VIRY.CZ

Zdravím, včera jsem dostal po FB zprávu, že se mám podívat na video, bohužel jsem si měl nainstalovat nějakou novou verzi ADOBE a pak mi to zahlásilo chybu a systém šel dolů. Když jsem pak zapínal PC, napsalo mi to, že se systém pokusí opravit chyby a zkusí se dostat do bodu obnovy, když se systém zapnul po restartování, naběhl nouzový režim, kde je pouze CMD.exe a černá obrazovka, je možné to nějak nahodit nebo co s tím můžu dělat, bohužel mám v PC velice potřebné souboru, takže nemůžu přeinstalovat systém.

Díky za rady

Zdravim, pekne odpoledne preji a vitam Vas u nas na foru

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  msconfig

• Kliknete na OK
• Prepnete se na zalozku Spuštění počítače
• Podivejte se, ci nemate zaskrtnute Bezpecne spousteni - pokud ano, tak odskrtnete
• Nasledny restart by jiz mel vest do normalniho rezimu

zkuste dat log z RSIT - viz muj podpis - at se mame od ceho odpichnout

Omlouvám se, ale moc jsem nepochopil, co mám zadat. Mám k dispozici před sebou pouze černou obrazovku a cmd bez panelu atd.

Napiste tedy jen msconfig a dale postupujte dle navodu

Dobrá, tak jsem na ploše

Vyborne, tak jdem pomalu ale jiste havet mazat

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  motji píše: Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

• Linky ke stazeni
  • COM soubor http://vyosek.ic.cz/BE/exeHelper.com
  • SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
• Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Aplikujte RogueKiller

stell píše: pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205

Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4

RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

rkill:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 22.07.2011 at 16:03:51.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\jancerva\AppData\Local\Temp\sycomctl32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe


Rkill completed on 22.07.2011 at 16:03:59.

exeHelper by Raktor
Build 20100414
Run at 16:04:54 on 07/22/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: jancerva [Admin rights]
Mode: Scan -- Date : 07/22/2011 16:06:19

Bad processes: 1
[SUSP PATH] exeHelper.com -- c:\users\jancerva\desktop\exehelper.com -> KILLED

Registry Entries: 9
[SUSP PATH] HKCU\[...]\Run : Display Driver (C:\Users\jancerva\AppData\Local\Temp\sycomctl32.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-971304663-1475225163-2233371715-1000[...]\Run : Display Driver (C:\Users\jancerva\AppData\Local\Temp\sycomctl32.exe) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : onscreenkeyboard.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : orient.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : smartboardtools.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : smartbrd.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : ucgui.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: jancerva [Admin rights]
Mode: HOSTSFix -- Date : 07/22/2011 16:07:24

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
::1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: jancerva [Admin rights]
Mode: ProxyFix -- Date : 07/22/2011 16:07:32

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

2


RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: jancerva [Admin rights]
Mode: Remove -- Date : 07/22/2011 16:24:22

Bad processes: 0

Registry Entries: 8
[SUSP PATH] HKCU\[...]\Run : Display Driver (C:\Users\jancerva\AppData\Local\Temp\sycomctl32.exe) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : onscreenkeyboard.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : orient.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : smartboardtools.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : smartbrd.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ucgui.exe ("C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe") -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

Je to už hotovo?

NeNe neni, tohle byla jen priprava, ale zvladl jste ji dobre

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Jak zjistím, že jsem všechny antispamy atd. vypnul?

Tim se ted nezaobirejte, CFko bude asi pripadne kricet, ale jen to odklikejte

tak už se mi to taky stalo, bohužel než stisknu win+R tak se restartuje, takže podle návodu nemohu postupovat

ComboFix 11-07-22.02 - jancerva 22.07.2011 16:54:42.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3326.1722 [GMT 2:00]
Spuštěný z: c:\users\jancerva\Downloads\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\users\jancerva\AppData\Roaming\Local
c:\users\jancerva\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\jancerva\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\jancerva\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\jancerva\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\jancerva\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx.ddp
c:\windows\proc_list1.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 15:06 . 2011-07-22 15:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-22 14:01 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9B432CE-CD1F-4EE7-95E6-3F4A7DB575C7}\mpengine.dll
2011-07-13 09:46 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 09:45 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 09:45 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-06-29 06:00 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 16:38 . 2011-05-29 16:38 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-29 16:38 . 2011-05-29 16:38 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-29 16:38 . 2011-05-29 16:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-29 16:38 . 2011-05-29 16:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-29 16:38 . 2011-05-29 16:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-29 16:38 . 2011-05-29 16:38 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-29 16:38 . 2011-05-29 16:38 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-29 16:38 . 2011-05-29 16:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-29 16:38 . 2011-05-29 16:38 367104 ----a-w- c:\windows\system32\html.iec
2011-05-29 16:38 . 2011-05-29 16:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-29 16:38 . 2011-05-29 16:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-29 16:38 . 2011-05-29 16:38 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-29 16:38 . 2011-05-29 16:38 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-29 16:38 . 2011-05-29 16:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-29 16:38 . 2011-05-29 16:38 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-29 16:38 . 2011-05-29 16:38 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-29 16:38 . 2011-05-29 16:38 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-29 16:38 . 2011-05-29 16:38 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-29 16:38 . 2011-05-29 16:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-24 17:14 . 2009-10-02 17:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 17:16 . 2011-06-17 07:47 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-17 07:47 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-17 07:47 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-17 07:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-17 07:47 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-17 07:47 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2011-02-01 395640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-01-09 30192]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-06-22 594952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON SX125 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "c:\windows\TEMP\E_S28DA.tmp" /EF "HKCU"
"Skype"="c:\program files\Skype\\Phone\Skype.exe" /nosplash /minimized
"EADM"="c:\program files\Electronic Arts\EADM\EADMUI\EADMUI.exe"
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"AutoStartNPSAgent"=c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "c:\program files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"PAC7311_Monitor"=c:\windows\PixArt\PAC7311\Monitor.exe
"Toolbar_eula_launcher"=c:\install\google\eula\EULALauncher.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" start
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"USBToolTip"=c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
"4StoryPrePatch"=c:\program files\Gameforge4D\4Story\PrePatch.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-01-09 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 24216]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [x]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [x]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-22 717296]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-04-07 810120]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-04-07 41312]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 18:25]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 18:25]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 192.168.100.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 17:07
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-07-22 17:14:13
ComboFix-quarantined-files.txt 2011-07-22 15:14
.
Před spuštěním: Volných bajtů: 420 634 505 216
Po spuštění: Volných bajtů: 420 584 230 912
.
- - End Of File - - 767B82901813E8FFF60E2DCCC55824BF

hell-ghost píše:tak už se mi to taky stalo, bohužel než stisknu win+R tak se restartuje, takže podle návodu nemohu postupovat

Zdravim, prectete si prosim tohle http://www.viry.cz/forum/viewtopic.php?f=13&t=113441