011 16:54:42.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3326.1722 [GMT 2:00]
Spuštěný z: c:\users\jancerva\Downloads\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\users\jancerva\AppData\Roaming\Local
c:\users\jancerva\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\jancerva\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\jancerva\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\jancerva\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\jancerva\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx.ddp
c:\windows\proc_list1.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 15:06 . 2011-07-22 15:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-22 14:01 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9B432CE-CD1F-4EE7-95E6-3F4A7DB575C7}\mpengine.dll
2011-07-13 09:46 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 09:45 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 09:45 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-06-29 06:00 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 16:38 . 2011-05-29 16:38 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-29 16:38 . 2011-05-29 16:38 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-29 16:38 . 2011-05-29 16:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-29 16:38 . 2011-05-29 16:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-29 16:38 . 2011-05-29 16:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-29 16:38 . 2011-05-29 16:38 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-29 16:38 . 2011-05-29 16:38 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-29 16:38 . 2011-05-29 16:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-29 16:38 . 2011-05-29 16:38 367104 ----a-w- c:\windows\system32\html.iec
2011-05-29 16:38 . 2011-05-29 16:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-29 16:38 . 2011-05-29 16:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-29 16:38 . 2011-05-29 16:38 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-29 16:38 . 2011-05-29 16:38 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-29 16:38 . 2011-05-29 16:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-29 16:38 . 2011-05-29 16:38 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-29 16:38 . 2011-05-29 16:38 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-29 16:38 . 2011-05-29 16:38 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-29 16:38 . 2011-05-29 16:38 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-29 16:38 . 2011-05-29 16:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-24 17:14 . 2009-10-02 17:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 17:16 . 2011-06-17 07:47 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-17 07:47 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-17 07:47 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-17 07:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-17 07:47 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-17 07:47 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2011-02-01 395640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-01-09 30192]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-06-22 594952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON SX125 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "c:\windows\TEMP\E_S28DA.tmp" /EF "HKCU"
"Skype"="c:\program files\Skype\\Phone\Skype.exe" /nosplash /minimized
"EADM"="c:\program files\Electronic Arts\EADM\EADMUI\EADMUI.exe"
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"AutoStartNPSAgent"=c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "c:\program files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"PAC7311_Monitor"=c:\windows\PixArt\PAC7311\Monitor.exe
"Toolbar_eula_launcher"=c:\install\google\eula\EULALauncher.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" start
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"USBToolTip"=c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
"4StoryPrePatch"=c:\program files\Gameforge4D\4Story\PrePatch.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-01-09 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 24216]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [x]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [x]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-22 717296]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-04-07 810120]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-04-07 41312]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 18:25]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 18:25]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 192.168.100.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 17:07
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-07-22 17:14:13
ComboFix-quarantined-files.txt 2011-07-22 15:14
.
Před spuštěním: Volných bajtů: 420 634 505 216
Po spuštění: Volných bajtů: 420 584 230 912
.
- - End Of File - - 767B82901813E8FFF60E2DCCC55824BF

#15 Příspěvek od **vyosek** » 22 črc 2011 16:20

hell-ghost píše:tak už se mi to taky stalo, bohužel než stisknu win+R tak se restartuje, takže podle návodu nemohu postupovat

Zdravim, prectete si prosim tohle http://www.viry.cz/forum/viewtopic.php?f=13&t=113441

VIRY.CZ

Hi.How are you vir

Hi.How are you vir

Re: Hi.How are you vir

Re: Hi.How are you vir

Re: Hi.How are you vir

Re: Hi.How are you vir

Re: Hi.How are you vir

Re: Hi.How are you vir

Re: Hi.How are you vir

Re: Hi.How are you vir

Re: Hi.How are you vir

Re: Hi.How are you vir

Re: Hi.How are you vir

Re: Hi.How are you vir

Re: Hi.How are you vir

Re: Hi.How are you vir