Rootkit - jak na něj

[Dzybry]

Dobrý den.
Mám v PC rootkit podle combofixu a nějak se mi jej nedaří vyštípat. zkoušel jsem nakažené soubory nahradit a udělat fixmbr a fixboot, nicméně to nevedlo k úspěchu. Můžete mi prosím poradit?

Předem díky.

ComboFix 10-08-09.02 - Zdenka 10.08.2010 7:11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.251 [GMT 2:00]
Spuštěný z: c:\documents and settings\Zdenka\Plocha\a.com
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\daemon.dll
c:\windows\system32\734914

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-10 do 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-09 07:54 . 2008-04-14 06:51 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-08-09 07:54 . 2008-04-14 06:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-08-09 07:53 . 2008-04-14 06:00 80896 ------w- c:\windows\system32\msxml6r.dll
2010-08-09 07:53 . 2008-04-14 06:51 1306624 ------w- c:\windows\system32\msxml6.dll
2010-08-09 07:53 . 2007-06-26 09:30 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2010-08-09 07:53 . 2007-06-26 09:26 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2010-08-09 07:51 . 2008-04-14 06:52 53248 ------w- c:\windows\system32\tsgqec.dll
2010-08-09 07:51 . 2008-04-14 06:52 50688 ------w- c:\windows\system32\tspkg.dll
2010-08-09 07:51 . 2008-04-14 06:52 712704 ------w- c:\windows\system32\windowscodecs.dll
2010-08-09 07:51 . 2008-04-14 06:52 346112 ------w- c:\windows\system32\windowscodecsext.dll
2010-08-09 07:51 . 2008-04-14 06:52 276992 ------w- c:\windows\system32\wmphoto.dll
2010-08-09 07:51 . 2008-04-14 06:52 69120 ------w- c:\windows\system32\wlanapi.dll
2010-08-09 07:51 . 2008-04-14 06:52 32866 ------w- c:\windows\slrundll.exe
2010-08-09 07:51 . 2010-08-09 07:51 -------- d-----w- c:\windows\l2schemas
2010-08-09 07:51 . 2010-08-09 07:51 -------- d-----w- c:\windows\system32\cs
2010-08-09 07:51 . 2010-08-09 07:51 -------- d-----w- c:\windows\system32\bits
2010-08-09 07:36 . 2008-04-14 06:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-08-09 07:28 . 2008-04-14 05:40 326912 ------w- c:\windows\system32\drivers\ati2mtaa.sys
2010-08-09 07:01 . 2010-08-09 07:01 -------- d-----w- c:\windows\EHome
2010-08-09 06:39 . 2010-08-09 06:42 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-08-09 06:30 . 2010-08-09 06:37 -------- d-----w- C:\Install
2010-08-09 06:29 . 2010-08-09 06:29 -------- d-----w- c:\program files\totalcmd
2010-08-09 06:29 . 2007-09-05 05:02 545 ----a-w- c:\windows\UC.PIF
2010-08-09 06:29 . 2007-09-05 05:02 545 ----a-w- c:\windows\RAR.PIF
2010-08-09 06:29 . 2007-09-05 05:02 545 ----a-w- c:\windows\PKZIP.PIF
2010-08-09 06:29 . 2007-09-05 05:02 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-08-09 06:29 . 2007-09-05 05:02 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-08-09 06:29 . 2007-09-05 05:02 545 ----a-w- c:\windows\LHA.PIF
2010-08-09 06:29 . 2007-09-05 05:02 545 ----a-w- c:\windows\ARJ.PIF
2010-08-09 06:18 . 2008-04-13 22:16 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2010-08-09 06:18 . 2008-04-13 22:16 15232 ----a-w- c:\windows\system32\drivers\streamip.sys
2010-08-09 06:17 . 2008-04-13 22:16 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2010-08-09 06:17 . 2008-04-13 22:16 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2010-08-09 06:17 . 2008-04-13 22:16 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2010-08-09 06:08 . 2007-10-04 15:42 48128 ----a-w- c:\windows\system32\Remove.exe
2010-08-09 06:08 . 2010-08-09 06:08 -------- d-----w- c:\program files\Common Files\Eye 312
2010-08-09 06:08 . 2007-06-14 16:34 457856 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2010-08-09 06:08 . 2006-10-12 09:57 14336 ----a-w- c:\windows\system32\P7302USD.dll
2010-08-09 06:08 . 2010-08-09 06:08 -------- d-----w- c:\program files\Common Files\Pac7302
2010-08-09 06:08 . 2010-08-09 06:08 -------- d-----w- c:\windows\PixArt
2010-08-03 18:27 . 2010-08-03 18:28 57632 ----a-w- C:\PA7302.DAT
2010-08-03 18:23 . 2010-08-03 18:23 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-03 18:15 . 2010-08-03 18:15 -------- d-----w- c:\program files\Common Files\Skype
2010-08-03 18:15 . 2010-08-03 18:16 -------- d-----r- c:\program files\Skype
2010-08-03 18:08 . 2008-04-13 22:16 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2010-08-03 18:07 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-08-03 18:01 . 2006-11-20 07:04 6656 ----a-w- c:\windows\system32\CoInst_070614.dll
2010-08-01 08:57 . 2008-04-13 22:15 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2010-07-26 09:41 . 2010-07-26 09:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-26 09:14 . 2010-07-26 09:14 -------- d-sh--w- c:\documents and settings\Danielka\IECompatCache
2010-07-16 20:24 . 2010-07-16 20:24 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-14 20:42 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 04:51 . 2004-08-18 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-08-10 04:51 . 2004-08-18 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-08-02 14:06 . 2009-08-06 09:01 -------- d-----w- c:\program files\QIP
2010-07-31 19:20 . 2008-08-24 16:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-26 09:40 . 2009-10-02 10:25 -------- d-----w- c:\program files\Google
2010-07-26 09:24 . 2010-04-24 11:15 -------- d-----w- c:\program files\Seznam.cz
2010-07-26 08:58 . 2009-05-25 19:36 -------- d-----w- c:\program files\SweetIM
2010-07-16 20:24 . 2009-05-21 18:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 20:24 . 2008-07-23 18:43 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-16 20:23 . 2009-05-21 18:08 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-24 14:01 . 2010-06-24 13:42 -------- d-----w- c:\program files\LG PC Suite II
2010-06-24 13:54 . 2010-06-24 13:54 -------- d-----w- c:\program files\LG Electronics
2010-06-24 13:48 . 2008-08-26 11:00 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 20:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-26 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-07-26 126976]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 20:24 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 16:00 1818624 ----a-w- c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 21:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-04-26 20:23 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [21.1.2009 15:43 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [21.1.2009 15:43 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21.5.2009 20:08 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21.5.2009 20:08 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [15.7.2010 17:08 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16.7.2010 22:24 308136]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.7.2010 11:39 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [3.5.2010 19:40 430152]
.
Obsah adresáře 'Naplánované úlohy'

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 09:39]

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 09:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
mSearchURL = hxxp://internetsearchservice.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 07:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82E37C70]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf857af28
\Driver\ACPI -> ACPI.sys @ 0xf84c6cb8
\Driver\atapi -> 0x82e37c70
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: 3Com 3C905TX-based Ethernet Adapter (obecné) -> SendCompleteHandler -> NDIS.sys @ 0xf8373bd4
PacketIndicateHandler -> NDIS.sys @ 0xf8361a0d
SendHandler -> NDIS.sys @ 0xf8375b40
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3240)
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2010-08-10 07:43:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-10 05:42

Před spuštěním: 4 899 819 520
Po spuštění: 5 017 403 392

- - End Of File - - 6D1C543E3941D19146400804ED3D58EB

[cernohous13]

Zdravím,

Vypnout driver sptd.sys takto:
stáhni http://jpshortstuff.247fixes.com/beta/Defogger.exe
spusť - klik "Disable" - potvrď hlášku "Continue" - nech restartovat PC a dej sem log který se vytvořil

stáhni MBR
http://www2.gmer.net/mbr/mbr.exe ulož ho na plochu (jen ulož ale nespouštěj)
klik na hlavním panelu tlačítko "Start" -> "Spustit..." - do příkazového řádku zkopíruj celý červený příkaz
"%userprofile%\plocha\mbr" -t -> OK
na ploše vznikne mbr.log - jeho obsah sem zkopíruj

stáhneš speciální verzi G-Mer
Special
- ulož na plochu a spusť -> proběhne krátký scan
(když dostaneš hlášku rootkit activity and asks if you want to run scan>>klikneš NO<<)
- druhý scan nastavíš takto


>> klikneš scan,<<
na konci scanu >>SAVE<< název dej Gspeclog.txt>>ulož na plochu a obsah logu zkopíruj sem

[Dzybry]

Díky za rady a posílám logy.

1. defogger

defogger_disable by jpshortstuff (25.01.10.1)
Log created at 15:17 on 10/08/2010 (Zdenka)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read atapi.sys
d346prt -> Disabled (Service running -> reboot required)


-=E.O.F=-

2. mbr
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82E3A430]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x82e3a430
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

gmer při tom 1. scanu vypadne zpět do windows bez nějaké chybové hlášky

[cernohous13]

Stahni Avenger zde:
http://swandog46.geekstogo.com/avenger.exe
Spusť a všude souhlas „Yes“
Hlavní okno

dole dej fajfku do obou čtverečků

Do pole „Input script here“ zkopíruj zelený text scriptu > „Execute“ > „Yes“
Bude restart a je potřeba vyčkat na otevření Notepadu a jeho obsah sem vložit. (C:\avenger.txt)

Script

Kód: Vybrat vše

Drivers to delete:
d346prt
d346bus

Files to delete:
c:\windows\system32\drivers\d346prt.sys
c:\windows\system32\drivers\d346bus.sys

Máš MBR na ploše?

Start -> Spustit - vlož příkaz
"%userprofile%\plocha\mbr" -f ok

restart a spustíš nový příkaz
"%userprofile%\plocha\mbr" -t ok a log vlož sem,

Můžeš použít instalační CD?