bílá smrt, nefunguje ani nouzový režim

[phono]

Zdravím!
Tak se mi stalo něco obdobného, jako řadě dalších na tomto fóru, i když já tedy nevidím žádné hlášky o Policii nebo jiná upozornění. Prostě po nalogování mi zbělá obrazovka a s ničím nehnu, v nouzovém režimu se počítač dokonce hned po přihlášení rovnou začne vypínat. Našel jsem tady u někoho obdobný problém a alespoň podnikl analogicky první krok - tj. přes nouzový režim s příkazovým řádkem spustil FRST64 a vytvořil log. Kopíruji a počkám si na reakci, do dalšího se sám pouštět nechci. Moc děkuju za pomoc, docela to spěchá! :/

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2013 02
Ran by Roman at 04-02-2013 15:56:59
Running from F:\
Service Pack 1 (X64) OS Language: Czech
Attention: Could not load system hive.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-02-04 15:56 - 2013-02-04 15:56 - 00000000 ____D C:\FRST
2013-02-02 14:32 - 2013-02-04 14:58 - 00000004 ____A C:\Users\Roman\AppData\Roaming\skype.ini

==================== One Month Modified Files and Folders =======

2013-02-04 15:56 - 2013-02-04 15:56 - 00000000 ____D C:\FRST
2013-02-04 15:56 - 2008-01-21 10:39 - 00940116 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-04 15:56 - 2008-01-21 10:38 - 00663528 ____A C:\Windows\System32\perfh005.dat
2013-02-04 15:56 - 2008-01-21 10:38 - 00149048 ____A C:\Windows\System32\perfc005.dat
2013-02-04 15:50 - 2010-01-17 21:05 - 00000478 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{5110599F-D186-4FE5-A0B7-0B0FF428D674}.job
2013-02-04 15:50 - 2009-04-17 21:37 - 00001772 ____A C:\Windows\bthservsdp.dat
2013-02-04 15:50 - 2008-01-21 02:53 - 01463812 ____A C:\Windows\WindowsUpdate.log
2013-02-04 15:50 - 2006-11-02 16:40 - 00032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-04 15:50 - 2006-11-02 16:40 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-04 15:50 - 2006-11-02 16:21 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-04 15:50 - 2006-11-02 16:21 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-04 15:47 - 2012-08-29 21:31 - 00000950 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-04 15:36 - 2009-04-20 13:35 - 00096939 ____A C:\Users\All Users\nvModes.001
2013-02-04 14:58 - 2013-02-02 14:32 - 00000004 ____A C:\Users\Roman\AppData\Roaming\skype.ini
2013-02-04 14:55 - 2012-08-29 21:31 - 00000946 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-02 15:51 - 2009-04-20 11:36 - 00096939 ____A C:\Users\All Users\nvModes.dat
2013-02-02 09:01 - 2012-04-23 16:50 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-25 00:23 - 2009-05-18 13:18 - 00000000 ____D C:\Users\Roman\AppData\Local\GHISLER
2013-01-16 21:20 - 2006-11-02 16:26 - 00116990 ____A C:\Windows\setupact.log
2013-01-12 15:04 - 2006-11-02 16:39 - 00016374 ____A C:\Windows\PFRO.log
2013-01-09 19:01 - 2012-04-23 16:50 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-09 19:01 - 2011-07-20 21:15 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2008-01-21 03:47] - [2008-01-21 03:47] - 3080704 ____A (Microsoft Corporation) F6D765FB6B457542D954682F50C26E4F

C:\Windows\SysWOW64\explorer.exe
[2008-01-21 03:48] - [2008-01-21 03:48] - 2927104 ____A (Microsoft Corporation) FFA764631CB70A30065C12EF8E174F9F

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 4094.2 MB
Available physical RAM: 3628.56 MB
Total Pagefile: 8363.69 MB
Available Pagefile: 8007.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:48.83 GB) (Free:8.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Nový svazek) (Fixed) (Total:249.26 GB) (Free:149.09 GB) NTFS
4 Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT

Disk ### Stav Velikost Voln‚ Dyn Gpt
-------- ---------- -------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 964 MB 0 B

Probˇh  ukonźenˇ programu DiskPart...

Partitions of Disk 0:
===============

Nynˇ je vybr n disk 0.

ID disku: 3467B25B

Oddˇl ### Typ Velikost Posunutˇ
--------- --------------- -------- --------
Oddˇl 1 Prim rnˇ 49 GB 1024 KB
Oddˇl 2 Prim rnˇ 249 GB 49 GB

Probˇh  ukonźenˇ programu DiskPart...

==================================================================================

Partitions of Disk 1:
===============

Nynˇ je vybr n disk 1.

ID disku: 91F72D24

Oddˇl ### Typ Velikost Posunutˇ
--------- --------------- -------- --------
Oddˇl 1 Prim rnˇ 964 MB 32 KB

Probˇh  ukonźenˇ programu DiskPart...

==================================================================================

Last Boot: 2013-02-04 14:56

==================== End Of Log =============================

[stell]

Zdravim
Do prikazoveho riadku zadaj tieto prikazy, a za kazdym prikazom stlac enter.
Pocitac po poslednom prikaze sa restartuje, nechaj to nabehnut do windows, ak tam budes tak napis.

Kód: Vybrat vše

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"/v Shell/d explorer.exe /f
shutdown -r

[phono]

Ahoj,
no nejsem bohuzel zadnej odbornik a tohle se mi uplne nepovedlo! :/ ...nejdriv jsem zadal kompletne cely radek uplne presne jak jsi napsal a to hodilo hlasku "spatna syntaxe". Tak jsem pouzil vlastni mysleni ( ) a napsal prikaz jenom po konec uvozovek (tj. .....Winlogon") - to mi sice napsalo "operace byla dokoncena uspesne", ale dalsi variace uz se mi stejne zadat nepodarilo muzes mi to trosku priblizit, dik.

[phono]

Tak jeste jednou jsem zamyslel a vyslo to....za uvozovkami ti chybela mezera.
Nicmene dobre zpravy nemam, system nabehne stale "dobela". Pokud jsi teda nemyslel nechat to nabehnout zase do nejakeho nouzoveho rezimu - prosim o upresneni.
dik

[stell]

Na dobrom pocitaci>.
1:Otvorte Notepad (Poznámkový blok) a skopíruj do neho text.

Kód: Vybrat vše

 Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"

Potom klikneme na záložku Súbor v menu Uložiť ako.. .. Ako je Názov súboru tak do toho riadku napíšeme:oprava.reg
Typ súboru tak tam vyberiete všetky súbory
A uložíme ho na USB kluc.

Preloz USB kluc na pokazeny pc, restartuj pocitac do nudzoveho rezimu s prikazovym riadkom.
1:Stlačte klávesu CTRL + SHIFT +Del alebo CTRL + SHIFT + ESC pre otvorenie Správcu úloh.
2:Kliknite na záložku "Súbor" kliknite na "Nova úloha" kliknite na "Prechádzať"
Najdi svoj USB kluc a spust subor oprava.reg.
Potom restartuj pocitac a uvidime ci nabehne Windows.

[phono]

tak sice jsem musel spustit ulohu "rucne", tlacitko prochazet nefungovalo, nicmene na to jsem stacil, a hlasim uspech! - jsme tam, v normalnim rezimu!

[stell]

1:Pouzi programy s mojho blogu a logy postupne vkladaj sem.
Použijeme program RKILL.com
http://www.viruskasino.com/2011/01/ako-zacat.html#RKILL
2:Pouzijes ADWcleaner,možnost DELETE
http://www.viruskasino.com/2012/09/adwcleaner.html
3:Použijeme program TF-Cleaner.
http://www.viruskasino.com/2010/12/prog ... TF-Cleaner
4:Vypnut obnovu systemu, restartovat pocitac a obnovu systemu zapnut.
5:Pouzijes Malwarebytes, UPLNU kontrolu, najdene Odstranit, log vloz sem.
http://forum.viry.cz/viewtopic.php?f=29&t=115222

A potom podla nalezu uvidim ze ako dalej.

[phono]

Tak je to tady, kromě TFC, ten zadnej log neudelal.
RKILL:

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/05/2013 12:44:58 PM in x64 mode.
Windows Version: Windows Vista (TM) Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\tsnp2uvc.exe (PID: 3224) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Roman\Desktop\rkill\rkill-02-05-2013-12-45-02.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 02/05/2013 12:45:11 PM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)

[phono]

# AdwCleaner v2.110 - Logfile created 02/05/2013 at 12:47:39
# Updated 03/02/2013 by Xplode
# Operating system : Windows (TM) Vista Ultimate Service Pack 1 (64 bits)
# User : Roman - ROMAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Roman\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\SearchYa!
Deleted on reboot : C:\Users\Roman\AppData\LocalLow\Ironsource
File Deleted : C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Ironsource
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Ironsource
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\searchya
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{33AA308B-B565-4376-AC66-59EE9B6AD13E}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.searchya.com/?s=2&a=foxtab&chnl=tc- ... 1972865410 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc- ... 1972865410 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc- ... 1972865410 --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [8054 octets] - [05/02/2013 12:47:02]
AdwCleaner[S1].txt - [7038 octets] - [05/02/2013 12:47:39]

########## EOF - C:\AdwCleaner[S1].txt - [7098 octets] ##########

[phono]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.05.05

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 8.0.6001.18702
Roman :: ROMAN-PC [administrátor]

Ochrana: Povolena

5.2.2013 13:04:42
mbam-log-2013-02-05 (13-04-42).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 327260
Uplynulý čas: 33 minut, 6 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\Users\Roman\AppData\Roaming\skype.dat (Trojan.Winlock) -> Přesun do karantény a smazání se zdařilo.
D:\instal\Install_Restoration.exe (PUP.BundleInstaller.OI) -> Přesun do karantény a smazání se zdařilo.
D:\instal\Ableton 8.1.4\ableton.live.v8.1.4-ismail.exe (PUP.Hacktool.Patcher) -> Přesun do karantény a smazání se zdařilo.

(konec)

[stell]

Ok, ja si myslim, ze je to uz ok.
Ak nemas ziaden problem, tak to je vsjo.

[phono]

jojo, vypada to dobre, snad to bude stacit!
mockrat dekuju za super spolupraci!

[stell]

Nevidim dovod naco sa dalej sprtat v systeme, pouzili sme presne tie programy,co tento smejd potrebuje,
Rkill, skontroluje asociaciu suborov, a skodlive procesy,atd... ADW odstrani spatne Toolbary, TFC_vycisti temp, IE temp, Java, FF, Opera, Chrome, Safari, vrátane správcu, All Users, LocalService, Network Service, a iných účtov v užívateľskej zložke.Prave tu sa tento smejd zapisuje.
Shell sme opravili scriptom, co si spustil, na zaciatku, teda do shell za zapisuje tento trojan ,,C:\Users\Roman\AppData\Roaming\skype.dat:::a toto spusta a blokuje pocitac, a obnovu si vypol,restart zapol, pretoze pri pade systemu,moze sa znova nacitat trojan z obnovy systemu.

Takze podla mna ok,.
Nemas zaco.