Viry ve windows prosím help

[stell]

bootkit_remover
stiahni na plochu a spust,otvori sa ti okno,,obsah vloz sem.

stiahni explorer.exe -rozbal,,a skopiruj na disk C:\-takze bude tak C:\explorer.exe.
http://leteckaposta.cz/320408184

[P@tRiCk_]

bootkit_remover
stiahni na plochu a spust,otvori sa ti okno,,obsah vloz sem.

Screen: http://img411.imageshack.us/img411/6369/screen01x.jpg

stiahni explorer.exe -rozbal,,a skopiruj na disk C:\-takze bude tak C:\explorer.exe.
http://leteckaposta.cz/320408184

[stell]

stiahni explorer.exe -rozbal,,a skopiruj na disk C:\-takze bude tak C:\explorer.exe.

toto si spravil?/ak ano pokracuj takto:
Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

@ECHO OFF
remover.exe fix \\.\PhysicalDrive0
EXIT

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:fix.bat
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.

pravy klik a spust ako admin,,po restarte,znova spust remover a log vloz sem.

[P@tRiCk_]

Nemám tam spustit jako admin tak sem to zkusil spustit normálně a
EERROR 2
ERROR: Can't open physical disc device

[stell]

bez do nudzoveho rezimu a spust v nudzovom rezime,,pred spustenim treba zatvorit vsetko co mas otvorene ,,

[P@tRiCk_]

Nouzoví režim je F8 že?

[stell]

ano

[P@tRiCk_]

Když mačkám F8 vybafne na mě modrá tabulka s výběrem:

Kód: Vybrat vše

1ST FLOPPY DRIVE
CD-ROM:PM-ATAPI DVD A DH20A3H
HDD:SM-MAXTOR STM380215AS

Tak sem dal ESC

Kód: Vybrat vše

ESC-TO BOOT USING DEFALTS

PC se normal spustil dkyž sem dal to první tak se taky normal spusil nwm co dál....

[stell]

HDD:SM-MAXTOR STM380215AS

das toto a hned znova zmacknes F-8-a potom v menu zvol nudzovy rezim s pracou v sieti.

[P@tRiCk_]

Omlouvám se ale nejde to spustit ani v nouzovím režimu možná sem udělalchybu tady když sem vybral možnoost nouzoví režim tak mi naběhla nabídka:

Kód: Vybrat vše

Microsoft reconvery console
Microsoft XP Profesional

Vybral sem
Win XP

[stell]

ok,spravime to na koniec,,teraz sprav toto ale potom sa prihlas sa ako administrator,
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

FCOPY::
c:\explorer.exe | c:\windows\explorer.exe
c:\explorer.exe | c:\windows\ServicePackFiles\i386\explorer.exe
c:\explorer.exe | c:\windows\system32\VITrans\explorer.exe
c:\explorer.exe | c:\windows\$NtServicePackUninstall$\explorer.exe

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[P@tRiCk_]

ComboFix 10-07-01.02 - Patrik 03.07.2010 23:10:00.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.704 [GMT 2:00]
Spuštěný z: c:\documents and settings\Patrik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Patrik\Plocha\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\explorer.exe

.
--------------- FCopy ---------------

c:\explorer.exe --> c:\windows\explorer.exe
c:\explorer.exe --> c:\windows\ServicePackFiles\i386\explorer.exe
c:\explorer.exe --> c:\windows\system32\VITrans\explorer.exe
c:\explorer.exe --> c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-03 do 2010-07-03 )))))))))))))))))))))))))))))))
.

2010-07-03 12:26 . 2010-07-03 12:26 -------- d-----w- c:\program files\Defraggler
2010-07-03 12:06 . 2010-07-03 12:06 -------- d-----w- c:\windows\Internet Logs
2010-07-03 10:53 . 2010-07-03 10:53 -------- d-----w- c:\program files\CheckPoint
2010-07-03 10:53 . 2010-07-03 11:59 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-07-03 10:49 . 2008-01-17 17:59 713216 -c----w- c:\windows\system32\dllcache\sxs.dll
2010-07-03 06:28 . 2010-07-03 06:29 -------- d-----w- c:\windows\system32\NtmsData
2010-07-03 05:52 . 2010-07-03 05:52 -------- d-sh--w- c:\documents and settings\Patrik\IECompatCache
2010-07-03 05:51 . 2010-07-03 05:51 -------- d-----w- c:\program files\CCleaner
2010-07-02 19:13 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-02 19:13 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-02 17:09 . 2010-07-02 17:11 -------- d-----w- C:\ToolBar SD
2010-07-02 16:34 . 2010-07-03 11:21 -------- d-----w- c:\program files\trend micro
2010-07-02 13:07 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-02 13:07 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-02 13:07 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-02 13:07 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-02 13:07 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-02 13:07 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-02 13:07 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-02 13:06 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-02 13:06 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-01 20:08 . 2010-07-01 20:08 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-01 20:08 . 2010-07-01 20:08 -------- d-----w- c:\documents and settings\Patrik\SystemRequirementsLab
2010-07-01 12:49 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-07-01 12:49 . 2010-07-01 12:49 -------- d-----w- c:\windows\Logs
2010-06-30 20:24 . 2010-06-30 20:24 -------- d-----w- c:\program files\Winamp Detect
2010-06-30 20:24 . 2010-06-30 20:24 -------- d-----w- c:\program files\Winamp Toolbar
2010-06-30 20:23 . 2009-04-28 20:20 129520 ------w- c:\windows\system32\pxafs.dll
2010-06-30 20:23 . 2010-06-30 20:24 -------- d-----w- c:\program files\Winamp
2010-06-30 16:26 . 2010-06-30 16:26 7 ----a-w- C:\tw0001.dat
2010-06-29 14:22 . 2010-06-29 14:22 286720 ------w- c:\windows\Setup1.exe
2010-06-29 14:22 . 2010-06-29 14:22 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-06-28 18:05 . 2010-07-02 12:10 -------- d-----w- c:\program files\SRS - Street Racing Syndicate
2010-06-26 21:41 . 2010-06-26 21:41 -------- d-----w- c:\program files\Common Files\DirectX
2010-06-26 21:29 . 2010-06-26 21:29 -------- d-----w- c:\program files\EA GAMES
2010-06-21 14:26 . 2010-07-03 11:52 70992 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-18 16:24 . 2010-06-18 16:24 -------- d-----w- c:\program files\FreeCall.com
2010-06-18 08:36 . 2010-06-18 08:37 -------- d-----w- c:\program files\mp3DirectCut
2010-06-14 20:09 . 2010-07-02 17:11 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-06-14 20:01 . 2010-06-14 20:01 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-11 15:25 . 2010-06-11 15:25 -------- d-----w- c:\program files\XfireXO
2010-06-11 15:24 . 2010-07-03 00:22 -------- d-----w- c:\program files\Xfire
2010-06-09 14:17 . 2010-06-09 14:17 -------- d-----w- c:\program files\MSBuild
2010-06-09 14:14 . 2010-06-09 14:14 -------- d-----w- c:\windows\system32\XPSViewer
2010-06-09 14:13 . 2010-06-09 14:13 -------- d-----w- c:\program files\Reference Assemblies
2010-06-09 14:13 . 2006-10-14 14:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-06-09 14:12 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-06-06 20:55 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-06-06 20:55 . 2010-06-26 08:59 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-06 20:55 . 2010-06-26 10:09 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-06 20:55 . 2010-06-11 15:46 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-06 20:15 . 2010-06-06 20:15 -------- d-sh--w- c:\windows\ftpcache
2010-06-04 04:57 . 2010-06-04 04:57 -------- d-s---w- c:\documents and settings\LocalService\Dokumenty
2010-06-04 04:47 . 2010-06-04 04:47 -------- d-----w- c:\program files\Common Files\Eye 312
2010-06-04 04:47 . 2007-10-04 15:42 48128 ----a-w- c:\windows\system32\Remove.exe
2010-06-04 04:47 . 2010-06-04 04:47 -------- d-----w- c:\program files\Common Files\Pac7302
2010-06-04 04:47 . 2006-10-12 09:57 14336 ----a-w- c:\windows\system32\P7302USD.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 10:53 . 2010-07-03 10:53 -------- d-----w- c:\program files\CheckPoint
2010-07-03 05:43 . 2010-05-21 21:39 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-03 05:42 . 2002-09-23 12:00 77706 ----a-w- c:\windows\system32\perfc005.dat
2010-07-03 05:42 . 2002-09-23 12:00 427336 ----a-w- c:\windows\system32\perfh005.dat
2010-07-02 18:53 . 2010-05-26 15:38 -------- d-----w- c:\program files\WinFlip
2010-07-02 17:41 . 2009-11-17 15:39 -------- d-----w- c:\program files\Opera 10 Beta
2010-07-02 17:11 . 2009-12-18 10:42 -------- d-----w- c:\program files\AskBarDis
2010-07-01 13:12 . 2009-10-29 07:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-01 12:50 . 2010-07-01 12:50 -------- d-----w- c:\program files\Rockstar Games
2010-06-28 18:07 . 2009-12-11 14:09 -------- d-----w- c:\program files\GameSpy Arcade
2010-06-26 16:07 . 2002-09-23 12:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-05-31 13:08 . 2010-05-31 13:08 -------- d-----w- c:\program files\Common Files\Java
2010-05-31 13:07 . 2010-05-31 13:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-28 00:04 . 2010-05-28 00:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-26 15:38 . 2010-05-26 15:38 -------- d-----w- c:\program files\TrueTransparency
2010-05-26 15:38 . 2010-05-26 15:38 -------- d-----w- c:\program files\Vista Drive Icon
2010-05-26 15:10 . 2010-05-26 15:10 -------- d-----w- c:\program files\Softonic_English_TC
2010-05-26 15:01 . 2010-05-26 15:01 -------- d-----w- c:\program files\WinPcap
2010-05-26 14:38 . 2009-10-29 18:08 -------- d-----w- c:\program files\QIP Infium
2010-05-23 16:24 . 2010-04-24 15:14 921632 ----a-w- C:\PA7302.DAT
2010-05-21 21:14 . 2010-02-08 19:05 -------- d-----w- c:\program files\Max_EN
2010-05-21 21:14 . 2009-12-17 15:51 -------- d-----w- c:\program files\Softonic_VLC_EN
2010-05-14 11:06 . 2010-05-14 11:06 -------- d-----w- c:\program files\Common Files\Real
2010-05-14 11:06 . 2010-05-14 11:06 -------- d-----w- c:\program files\Real
2010-05-14 11:06 . 2010-05-14 11:06 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-14 11:06 . 2010-01-13 21:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-14 11:01 . 2010-05-14 11:01 -------- d-----w- c:\program files\Xvid
2010-04-24 12:32 . 2010-04-24 12:32 81 --sh--r- c:\windows\CT4CET.bin
2010-04-07 20:18 . 2010-04-07 20:18 74703 ----a-w- c:\windows\system32\mfc45.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{e6570cd8-9978-4621-b1f9-6a62436f0466}"= "c:\program files\Softonic_VLC_EN\tbSof0.dll" [2010-05-21 2515552]
"{867dd841-5bf7-44ca-8426-c5a6eda00735}"= "c:\program files\Max_EN\tbMax1.dll" [2010-05-21 2515552]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "c:\program files\Softonic_English_TC\tbSoft.dll" [2010-04-15 2515552]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{e6570cd8-9978-4621-b1f9-6a62436f0466}]

[HKEY_CLASSES_ROOT\clsid\{867dd841-5bf7-44ca-8426-c5a6eda00735}]

[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
2010-04-15 10:33 2515552 ----a-w- c:\program files\Softonic_English_TC\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\XfireXO\tbXfir.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{867dd841-5bf7-44ca-8426-c5a6eda00735}]
2010-05-21 21:14 2515552 ----a-w- c:\program files\Max_EN\tbMax1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e6570cd8-9978-4621-b1f9-6a62436f0466}]
2010-05-21 21:14 2515552 ----a-w- c:\program files\Softonic_VLC_EN\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e6570cd8-9978-4621-b1f9-6a62436f0466}"= "c:\program files\Softonic_VLC_EN\tbSof0.dll" [2010-05-21 2515552]
"{867dd841-5bf7-44ca-8426-c5a6eda00735}"= "c:\program files\Max_EN\tbMax1.dll" [2010-05-21 2515552]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "c:\program files\Softonic_English_TC\tbSoft.dll" [2010-04-15 2515552]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{e6570cd8-9978-4621-b1f9-6a62436f0466}]

[HKEY_CLASSES_ROOT\clsid\{867dd841-5bf7-44ca-8426-c5a6eda00735}]

[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E6570CD8-9978-4621-B1F9-6A62436F0466}"= "c:\program files\Softonic_VLC_EN\tbSof0.dll" [2010-05-21 2515552]
"{867DD841-5BF7-44CA-8426-C5A6EDA00735}"= "c:\program files\Max_EN\tbMax1.dll" [2010-05-21 2515552]
"{4FF5F6EA-FFAF-43E5-9A01-361C0893C3E8}"= "c:\program files\Softonic_English_TC\tbSoft.dll" [2010-04-15 2515552]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{e6570cd8-9978-4621-b1f9-6a62436f0466}]

[HKEY_CLASSES_ROOT\clsid\{867dd841-5bf7-44ca-8426-c5a6eda00735}]

[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Patrik\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-01-06 135664]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-08-13 3276288]
"RegistryMechanic"="d:\registry mechanic\RegMech.exe" [2010-04-08 3233752]
"SkinClock"="c:\program files\Free Desktop Clock\DesktopClock.exe" [2006-10-01 334848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"DAEMON Tools Lite"="d:\daemon tools lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-07-12 352256]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-06-23 847872]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1384.0\mswinext.exe" [2010-02-17 243032]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-14 202256]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Patrik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ProgSense.lnk - d:\progsense\ProgSense.exe [2010-5-24 888000]
Screenshot Utility.lnk - d:\screenshot utility\ScreenshotUtility.exe [2010-6-6 344064]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-28 3493264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Codemasters\\Worms 4 Mayhem Demo\\Worms 4 Mayhem Demo.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Team17 Software Ltd\\WormsFortsDemo\\WF.exe"=
"c:\\Program Files\\Codemasters\\Worms 4 Mayhem Online Demo\\Worms 4 Mayhem Online Demo.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Patrik\\Plocha\\samp03\\samp-server.exe"=
"c:\\Documents and Settings\\Patrik\\Plocha\\samp02x\\samp-server.exe"=
"c:\\Documents and Settings\\Patrik\\Plocha\\samp01b\\samp-server.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Documents and Settings\\Patrik\\Plocha\\samp022\\samp-server.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"d:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\SRS - Street Racing Syndicate\\Bin\\SRS.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\trainer.exe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21034:TCP"= 21034:TCP:BitComet 21034 TCP
"21034:UDP"= 21034:UDP:BitComet 21034 UDP

R0 ahci8086;ahci8086;c:\windows\system32\drivers\ahci8086.sys [29.10.2009 12:31 119808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.7.2010 15:07 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.7.2010 15:07 17744]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12.5.2010 15:08 632792]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Patrik\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Patrik\LOCALS~1\Temp\ALSysIO.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.6.2010 22:01 721904]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-03 c:\windows\Tasks\User_Feed_Synchronization-{9C10480B-93C6-4E37-91DA-96E8674D38DE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page =
uDefault_Search_URL =
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.zoner.cz/podpora/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{3e717667-c786-43d0-b809-b378938f6770} - d:\clip extractor\ClipExtractor.exe
TCP: {52B0A3FB-BE3D-424D-A8D1-BAE446DAD5F8} = 213.211.45.3,212.96.160.7
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
.
Celkový čas: 2010-07-03 23:17:45
ComboFix-quarantined-files.txt 2010-07-03 21:17
ComboFix2.txt 2010-07-03 17:48
ComboFix3.txt 2010-07-03 16:52

Před spuštěním: Volných bajtů: 12 403 400 704
Po spuštění: Volných bajtů: 12 368 564 224

- - End Of File - - D4A6DCF66F6EE9CD93DEC2D39274618A

[stell]

ok
odinstaluj
c:\program files\DAEMON Tools Toolbar
c:\program files\AskBarDis

start-spustit-skopiruj prikaz combofix /uninstall ok

poriadne precisti pc CCleanerom a ak vsetko je ok,,tot vse.

[P@tRiCk_]

Díky moc

[stell]

nemas zaco.