Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Policajný vírus
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Policajný vírus
mám tu kolegov ntb....nenaštaruje mu ani Win7, preblikne mu to hneď na vírus....to isté pri núdzovom režime, aj sa skúsi os prihlásiť ale vírus ho zruší a nabehne sám...
ďakujem vopred za pomoc
ďakujem vopred za pomoc
C2Q Q8200, Gigabyte EP45-UD3LR, 8GB Kingston HyperX 1066 MHz, HDD Samsung HD642JJ 640 GB, NVIDIA Gigabyte 9600 GT-512 MB-pasív, Enermax Modu82+ 525W, Thermaltake Matrix VD3000BN, DVDRW Samsung SH-S223B SATA, Windows 8 Pro, HP L2208W 22“
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Re: Policajný vírus
Zdravim
Dejte mi chvili nez napisu postup
Jen se zeptam, jedna se o domaci ntb nebo nejaky firemni\pracovni
Dejte mi chvili nez napisu postup
Jen se zeptam, jedna se o domaci ntb nebo nejaky firemni\pracovni
Re: Policajný vírus
domáci
C2Q Q8200, Gigabyte EP45-UD3LR, 8GB Kingston HyperX 1066 MHz, HDD Samsung HD642JJ 640 GB, NVIDIA Gigabyte 9600 GT-512 MB-pasív, Enermax Modu82+ 525W, Thermaltake Matrix VD3000BN, DVDRW Samsung SH-S223B SATA, Windows 8 Pro, HP L2208W 22“
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Re: Policajný vírus
Na zdravem PC stahnete Farbar Recovery Scan Tool http://www.bleepingcomputer.com/downloa ... scan-tool/
Nyni si zjisteme pismeno flash disku
- Ulozte na nejaky flash disk, primo na jeho koren
Nyni si zjisteme pismeno flash disku
- Zadejte prikaz notepad a odenterujte
- Otebre se poznamkovy blok (notepad)
- Dejte Soubor --> Otevrit --> najdete tento pocitac a otevrete USB klic je FRST ulozeny
- Podivejte se, jake pismeno ma USB klic (F:\, G:\ apod)
- Zavrete notepad krizkem
- Pokud mate stazeny FRST pro 64 bit OS, tak se jmenuje FRST64.exe a je nutne jej tak zadat
- Zadejte prikaz "pismeno disku":\FRST.exe a odenterujte (napr. F:\FRST.exe)
- Spusti se FRST
- Spuste prohledavani kliknutim na Scan
- Po chvili se vytvori na flash disku log FRST.exe
- Ten mi sem vlozte pres zdravy PC
Re: Policajný vírus
no, teraz sa potím s opačným lomítkom....
príkaz musí byť v tvare FRST64.exe.....
príkaz musí byť v tvare FRST64.exe.....
Naposledy upravil(a) bigjohn dne 28 pro 2012 15:15, celkem upraveno 1 x.
C2Q Q8200, Gigabyte EP45-UD3LR, 8GB Kingston HyperX 1066 MHz, HDD Samsung HD642JJ 640 GB, NVIDIA Gigabyte 9600 GT-512 MB-pasív, Enermax Modu82+ 525W, Thermaltake Matrix VD3000BN, DVDRW Samsung SH-S223B SATA, Windows 8 Pro, HP L2208W 22“
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Re: Policajný vírus
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012
Ran by user at 28-12-2012 15:11:40
Running from F:\
Service Pack 1 (X64) OS Language: 041B
Attention: Could not load system hive.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
==================== One Month Created Files and Folders ========
2012-12-20 22:59 - 2012-12-28 13:49 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini
2012-12-20 22:59 - 2012-12-20 22:59 - 00094720 ____A C:\Users\user\3493465.exe
2012-12-20 13:11 - 2012-12-28 13:48 - 00000504 ____A C:\Windows\setupact.log
2012-12-20 13:11 - 2012-12-20 13:11 - 00000000 ____A C:\Windows\setuperr.log
2012-12-18 22:53 - 2012-12-18 22:53 - 00002098 ____A C:\Users\Public\Desktop\Nokia Suite.lnk
2012-12-18 22:52 - 2012-12-18 22:52 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2012-12-18 22:01 - 2012-12-18 22:01 - 00002151 ____A C:\Users\Public\Desktop\Počítačový prístup k internetu Nokia.lnk
2012-12-13 14:28 - 2012-11-14 07:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-13 14:28 - 2012-11-14 07:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-13 14:28 - 2012-11-14 07:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-13 14:28 - 2012-11-14 07:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-13 14:28 - 2012-11-14 07:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-13 14:28 - 2012-11-14 06:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-13 14:28 - 2012-11-14 06:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-13 14:28 - 2012-11-14 06:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-13 14:28 - 2012-11-14 06:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-13 14:28 - 2012-11-14 06:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-13 14:28 - 2012-11-14 06:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-13 14:28 - 2012-11-14 06:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-13 14:28 - 2012-11-14 06:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-13 14:28 - 2012-11-14 06:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-13 14:28 - 2012-11-14 03:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-13 14:28 - 2012-11-14 03:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-13 14:28 - 2012-11-14 02:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-13 14:28 - 2012-11-14 02:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-13 14:28 - 2012-11-14 02:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-13 14:28 - 2012-11-14 02:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-13 14:28 - 2012-11-14 02:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-13 14:28 - 2012-11-14 02:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-13 14:28 - 2012-11-14 02:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-13 14:28 - 2012-11-14 02:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-13 14:28 - 2012-11-14 02:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-13 14:28 - 2012-11-14 02:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-13 14:28 - 2012-11-14 02:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-13 14:28 - 2012-11-14 02:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-13 14:28 - 2012-11-14 02:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-13 14:27 - 2012-11-14 08:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-13 14:27 - 2012-11-14 07:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-13 14:27 - 2012-11-14 03:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-13 14:11 - 2012-11-09 06:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-13 14:11 - 2012-11-09 05:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-13 14:10 - 2012-11-22 04:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-13 14:10 - 2012-11-05 22:35 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-13 14:10 - 2012-11-05 21:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-13 14:10 - 2012-11-05 21:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-13 14:10 - 2012-11-05 21:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-13 14:10 - 2012-10-04 18:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-13 14:10 - 2012-10-04 18:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-13 14:10 - 2012-10-04 18:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-13 14:10 - 2012-10-04 18:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-13 14:10 - 2012-10-04 18:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-13 14:10 - 2012-10-04 18:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-13 14:10 - 2012-10-04 18:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-13 14:10 - 2012-10-04 17:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-13 14:10 - 2012-10-04 17:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-13 14:10 - 2012-10-04 17:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-13 14:10 - 2012-10-04 16:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-13 14:10 - 2012-10-04 15:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-13 14:10 - 2012-10-04 15:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-13 14:09 - 2012-11-02 06:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-13 14:09 - 2012-11-02 06:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 15:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-13 14:09 - 2012-10-04 15:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-13 14:09 - 2012-10-04 15:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 15:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 15:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 15:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-12 18:17 - 2012-12-12 18:17 - 00001068 ____A C:\Users\user\Desktop\mp3DirectCut.lnk
2012-12-10 18:54 - 2012-12-10 19:04 - 14477017 ____A C:\Users\user\Downloads\taggart_96_stiny_minulosti_web-rip_cz_mattys.avi
2012-12-06 22:00 - 2012-12-07 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2012-12-28 15:11 - 2012-12-28 15:11 - 00000000 ____D C:\FRST
2012-12-28 14:58 - 2009-07-14 06:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-28 13:49 - 2012-12-20 22:59 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini
2012-12-28 13:49 - 2011-02-26 19:38 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-28 13:48 - 2012-12-20 13:11 - 00000504 ____A C:\Windows\setupact.log
2012-12-28 13:48 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-20 22:59 - 2012-12-20 22:59 - 00094720 ____A C:\Users\user\3493465.exe
2012-12-20 22:29 - 2011-02-26 19:38 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-20 22:24 - 2010-11-03 11:51 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2012-12-20 22:11 - 2011-04-30 22:17 - 00000942 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4261128354-3970813660-1466534925-1000UA.job
2012-12-20 22:02 - 2012-04-03 18:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-20 17:59 - 2009-07-14 05:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-20 17:59 - 2009-07-14 05:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-20 14:17 - 2011-02-19 15:50 - 02060630 ____A C:\Windows\WindowsUpdate.log
2012-12-20 13:11 - 2012-12-20 13:11 - 00000000 ____A C:\Windows\setuperr.log
2012-12-19 23:44 - 2010-02-18 17:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Winamp
2012-12-18 22:54 - 2011-07-03 20:44 - 00000000 ____D C:\Users\All Users\Nokia
2012-12-18 22:53 - 2012-12-18 22:53 - 00002098 ____A C:\Users\Public\Desktop\Nokia Suite.lnk
2012-12-18 22:52 - 2012-12-18 22:52 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2012-12-18 22:51 - 2010-07-29 23:07 - 00000000 ____D C:\Program Files (x86)\Nokia
2012-12-18 22:01 - 2012-12-18 22:01 - 00002151 ____A C:\Users\Public\Desktop\Počítačový prístup k internetu Nokia.lnk
2012-12-18 22:01 - 2010-07-29 23:07 - 00000000 ____D C:\Users\All Users\Installations
2012-12-18 19:55 - 2010-02-19 07:12 - 00000000 ____D C:\Users\user\AppData\Roaming\dvdcss
2012-12-18 19:41 - 2011-06-12 09:01 - 00000000 ___RD C:\Users\user\Desktop\ZÁSTUPCOVIA
2012-12-14 13:31 - 2009-07-14 06:08 - 00032502 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-13 20:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2012-12-13 16:46 - 2009-07-14 05:45 - 00320584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-13 16:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2012-12-13 16:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\sk-SK
2012-12-13 14:29 - 2010-02-18 16:18 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-13 14:27 - 2010-02-18 16:41 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-12 18:22 - 2012-02-11 12:13 - 00000000 ____D C:\Users\user\Desktop\Plagáty
2012-12-12 18:17 - 2012-12-12 18:17 - 00001068 ____A C:\Users\user\Desktop\mp3DirectCut.lnk
2012-12-12 16:53 - 2010-06-10 22:43 - 00000069 ____A C:\Windows\NeroDigital.ini
2012-12-12 11:11 - 2011-04-30 22:17 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4261128354-3970813660-1466534925-1000Core.job
2012-12-12 10:00 - 2010-02-24 08:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Sunbird
2012-12-11 20:02 - 2012-04-03 18:16 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-11 20:02 - 2011-05-14 21:47 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-10 19:04 - 2012-12-10 18:54 - 14477017 ____A C:\Users\user\Downloads\taggart_96_stiny_minulosti_web-rip_cz_mattys.avi
2012-12-07 20:49 - 2010-03-12 20:09 - 00000000 ____D C:\Users\user\AppData\Roaming\ELIS
2012-12-07 20:49 - 2010-03-12 20:09 - 00000000 ____D C:\Program Files (x86)\ELIS
2012-12-07 17:19 - 2012-12-06 22:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 4060.27 MB
Available physical RAM: 3523.96 MB
Total Pagefile: 8118.72 MB
Available Pagefile: 7595.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Partitions =============================
1 Drive c: (Windows 7) (Fixed) (Total:97.56 GB) (Free:40.58 GB) NTFS
2 Drive d: (Ukladací disk) (Fixed) (Total:368.1 GB) (Free:31.51 GB) NTFS
4 Drive f: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1937 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 97 GB 101 MB
Partition 3 Primary 368 GB 97 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Vyhraden‚ s NTFS Partition 100 MB Healthy System (partition with boot components)
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows 7 NTFS Partition 97 GB Healthy Boot
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Ukladacˇ di NTFS Partition 368 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1933 MB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F FAT32 Removable 1933 MB Healthy
=========================================================
Last Boot: 2012-12-15 13:28
==================== End Of Log =============================
Ran by user at 28-12-2012 15:11:40
Running from F:\
Service Pack 1 (X64) OS Language: 041B
Attention: Could not load system hive.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
==================== One Month Created Files and Folders ========
2012-12-20 22:59 - 2012-12-28 13:49 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini
2012-12-20 22:59 - 2012-12-20 22:59 - 00094720 ____A C:\Users\user\3493465.exe
2012-12-20 13:11 - 2012-12-28 13:48 - 00000504 ____A C:\Windows\setupact.log
2012-12-20 13:11 - 2012-12-20 13:11 - 00000000 ____A C:\Windows\setuperr.log
2012-12-18 22:53 - 2012-12-18 22:53 - 00002098 ____A C:\Users\Public\Desktop\Nokia Suite.lnk
2012-12-18 22:52 - 2012-12-18 22:52 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2012-12-18 22:01 - 2012-12-18 22:01 - 00002151 ____A C:\Users\Public\Desktop\Počítačový prístup k internetu Nokia.lnk
2012-12-13 14:28 - 2012-11-14 07:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-13 14:28 - 2012-11-14 07:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-13 14:28 - 2012-11-14 07:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-13 14:28 - 2012-11-14 07:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-13 14:28 - 2012-11-14 07:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-13 14:28 - 2012-11-14 06:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-13 14:28 - 2012-11-14 06:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-13 14:28 - 2012-11-14 06:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-13 14:28 - 2012-11-14 06:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-13 14:28 - 2012-11-14 06:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-13 14:28 - 2012-11-14 06:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-13 14:28 - 2012-11-14 06:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-13 14:28 - 2012-11-14 06:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-13 14:28 - 2012-11-14 06:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-13 14:28 - 2012-11-14 03:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-13 14:28 - 2012-11-14 03:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-13 14:28 - 2012-11-14 02:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-13 14:28 - 2012-11-14 02:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-13 14:28 - 2012-11-14 02:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-13 14:28 - 2012-11-14 02:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-13 14:28 - 2012-11-14 02:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-13 14:28 - 2012-11-14 02:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-13 14:28 - 2012-11-14 02:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-13 14:28 - 2012-11-14 02:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-13 14:28 - 2012-11-14 02:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-13 14:28 - 2012-11-14 02:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-13 14:28 - 2012-11-14 02:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-13 14:28 - 2012-11-14 02:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-13 14:28 - 2012-11-14 02:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-13 14:27 - 2012-11-14 08:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-13 14:27 - 2012-11-14 07:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-13 14:27 - 2012-11-14 03:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-13 14:11 - 2012-11-09 06:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-13 14:11 - 2012-11-09 05:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-13 14:10 - 2012-11-22 04:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-13 14:10 - 2012-11-05 22:35 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-13 14:10 - 2012-11-05 21:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-13 14:10 - 2012-11-05 21:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-13 14:10 - 2012-11-05 21:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-13 14:10 - 2012-10-04 18:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-13 14:10 - 2012-10-04 18:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-13 14:10 - 2012-10-04 18:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-13 14:10 - 2012-10-04 18:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-13 14:10 - 2012-10-04 18:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-13 14:10 - 2012-10-04 18:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-13 14:10 - 2012-10-04 18:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-13 14:10 - 2012-10-04 17:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-13 14:10 - 2012-10-04 17:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-13 14:10 - 2012-10-04 17:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-13 14:10 - 2012-10-04 16:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-13 14:10 - 2012-10-04 15:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-13 14:10 - 2012-10-04 15:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-13 14:09 - 2012-11-02 06:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-13 14:09 - 2012-11-02 06:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 15:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-13 14:09 - 2012-10-04 15:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-13 14:09 - 2012-10-04 15:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 15:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 15:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 15:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-12 18:17 - 2012-12-12 18:17 - 00001068 ____A C:\Users\user\Desktop\mp3DirectCut.lnk
2012-12-10 18:54 - 2012-12-10 19:04 - 14477017 ____A C:\Users\user\Downloads\taggart_96_stiny_minulosti_web-rip_cz_mattys.avi
2012-12-06 22:00 - 2012-12-07 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2012-12-28 15:11 - 2012-12-28 15:11 - 00000000 ____D C:\FRST
2012-12-28 14:58 - 2009-07-14 06:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-28 13:49 - 2012-12-20 22:59 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini
2012-12-28 13:49 - 2011-02-26 19:38 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-28 13:48 - 2012-12-20 13:11 - 00000504 ____A C:\Windows\setupact.log
2012-12-28 13:48 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-20 22:59 - 2012-12-20 22:59 - 00094720 ____A C:\Users\user\3493465.exe
2012-12-20 22:29 - 2011-02-26 19:38 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-20 22:24 - 2010-11-03 11:51 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2012-12-20 22:11 - 2011-04-30 22:17 - 00000942 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4261128354-3970813660-1466534925-1000UA.job
2012-12-20 22:02 - 2012-04-03 18:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-20 17:59 - 2009-07-14 05:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-20 17:59 - 2009-07-14 05:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-20 14:17 - 2011-02-19 15:50 - 02060630 ____A C:\Windows\WindowsUpdate.log
2012-12-20 13:11 - 2012-12-20 13:11 - 00000000 ____A C:\Windows\setuperr.log
2012-12-19 23:44 - 2010-02-18 17:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Winamp
2012-12-18 22:54 - 2011-07-03 20:44 - 00000000 ____D C:\Users\All Users\Nokia
2012-12-18 22:53 - 2012-12-18 22:53 - 00002098 ____A C:\Users\Public\Desktop\Nokia Suite.lnk
2012-12-18 22:52 - 2012-12-18 22:52 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2012-12-18 22:51 - 2010-07-29 23:07 - 00000000 ____D C:\Program Files (x86)\Nokia
2012-12-18 22:01 - 2012-12-18 22:01 - 00002151 ____A C:\Users\Public\Desktop\Počítačový prístup k internetu Nokia.lnk
2012-12-18 22:01 - 2010-07-29 23:07 - 00000000 ____D C:\Users\All Users\Installations
2012-12-18 19:55 - 2010-02-19 07:12 - 00000000 ____D C:\Users\user\AppData\Roaming\dvdcss
2012-12-18 19:41 - 2011-06-12 09:01 - 00000000 ___RD C:\Users\user\Desktop\ZÁSTUPCOVIA
2012-12-14 13:31 - 2009-07-14 06:08 - 00032502 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-13 20:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2012-12-13 16:46 - 2009-07-14 05:45 - 00320584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-13 16:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2012-12-13 16:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\sk-SK
2012-12-13 14:29 - 2010-02-18 16:18 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-13 14:27 - 2010-02-18 16:41 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-12 18:22 - 2012-02-11 12:13 - 00000000 ____D C:\Users\user\Desktop\Plagáty
2012-12-12 18:17 - 2012-12-12 18:17 - 00001068 ____A C:\Users\user\Desktop\mp3DirectCut.lnk
2012-12-12 16:53 - 2010-06-10 22:43 - 00000069 ____A C:\Windows\NeroDigital.ini
2012-12-12 11:11 - 2011-04-30 22:17 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4261128354-3970813660-1466534925-1000Core.job
2012-12-12 10:00 - 2010-02-24 08:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Sunbird
2012-12-11 20:02 - 2012-04-03 18:16 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-11 20:02 - 2011-05-14 21:47 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-10 19:04 - 2012-12-10 18:54 - 14477017 ____A C:\Users\user\Downloads\taggart_96_stiny_minulosti_web-rip_cz_mattys.avi
2012-12-07 20:49 - 2010-03-12 20:09 - 00000000 ____D C:\Users\user\AppData\Roaming\ELIS
2012-12-07 20:49 - 2010-03-12 20:09 - 00000000 ____D C:\Program Files (x86)\ELIS
2012-12-07 17:19 - 2012-12-06 22:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 4060.27 MB
Available physical RAM: 3523.96 MB
Total Pagefile: 8118.72 MB
Available Pagefile: 7595.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Partitions =============================
1 Drive c: (Windows 7) (Fixed) (Total:97.56 GB) (Free:40.58 GB) NTFS
2 Drive d: (Ukladací disk) (Fixed) (Total:368.1 GB) (Free:31.51 GB) NTFS
4 Drive f: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1937 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 97 GB 101 MB
Partition 3 Primary 368 GB 97 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Vyhraden‚ s NTFS Partition 100 MB Healthy System (partition with boot components)
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows 7 NTFS Partition 97 GB Healthy Boot
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Ukladacˇ di NTFS Partition 368 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1933 MB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F FAT32 Removable 1933 MB Healthy
=========================================================
Last Boot: 2012-12-15 13:28
==================== End Of Log =============================
C2Q Q8200, Gigabyte EP45-UD3LR, 8GB Kingston HyperX 1066 MHz, HDD Samsung HD642JJ 640 GB, NVIDIA Gigabyte 9600 GT-512 MB-pasív, Enermax Modu82+ 525W, Thermaltake Matrix VD3000BN, DVDRW Samsung SH-S223B SATA, Windows 8 Pro, HP L2208W 22“
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Re: Policajný vírus
Tvorba fixlistu pro FRST
Spustte znovu FRST64.exe na tom poskozenem PC
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
2012-12-20 22:59 - 2012-12-28 13:49 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini 2012-12-20 22:59 - 2012-12-20 22:59 - 00094720 ____A C:\Users\user\3493465.exe CMD: del "%USERPROFILE%\AppData\Local\Microsoft\Windows\runctf.lnk"
- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny log na flashku k FRST
Spustte znovu FRST64.exe na tom poskozenem PC
- Kliknete na Fix
- Probehne oprava a na flash disku se vytvori log Fixlog.txt
Re: Policajný vírus
stále je tam.....
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2012
Ran by user at 2012-12-28 16:09:53 Run:1
Running from F:\
ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
==============================================
C:\Users\user\AppData\Roaming\skype.ini moved successfully.
C:\Users\user\3493465.exe moved successfully.
========= del "%USERPROFILE%\AppData\Local\Microsoft\Windows\runctf.lnk" =========
Could Not Find C:\Users\user\AppData\Local\Microsoft\Windows\runctf.lnk
========= End of CMD: =========
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2012
Ran by user at 2012-12-28 16:09:53 Run:1
Running from F:\
ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
==============================================
C:\Users\user\AppData\Roaming\skype.ini moved successfully.
C:\Users\user\3493465.exe moved successfully.
========= del "%USERPROFILE%\AppData\Local\Microsoft\Windows\runctf.lnk" =========
Could Not Find C:\Users\user\AppData\Local\Microsoft\Windows\runctf.lnk
========= End of CMD: =========
==== End of Fixlog ====
C2Q Q8200, Gigabyte EP45-UD3LR, 8GB Kingston HyperX 1066 MHz, HDD Samsung HD642JJ 640 GB, NVIDIA Gigabyte 9600 GT-512 MB-pasív, Enermax Modu82+ 525W, Thermaltake Matrix VD3000BN, DVDRW Samsung SH-S223B SATA, Windows 8 Pro, HP L2208W 22“
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Re: Policajný vírus
Fajn, na flash disk si stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Pres prikazovy radek zadejte F:\RogueKiller.exe
Nechte probehnout Pre-Scan a pak dejte volbu Smazat a nasledne Zprava - log se ulozi a ten rad uvidim
Pres prikazovy radek zadejte F:\RogueKiller.exe
Nechte probehnout Pre-Scan a pak dejte volbu Smazat a nasledne Zprava - log se ulozi a ten rad uvidim
Re: Policajný vírus
RK prebehne, zmazanie neponúkne, log tiež nie...
policajti stále strážia.....
policajti stále strážia.....
C2Q Q8200, Gigabyte EP45-UD3LR, 8GB Kingston HyperX 1066 MHz, HDD Samsung HD642JJ 640 GB, NVIDIA Gigabyte 9600 GT-512 MB-pasív, Enermax Modu82+ 525W, Thermaltake Matrix VD3000BN, DVDRW Samsung SH-S223B SATA, Windows 8 Pro, HP L2208W 22“
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Re: Policajný vírus
Ha, moje chybka...Spustit RogueKiller - Prohledat - Smazat - Zprava
Re: Policajný vírus
RogueKiller V8.4.1 [Dec 28 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Núdzový režim
Užívateľ : user [Práva Správcu]
Režim : Odebrať -- Dátum : 12/28/2012 17:32:30
¤¤¤ Škodlivé procesy : 0 ¤¤¤
¤¤¤ Záznamy Registrov : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : EPSON SX110 Series (kópia 1) (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_SCFE.tmp" /EF "HKCU") -> VYMAZANÉ
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\user\AppData\Roaming\skype.dat) -> VYMAZANÉ
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{58587F29-2C77-4193-99D3-8D9FC3912BBF} : NameServer (195.146.128.60) -> NEBOLO ODSTRÁNENÉ, POUŽITE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{58587F29-2C77-4193-99D3-8D9FC3912BBF} : NameServer (195.146.128.60) -> NEBOLO ODSTRÁNENÉ, POUŽITE DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRADENÉ (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRADENÉ (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> NAHRADENÉ (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> NAHRADENÉ (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRADENÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)
¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤
¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤
¤¤¤ Nákaza : Rans.Gendarm ¤¤¤
¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5056GSY +++++
--- User ---
[MBR] ef8ae848570c6f5a1dca295b26d98e2b
[BSP] feb9390a267cb50e1af331104c25d6b2 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 376938 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Kingston DT 101 II USB Device +++++
--- User ---
[MBR] d5516ffdb6ec0b41d895f7667d73d603
[BSP] a2536bc67333673c41991ddb1b8b7bd1 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 1933 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Dokončené : << RKreport[5]_D_12282012_02d1732.txt >>
RKreport[1]_S_12282012_02d1643.txt ; RKreport[2]_D_12282012_02d1644.txt ; RKreport[3]_D_12282012_02d1644.txt ; RKreport[4]_S_12282012_02d1731.txt ; RKreport[5]_D_12282012_02d1732.txt
počas scanu tam vylezie Google Chrome...niečo o nedostupnosti nejakej stránky
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Núdzový režim
Užívateľ : user [Práva Správcu]
Režim : Odebrať -- Dátum : 12/28/2012 17:32:30
¤¤¤ Škodlivé procesy : 0 ¤¤¤
¤¤¤ Záznamy Registrov : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : EPSON SX110 Series (kópia 1) (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_SCFE.tmp" /EF "HKCU") -> VYMAZANÉ
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\user\AppData\Roaming\skype.dat) -> VYMAZANÉ
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{58587F29-2C77-4193-99D3-8D9FC3912BBF} : NameServer (195.146.128.60) -> NEBOLO ODSTRÁNENÉ, POUŽITE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{58587F29-2C77-4193-99D3-8D9FC3912BBF} : NameServer (195.146.128.60) -> NEBOLO ODSTRÁNENÉ, POUŽITE DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRADENÉ (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRADENÉ (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> NAHRADENÉ (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> NAHRADENÉ (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRADENÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)
¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤
¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤
¤¤¤ Nákaza : Rans.Gendarm ¤¤¤
¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5056GSY +++++
--- User ---
[MBR] ef8ae848570c6f5a1dca295b26d98e2b
[BSP] feb9390a267cb50e1af331104c25d6b2 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 376938 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Kingston DT 101 II USB Device +++++
--- User ---
[MBR] d5516ffdb6ec0b41d895f7667d73d603
[BSP] a2536bc67333673c41991ddb1b8b7bd1 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 1933 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Dokončené : << RKreport[5]_D_12282012_02d1732.txt >>
RKreport[1]_S_12282012_02d1643.txt ; RKreport[2]_D_12282012_02d1644.txt ; RKreport[3]_D_12282012_02d1644.txt ; RKreport[4]_S_12282012_02d1731.txt ; RKreport[5]_D_12282012_02d1732.txt
počas scanu tam vylezie Google Chrome...niečo o nedostupnosti nejakej stránky
C2Q Q8200, Gigabyte EP45-UD3LR, 8GB Kingston HyperX 1066 MHz, HDD Samsung HD642JJ 640 GB, NVIDIA Gigabyte 9600 GT-512 MB-pasív, Enermax Modu82+ 525W, Thermaltake Matrix VD3000BN, DVDRW Samsung SH-S223B SATA, Windows 8 Pro, HP L2208W 22“
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Re: Policajný vírus
Fajn, zkuste nyni nabehnout do bezneho rezimu
Re: Policajný vírus
no, policajti zmizli, dočistil som ccleanerom....ale nejako to postihlo grafiku, je nejaká divná, rozhodená ako win98
C2Q Q8200, Gigabyte EP45-UD3LR, 8GB Kingston HyperX 1066 MHz, HDD Samsung HD642JJ 640 GB, NVIDIA Gigabyte 9600 GT-512 MB-pasív, Enermax Modu82+ 525W, Thermaltake Matrix VD3000BN, DVDRW Samsung SH-S223B SATA, Windows 8 Pro, HP L2208W 22“
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Notebook: Dell Studio 1537+Windows 7, Dell Inspiron N5040+Windows 7
Re: Policajný vírus
Ja si nemyslim ze je to jeste OK
Dejte nyni log z RSIT
Zkuste mrknout na nastaveni stylu, mozna je to jen prehozene
Dejte nyni log z RSIT
Zkuste mrknout na nastaveni stylu, mozna je to jen prehozene