Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Policejní vir

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Einee
Návštěvník
Návštěvník
Příspěvky: 38
Registrován: 22 kvě 2012 19:48

Policejní vir

#1 Příspěvek od Einee »

Zdravím, do PC se mi dostal ''policejní vir'', nouzový režim jede jak má, ale v klasickém režimu mi při nabíhání systému nahlásí NOD trojského koně, jeho vložení do karantény a následně to spadne a objeví se klasická ''policejní stránka''. Bohužel mi nejde udělat RST log... hodí mi to Line 7154 (file kde je rsyt uložen) a Error: Subscript used with non-Array variable.
Systém mám win 7 64bit
Antivirus: NOD32 antivirus 6 s trial verzí
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Policejní vir

#2 Příspěvek od vyosek »

Zdravim :)

Udelejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=130781
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Einee
Návštěvník
Návštěvník
Příspěvky: 38
Registrován: 22 kvě 2012 19:48

Re: Policejní vir

#3 Příspěvek od Einee »

Pardon, začal jsem na něm pracovat hned po uvedení tématu, předtím jsem si to neuvědomil :)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013 02
Ran by Einee (administrator) on 11-06-2013 12:00:55
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [6330568 2013-03-21] (ESET)
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1635752 2013-05-04] (Valve Corporation)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4284976 2013-04-30] ()
HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\rdri.dat,XFG00 [187904 2013-06-11] (?????????? ??????????) <===== ATTENTION
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2244096 2009-07-13] (VIA)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [104936 2008-07-19] (CyberLink)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe [3058304 2009-10-07] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [523216 2011-09-09] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
Startup: C:\Users\Einee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
SearchScopes: HKCU - {B126C23B-C381-4CC3-AAD6-F485CF52B8ED} URL = http://search.conduit.com/ResultsExt.as ... =CT3220468
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (GamePlayLabs Plugin) - C:\Users\Einee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\npGamePlayLabsPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Einee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Einee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Einee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 Active@ Disk Monitor; C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [237792 2012-10-23] (LSoft Technologies Inc)
S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2010-11-18] ()
S2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [214520 2010-12-05] ()

==================== Drivers (Whitelisted) ====================

S3 AF9035BDA; C:\Windows\System32\Drivers\AF9035BDA.sys [492008 2009-07-16] (AfaTech )
S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S3 ASUSVRC64; C:\Windows\System32\DRIVERS\AsusVRC64.sys [23424 2008-10-13] (ASUSTeK COMPUTER INC.)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-05-20] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [508472 2010-12-22] (Duplex Secure Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
U3 tmlwf;
U3 tmwfp;

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\acsock64.sys E42F90B27BDDDD611FA7040AFD256FDA
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AF9035BDA.sys 3022977B898CCE747CA10EE2D6F4EE6A
C:\Windows\SysWow64\drivers\Afc.sys 6CCD1135320109D6B219F1A6E04AD9F6
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 2DB9047AAC9D981F59CE06D04D70C4D8
C:\Windows\System32\DRIVERS\atikmpag.sys CBA35FF4092B91E105D93ED11A0250B6
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdsata.sys 8818A2AB90189B7FF60A24C0847F9A6B
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys 3C430969F097DEE18D13010D678069CD
C:\Windows\System32\drivers\AmUStor.SYS 391887990CDAA83DE5C56C3FDE966DA1
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Program Files\ATKGFNEX\ASMMAP64.sys 2DB34EDD17D3A8DA7105A19C95A3DD68
C:\Program Files\ATKGFNEX\ASMMAP64.sys 2DB34EDD17D3A8DA7105A19C95A3DD68
C:\Windows\System32\DRIVERS\AsusVRC64.sys 6A2A1E4F6CFE33653E7F34A13D707F22
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 0ACC06FCF46F64ED4F11E57EE461C1F4
C:\Windows\System32\drivers\AtihdW76.sys 24464B908E143D2561E9E452FEE97309
C:\Windows\System32\drivers\AtiHdmi.sys 3B9014FB7CE9E20FD726321C7DB7D8B0
C:\Windows\System32\DRIVERS\atikmdag.sys 2DB9047AAC9D981F59CE06D04D70C4D8
C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\System32\DRIVERS\eamonm.sys 398904F1FBF13CEF0FCB822E9CA5F2D5
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys 9E39134330C18CBAC0F24C1283701D7E
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfwwfpr.sys B4E8DC817963B256537B1EC09AF0647E
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 1299D1EA00B7A4BF69C5869DCA31E0F6
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 5814011B2F6E088E29D689B5FCD49B8F
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1E62x64.sys 1541D77D3EB41177BD7026D49948AA95
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ATK64AMD.sys 032D35C996F21D19A205A7C8F0B76F3C
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RMCAST.sys CAF88D6573D21CD2AA27001DDBFDC74D
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\drivers\ScreamingBAudio64.sys 8B56BDCE6A303DDE63D63440D1CF9AD1
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snp2uvc.sys 2D280B5799F9C143FA7D49E032FBCE46
C:\Windows\SysWow64\speedfan.sys 0FFE35F0B0CD5A324BBE22F02569AE3B
C:\Windows\SysWow64\speedfan.sys 0FFE35F0B0CD5A324BBE22F02569AE3B
C:\Windows\System32\Drivers\sptd.sys 992741053BC674F638589FFD31AC328B
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbfilter.sys 6648C6D7323A2CE0C4776C36CEFBCB14
C:\Windows\system32\drivers\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\viahduaa.sys FE595D1A1B781190BB483444B62CC607
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpnva64.sys 845DAE50510383B7F6ACA73CE2099048
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-11 12:00 - 2013-06-11 12:00 - 00000000 ____D C:\FRST
2013-06-11 11:25 - 2013-06-11 11:25 - 00000000 ____D C:\rsit
2013-06-11 11:11 - 2013-06-11 11:11 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-06-11 11:07 - 2013-06-11 11:07 - 05022808 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-11 11:07 - 2013-06-11 11:07 - 00000298 ____A C:\Windows\PFRO.log
2013-06-11 11:06 - 2013-06-11 11:10 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-11 11:06 - 2013-06-11 11:06 - 00000150 ____A C:\ProgramData\irdr.reg
2013-06-11 11:06 - 2013-06-11 11:06 - 00000055 ____A C:\ProgramData\irdr.bat
2013-06-11 11:05 - 2013-06-11 11:12 - 95023320 ___AT C:\ProgramData\irdr.pad
2013-06-11 11:05 - 2013-06-11 11:06 - 95023320 ___AT C:\ProgramData\03r9.pad
2013-06-11 11:05 - 2013-06-11 11:05 - 00187904 ____A (?????????? ??????????) C:\ProgramData\rdri.dat
2013-06-11 11:05 - 2013-06-11 11:05 - 00187904 ____A (?????????? ??????????) C:\ProgramData\9r30.dat
2013-06-11 11:05 - 2013-06-11 11:05 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-10 17:16 - 2013-06-10 18:17 - 541937664 ____A C:\Users\Einee\Desktop\Game.of.Thrones.S03E10.HDTV.XviD-AFG_czsub.avi
2013-06-10 17:04 - 2013-06-11 11:50 - 00000224 ____A C:\Windows\setupact.log
2013-06-10 17:04 - 2013-06-10 17:04 - 00000000 ____A C:\Windows\setuperr.log
2013-06-09 16:15 - 2008-06-28 11:40 - 00000000 ____D C:\Users\Einee\Desktop\SC
2013-06-09 16:15 - 2008-06-28 11:39 - 00000000 ____D C:\Users\Einee\Desktop\ON
2013-06-09 16:15 - 2008-06-28 11:38 - 00000000 ____D C:\Users\Einee\Desktop\LE
2013-06-09 15:47 - 2013-06-09 15:48 - 23190256 ____A C:\Users\Einee\Desktop\CCGHQ MTG SC (Scourge) Fulls 062808.zip
2013-06-09 15:45 - 2013-06-09 15:47 - 56558785 ____A C:\Users\Einee\Desktop\CCGHQ MTG ON (Onslaught) Fulls 062808.zip
2013-06-09 15:44 - 2013-06-09 15:46 - 23961576 ____A C:\Users\Einee\Desktop\CCGHQ MTG LE (Legions) Fulls 062808.zip
2013-06-09 08:14 - 2013-06-09 08:16 - 193448627 ____A ( ) C:\Users\Einee\Downloads\mtgpicssetup20120503.exe
2013-06-06 14:46 - 2013-06-06 14:46 - 00005856 ____A C:\Users\Einee\bbb.cod
2013-06-03 22:58 - 2013-06-03 22:58 - 00041682 ____A C:\Users\Einee\Desktop\Game.of.Thrones.S03E09.720p.HDTV.x264-EVOLVE.srt
2013-06-03 22:10 - 2013-06-03 22:57 - 00000000 ____D C:\Users\Einee\Downloads\Game.of.Thrones.S03E09.720p.HDTV.x264-EVOLVE
2013-06-03 22:10 - 2013-06-03 22:53 - 1278897989 ___RA C:\Users\Einee\Desktop\Game.of.Thrones.S03E09.720p.HDTV.x264-EVOLVE.mkv
2013-06-03 22:08 - 2013-06-03 22:08 - 00000822 ____A C:\Users\Public\Desktop\BitTorrent.lnk
2013-06-03 22:08 - 2013-06-03 22:08 - 00000000 ____D C:\Users\Einee\BitTorrent
2013-06-03 22:06 - 2013-06-10 14:41 - 00000000 ____D C:\Users\Einee\AppData\Roaming\BitTorrent
2013-06-03 22:06 - 2013-06-03 22:06 - 01125456 ____A (BitTorrent Inc.) C:\Users\Einee\Downloads\BitTorrent.exe
2013-05-30 22:31 - 2013-05-30 22:34 - 00000000 ____D C:\Users\Einee\Desktop\Nespoutaný Django (2012)
2013-05-30 18:25 - 2013-05-30 21:56 - 1927793081 ____A C:\Users\Einee\Downloads\NespoutanĂ˝-Django-cz-dabing-(2012).7z
2013-05-30 18:12 - 2013-05-30 18:13 - 01411483 ____A (emc) C:\Users\Einee\Downloads\utorrent-setup.exe
2013-05-27 21:43 - 2013-05-27 22:21 - 355446784 ____A C:\Users\Einee\Desktop\Chicago.Fire.S01E22-cz-titulky.avi
2013-05-22 21:52 - 2013-05-24 23:01 - 00000000 __SHD C:\Users\Einee\wc
2013-05-22 21:52 - 2013-05-22 22:34 - 00000000 ____D C:\Users\Einee\AppData\Local\Ubisoft
2013-05-22 21:52 - 2013-05-22 21:52 - 00000000 __SHD C:\Users\Einee\AppData\Roaming\wyUpdate AU
2013-05-22 21:51 - 2013-05-30 15:25 - 00000000 ____D C:\Users\Einee\AppData\Roaming\Ubisoft
2013-05-22 21:50 - 2013-05-22 21:50 - 07305136 ____A (Ubisoft) C:\Users\Einee\Desktop\setup.exe
2013-05-22 19:15 - 2013-05-22 19:15 - 07746946 ____A C:\Users\Einee\Desktop\cards.xml
2013-05-20 18:30 - 2013-05-20 17:03 - 00050305 ____A C:\Users\Einee\Desktop\Game.of.Thrones.S03E08.HDTV.x264-EVOLVE.srt
2013-05-20 18:30 - 2013-05-20 16:06 - 375467512 ____A C:\Users\Einee\Desktop\Game.of.Thrones.S03E08.HDTV.x264-EVOLVE.mp4
2013-05-20 18:02 - 2013-05-20 18:23 - 374798258 ____A C:\Users\Einee\Downloads\Game.of.Thrones.S03E08.HDTV.x264-EVOLVE+tit.rar
2013-05-16 09:12 - 2013-05-05 23:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 09:12 - 2013-05-05 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 09:12 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 09:12 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 09:09 - 2013-04-05 03:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 09:09 - 2013-04-05 03:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 09:09 - 2013-04-05 03:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 09:09 - 2013-04-05 02:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 09:09 - 2013-04-05 02:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 09:09 - 2013-04-05 02:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 09:09 - 2013-04-05 02:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 09:09 - 2013-04-05 02:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 09:09 - 2013-04-05 02:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 09:09 - 2013-04-05 02:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 09:09 - 2013-04-05 02:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 09:09 - 2013-04-05 02:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 09:09 - 2013-04-05 02:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 09:09 - 2013-04-05 00:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 09:09 - 2013-04-05 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-16 09:09 - 2013-04-05 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 09:09 - 2013-04-05 00:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 09:09 - 2013-04-05 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-16 09:09 - 2013-04-04 23:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 09:09 - 2013-04-04 23:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 09:09 - 2013-04-04 23:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-16 09:09 - 2013-04-04 23:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-16 09:09 - 2013-04-04 23:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 09:09 - 2013-04-04 23:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 09:09 - 2013-04-04 23:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-16 09:09 - 2013-04-04 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 09:08 - 2013-04-05 03:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 09:08 - 2013-04-05 00:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 21:25 - 2013-05-15 21:25 - 01591597 ____A C:\Users\Einee\Desktop\payslips.zip
2013-05-15 09:37 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 09:37 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 09:37 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 09:37 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 09:37 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 09:37 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 09:37 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 09:37 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 09:37 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 09:37 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 09:37 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 09:36 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-13 22:19 - 2013-05-13 23:14 - 501278720 ____A C:\Users\Einee\Desktop\Game-of-Thrones-s03e07-CZ-titulky.avi
2013-05-13 12:07 - 2013-05-13 12:07 - 00000000 ____D C:\Users\Einee\AppData\Local\ESET
2013-05-12 20:38 - 2013-06-11 11:08 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-12 20:38 - 2013-06-11 10:43 - 00000952 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-12 20:34 - 2013-05-15 21:21 - 00000000 ____D C:\Users\Einee\Desktop\payslips

==================== One Month Modified Files and Folders =======

2013-06-11 12:00 - 2013-06-11 12:00 - 00000000 ____D C:\FRST
2013-06-11 11:56 - 2009-08-03 22:00 - 00622422 ____A C:\Windows\System32\perfh005.dat
2013-06-11 11:56 - 2009-08-03 22:00 - 00118604 ____A C:\Windows\System32\perfc005.dat
2013-06-11 11:56 - 2009-07-14 07:13 - 01445734 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-11 11:50 - 2013-06-10 17:04 - 00000224 ____A C:\Windows\setupact.log
2013-06-11 11:50 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-11 11:32 - 2012-05-22 20:35 - 00000000 ____D C:\Program Files\trend micro
2013-06-11 11:25 - 2013-06-11 11:25 - 00000000 ____D C:\rsit
2013-06-11 11:15 - 2010-06-18 20:36 - 05240832 __ASH C:\Users\Einee\Desktop\Thumbs.db
2013-06-11 11:12 - 2013-06-11 11:05 - 95023320 ___AT C:\ProgramData\irdr.pad
2013-06-11 11:12 - 2013-01-06 13:46 - 00000000 ____D C:\Users\Einee\AppData\Local\LogMeIn Hamachi
2013-06-11 11:12 - 2011-03-19 22:40 - 00000000 ____D C:\Users\Einee\AppData\Local\PMB Files
2013-06-11 11:12 - 2009-12-28 13:05 - 00000000 ____D C:\Users\Einee\AppData\Roaming\Skype
2013-06-11 11:11 - 2013-06-11 11:11 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-06-11 11:11 - 2013-01-06 13:45 - 00000928 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2013-06-11 11:11 - 2012-06-28 23:09 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-11 11:10 - 2013-06-11 11:06 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-11 11:08 - 2013-05-12 20:38 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-11 11:07 - 2013-06-11 11:07 - 05022808 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-11 11:07 - 2013-06-11 11:07 - 00000298 ____A C:\Windows\PFRO.log
2013-06-11 11:06 - 2013-06-11 11:06 - 00000150 ____A C:\ProgramData\irdr.reg
2013-06-11 11:06 - 2013-06-11 11:06 - 00000055 ____A C:\ProgramData\irdr.bat
2013-06-11 11:06 - 2013-06-11 11:05 - 95023320 ___AT C:\ProgramData\03r9.pad
2013-06-11 11:05 - 2013-06-11 11:05 - 00187904 ____A (?????????? ??????????) C:\ProgramData\rdri.dat
2013-06-11 11:05 - 2013-06-11 11:05 - 00187904 ____A (?????????? ??????????) C:\ProgramData\9r30.dat
2013-06-11 11:05 - 2013-06-11 11:05 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-11 10:43 - 2013-05-12 20:38 - 00000952 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-11 10:08 - 2011-03-19 22:40 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-11 09:05 - 2009-10-07 21:35 - 01143317 ____A C:\Windows\WindowsUpdate.log
2013-06-10 18:17 - 2013-06-10 17:16 - 541937664 ____A C:\Users\Einee\Desktop\Game.of.Thrones.S03E10.HDTV.XviD-AFG_czsub.avi
2013-06-10 17:23 - 2013-04-14 17:35 - 00000000 ____D C:\Users\Einee\Desktop\decks
2013-06-10 17:04 - 2013-06-10 17:04 - 00000000 ____A C:\Windows\setuperr.log
2013-06-10 14:41 - 2013-06-03 22:06 - 00000000 ____D C:\Users\Einee\AppData\Roaming\BitTorrent
2013-06-09 16:16 - 2009-07-14 06:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-09 16:16 - 2009-07-14 06:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-09 15:48 - 2013-06-09 15:47 - 23190256 ____A C:\Users\Einee\Desktop\CCGHQ MTG SC (Scourge) Fulls 062808.zip
2013-06-09 15:47 - 2013-06-09 15:45 - 56558785 ____A C:\Users\Einee\Desktop\CCGHQ MTG ON (Onslaught) Fulls 062808.zip
2013-06-09 15:46 - 2013-06-09 15:44 - 23961576 ____A C:\Users\Einee\Desktop\CCGHQ MTG LE (Legions) Fulls 062808.zip
2013-06-09 08:16 - 2013-06-09 08:14 - 193448627 ____A ( ) C:\Users\Einee\Downloads\mtgpicssetup20120503.exe
2013-06-08 21:52 - 2013-02-25 00:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-08 21:52 - 2009-12-28 13:03 - 00000000 ____D C:\ProgramData\Skype
2013-06-08 21:48 - 2010-02-15 08:43 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2013-06-06 14:46 - 2013-06-06 14:46 - 00005856 ____A C:\Users\Einee\bbb.cod
2013-06-06 14:46 - 2009-12-25 02:38 - 00000000 ____D C:\users\Einee
2013-06-03 22:58 - 2013-06-03 22:58 - 00041682 ____A C:\Users\Einee\Desktop\Game.of.Thrones.S03E09.720p.HDTV.x264-EVOLVE.srt
2013-06-03 22:57 - 2013-06-03 22:10 - 00000000 ____D C:\Users\Einee\Downloads\Game.of.Thrones.S03E09.720p.HDTV.x264-EVOLVE
2013-06-03 22:53 - 2013-06-03 22:10 - 1278897989 ___RA C:\Users\Einee\Desktop\Game.of.Thrones.S03E09.720p.HDTV.x264-EVOLVE.mkv
2013-06-03 22:08 - 2013-06-03 22:08 - 00000822 ____A C:\Users\Public\Desktop\BitTorrent.lnk
2013-06-03 22:08 - 2013-06-03 22:08 - 00000000 ____D C:\Users\Einee\BitTorrent
2013-06-03 22:06 - 2013-06-03 22:06 - 01125456 ____A (BitTorrent Inc.) C:\Users\Einee\Downloads\BitTorrent.exe
2013-06-03 21:44 - 2012-05-02 16:21 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-03 21:44 - 2011-05-19 14:25 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-01 18:01 - 2012-11-11 11:48 - 00000000 ____D C:\Users\Einee\Desktop\probrat
2013-05-30 22:34 - 2013-05-30 22:31 - 00000000 ____D C:\Users\Einee\Desktop\Nespoutaný Django (2012)
2013-05-30 21:56 - 2013-05-30 18:25 - 1927793081 ____A C:\Users\Einee\Downloads\NespoutanĂ˝-Django-cz-dabing-(2012).7z
2013-05-30 18:13 - 2013-05-30 18:12 - 01411483 ____A (emc) C:\Users\Einee\Downloads\utorrent-setup.exe
2013-05-30 15:25 - 2013-05-22 21:51 - 00000000 ____D C:\Users\Einee\AppData\Roaming\Ubisoft
2013-05-27 22:21 - 2013-05-27 21:43 - 355446784 ____A C:\Users\Einee\Desktop\Chicago.Fire.S01E22-cz-titulky.avi
2013-05-24 23:01 - 2013-05-22 21:52 - 00000000 __SHD C:\Users\Einee\wc
2013-05-22 22:34 - 2013-05-22 21:52 - 00000000 ____D C:\Users\Einee\AppData\Local\Ubisoft
2013-05-22 21:52 - 2013-05-22 21:52 - 00000000 __SHD C:\Users\Einee\AppData\Roaming\wyUpdate AU
2013-05-22 21:50 - 2013-05-22 21:50 - 07305136 ____A (Ubisoft) C:\Users\Einee\Desktop\setup.exe
2013-05-22 19:15 - 2013-05-22 19:15 - 07746946 ____A C:\Users\Einee\Desktop\cards.xml
2013-05-20 18:23 - 2013-05-20 18:02 - 374798258 ____A C:\Users\Einee\Downloads\Game.of.Thrones.S03E08.HDTV.x264-EVOLVE+tit.rar
2013-05-20 17:03 - 2013-05-20 18:30 - 00050305 ____A C:\Users\Einee\Desktop\Game.of.Thrones.S03E08.HDTV.x264-EVOLVE.srt
2013-05-20 16:06 - 2013-05-20 18:30 - 375467512 ____A C:\Users\Einee\Desktop\Game.of.Thrones.S03E08.HDTV.x264-EVOLVE.mp4
2013-05-16 09:21 - 2009-10-07 21:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-16 09:14 - 2010-04-19 07:31 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 21:25 - 2013-05-15 21:25 - 01591597 ____A C:\Users\Einee\Desktop\payslips.zip
2013-05-15 21:21 - 2013-05-12 20:34 - 00000000 ____D C:\Users\Einee\Desktop\payslips
2013-05-13 23:14 - 2013-05-13 22:19 - 501278720 ____A C:\Users\Einee\Desktop\Game-of-Thrones-s03e07-CZ-titulky.avi
2013-05-13 12:07 - 2013-05-13 12:07 - 00000000 ____D C:\Users\Einee\AppData\Local\ESET

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\ProgramData\03r9.pad
C:\ProgramData\9r30.dat
C:\ProgramData\irdr.bat
C:\ProgramData\irdr.pad
C:\ProgramData\irdr.reg
C:\ProgramData\rdri.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Spr vce spouçtŘnˇ syst‚mu Windows
--------------------
identifik tor {bootmgr}
device partition=C:
description Windows Boot Manager
locale cs-CZ
inherit {globalsettings}
default {current}
resumeobject {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {572bcd56-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[\Device\HarddiskVolume1]\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path \windows\system32\boot\winload.exe
description Windows Recovery Environment
osdevice ramdisk=[\Device\HarddiskVolume1]\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale cs-CZ
inherit {bootloadersettings}
recoverysequence {8cb2d9b4-7c05-11de-842e-b4611d44fefa}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
nx OptIn

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {8cb2d9b4-7c05-11de-842e-b4611d44fefa}
device ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
systemroot \windows
nx OptIn
winpe Yes

Obnovenˇ z hibernace
---------------------
identifik tor {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale cs-CZ
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Testov nˇ pamŘti syst‚mu Windows
---------------------
identifik tor {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale cs-CZ
inherit {globalsettings}
badmemoryaccess Yes

Nastavenˇ slu§by EMS
------------
identifik tor {emssettings}
bootems Yes

Nastavenˇ ladicˇho programu
-----------------
identifik tor {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

Chyby pamŘti RAM
-----------
identifik tor {badmemory}

Glob lnˇ nastavenˇ
---------------
identifik tor {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Nastavenˇ spouçtŘcˇho zavadŘźe
--------------------
identifik tor {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Nastavenˇ hypervisoru
-------------------
identifik tor {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Nastavenˇ zavadŘźe obnovenˇ
----------------------
identifik tor {resumeloadersettings}
inherit {globalsettings}

Parametry zaýˇzenˇ
--------------
identifik tor {8cb2d9b5-7c05-11de-842e-b4611d44fefa}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\boot.sdi

Parametry zaýˇzenˇ
--------------
identifik tor {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Ramdisk Device Options
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \boot.sdi



LastRegBack: 2013-06-03 18:14

==================== End Of Log ============================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Policejní vir

#4 Příspěvek od vyosek »

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    C:\ProgramData\rundll32.exe
C:\ProgramData\03r9.pad
C:\ProgramData\9r30.dat
C:\ProgramData\irdr.bat
C:\ProgramData\irdr.pad
C:\ProgramData\irdr.reg
C:\ProgramData\rdri.dat
2013-06-11 11:10 - 2013-06-11 11:06 - 00000000 ____A C:\ProgramData\kjhy64.txt
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File
SearchScopes: HKCU - {B126C23B-C381-4CC3-AAD6-F485CF52B8ED} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Startup: C:\Users\Einee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\rdri.dat,XFG00 [187904 2013-06-11] (?????????? ??????????) <===== ATTENTION
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny log na flashku k FRST
:arrow: Spustte znovu FRST.exe na tom poskozenem PC
  • Kliknete na Fix
  • Probehne oprava a na flash disku se vytvori log Fixlog.txt
:arrow: Pokuste se nastartovat do bezneho rezimu
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Einee
Návštěvník
Návštěvník
Příspěvky: 38
Registrován: 22 kvě 2012 19:48

Re: Policejní vir

#5 Příspěvek od Einee »

Běží bez obtíží, mockrát děkuji
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Policejní vir

#6 Příspěvek od vyosek »

Fajn, jdeme cistit dale :James008:

:arrow: Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Prohledat
  • Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“