prosim o kontrolu logu -trojan theola.A ??

[vyosek]

Tenhle bat soubor C:\startsubst.bat znate

[peter1973]

neviem co to je.
je vytvoreny 25.8.2010 a je medzi polozkami "PO SPUSTENi" ale myslim, ze tam predtym nebol.

[vyosek]

Muzete mi jej prosim uploadnout treba na LP http://leteckaposta.cz/

[peter1973]

dal som to cez LP, ale vobec to neodosiela...

[vyosek]

Tak jej hodte sem http://vyosek.ic.cz/havet/uploader.php

[peter1973]

http://vyosek.ic.cz/havet/uploader.php?

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  File::
  c:\windows\TEMP\JET9234.tmp
  C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
  C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
  C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
  C:\WINDOWS\tasks\User_Feed_Synchronization-{BD758B09-8DD8-40E7-ADA6-CB8B03254B3A}
  C:\startsubst.bat
  C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Zástupce - startsubst.bat.lnk
  
  Folder::
  c:\program files\Ask.com
  C:\Program Files\Zrychleni Pocitace
  
  Registry::
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SnagIt 9.lnk]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Spravca^Nabídka Start^Programy^Po spuštění^VDownloader.lnk]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Spravca^Nabídka Start^Programy^Po spuštění^zavupd32.exe]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "3389:TCP"=-
  "65533:TCP"=-
  "52344:TCP"=-
  "4085:TCP"=-
  "6670:TCP"=-
  "5743:TCP"=-
  "9986:TCP"=-
  "9349:TCP"=-
  "9755:TCP"=-
  "2537:TCP"=-
  "9364:TCP"=-
  "2068:TCP"=-
  "4631:TCP"=-
  "8223:TCP"=-
  "4632:TCP"=-
  "8473:TCP"=-
  "6490:TCP"=-
  "7052:TCP"=-
  "9348:TCP"=-
  "7271:TCP"=-
  "9381:TCP"=-
  "6506:TCP"=-
  "8365:TCP"=-
  "6271:TCP"-
  "6881:TCP"=-
  "9787:TCP"=-
  "4584:TCP"=-
  "9911:TCP"=-
  "1834:TCP"=-
  "9661:TCP"=-
  "7724:TCP"=-
  "3865:TCP"=-
  "2115:TCP"=-
  "2365:TCP"=-
  "8318:TCP"=-
  "9989:TCP"=-
  "5396:TCP"=-
  "5240:TCP"=-
  "4787:TCP"=-
  "9239:TCP"=-
  "7177:TCP"=-
  "7302:TCP"=-
  "6537:TCP"=-
  "8677:TCP"=-
  "7505:TCP"=-
  "6691:TCP"=-
  "4034:TCP"=-
  "3707:TCP"=-
  
  Driver::
  gupdate
  gupdatem
  xpsec
  NBService
  NMIndexingService
  
  Collect::
  c:\windows\system32\drivers\xpsec.sys
  
  ClearJavaCache::
  
  AtJob::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[peter1973]

ComboFix 12-03-07.05 - Spravca . 03. 2012 19:58:37.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3454.2836 [GMT 1:00]
Running from: c:\documents and settings\Spravca\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Spravca\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
.
FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Zástupce - startsubst.bat.lnk"
"C:\startsubst.bat"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\Check for updates (Spybot - Search & Destroy).job"
"c:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job"
"c:\windows\tasks\Scan the system (Spybot - Search & Destroy).job"
"c:\windows\tasks\Scheduled Update for Ask Toolbar.job"
"c:\windows\tasks\User_Feed_Synchronization-{BD758B09-8DD8-40E7-ADA6-CB8B03254B3A}"
"c:\windows\TEMP\JET9234.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
C:\startsubst.bat
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_NMINDEXINGSERVICE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_NBService
-------\Service_NMIndexingService
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 16:20 . 2012-03-07 16:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-07 12:02 . 2012-03-07 12:03 -------- d-----w- c:\program files\trend micro
2012-03-07 12:02 . 2012-03-07 12:03 -------- d-----w- C:\rsit
2012-03-06 06:45 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{431EC2D0-1600-47A0-AD9C-F7041EAF11A9}\mpengine.dll
2012-03-03 07:11 . 2012-03-03 07:12 -------- d-----w- C:\FONTY
2012-02-17 13:05 . 2012-02-17 13:05 -------- d-----w- c:\program files\Common Files\NSV
2012-02-16 06:24 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 06:24 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2011-04-16 09:11 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-08 06:03 . 2011-04-16 09:11 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-12 17:20 . 2007-10-29 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-30 14:25 . 2011-01-06 08:00 63962 ----a-w- C:\badaboom_bb.zip
2011-12-25 12:47 . 2011-12-25 12:20 294168 ----a-w- c:\windows\system32\tcpip.dat
2011-12-17 19:42 . 2007-10-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2007-10-29 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2007-10-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2007-10-29 12:00 385024 ------w- c:\windows\system32\html.iec
2011-12-15 20:11 . 2011-12-15 20:11 65324 ----a-w- C:\beeline_alphagarden.zip
2010-01-26 09:11 . 2012-01-02 07:23 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Zástupce - startsubst.bat.lnk - c:\qoobox\Quarantine\C\startsubst.bat.vir [2010-8-25 26]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2011-01-12 14:41 2219184 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPLJ Config]
2003-03-31 16:32 28672 ----a-w- c:\program files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipConnect]
2011-08-25 12:22 13890872 ----a-w- c:\program files\VoipConnect.com\VoipConnect\voipconnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\CheapVoip.com\\CheapVoip\\CheapVoip.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\VoipConnect.com\\VoipConnect\\VoipConnect.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6271:TCP"= 6271:TCP:Services
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21. 12. 2010 14:04 115008]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12. 1. 2011 15:41 810144]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27. 1. 2010 3:09 50704]
R2 Opaplpt;Oki Application Parallel Device;c:\windows\system32\drivers\opaplpt.sys [26. 2. 2010 18:22 36896]
R2 PrintSuperVision Engine;PrintSuperVision Engine;c:\program files\PrintSuperVision\www\bin\PSVEngine.exe [29. 7. 2009 18:18 40960]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3. 11. 2006 18:19 13592]
S1 NmPar;MosChip Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [5. 5. 2008 6:15 76416]
S1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [5. 5. 2008 6:15 60032]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
2012-03-07 c:\windows\Tasks\User_Feed_Synchronization-{BD758B09-8DD8-40E7-ADA6-CB8B03254B3A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
TCP: DhcpNameServer = 195.146.132.58 195.146.128.62
TCP: Interfaces\{12FF6E78-8E1E-4747-BE36-43FD7E271FAA}: NameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-JU_is1 - x:\sunsoftw\prog\JUW\unins000.exe
AddRemove-OASIS_is1 - x:\sunsoftw\prog\oasisw\unins002.exe
AddRemove-SHOP_is1 - x:\sunsoftw\prog\shopw\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-07 20:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(828)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2240)
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-03-07 20:13:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-07 19:13
ComboFix2.txt 2012-03-07 17:46
.
Pre-Run: Volných bajtů: 174 321 733 632
Post-Run: Volných bajtů: 174 309 138 432
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 5DE57F920CFD16E6583A4389D7F4101C

[vyosek]

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "6271:TCP"=-
  
  :files
  c:\windows\Tasks\User_Feed_Synchronization-{BD758B09-8DD8-40E7-ADA6-CB8B03254B3A}.job
  c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\*.lnk
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[peter1973]

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
========== FILES ==========
c:\windows\Tasks\User_Feed_Synchronization-{BD758B09-8DD8-40E7-ADA6-CB8B03254B3A}.job moved successfully.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Zástupce - startsubst.bat.lnk moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET1BD.tmp moved successfully.
C:\WINDOWS\002706_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET25.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 892 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Peter
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 52 bytes

User: Spravca
->Temp folder emptied: 3720 bytes
->Temporary Internet Files folder emptied: 45824998 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 499292040 bytes
->Opera cache emptied: 26965517 bytes
->Flash cache emptied: 5105023 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1287 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 551,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Peter

User: Spravca
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 03072012_203307

[vyosek]

Jak se chova nas pacient

[peter1973]

malo by to byt uz OK ?

zmizol disk X:, takze sa mi nedaju spustit niektore programy. hadam sa to ale bude dat nastavit. inak sa tvari OK... ale aj ked tam bol ten virus, vsetko vyzeralo OK.

co tam vlastne bolo ?

[vyosek]

Ten disk X, to ma asi tedy souvislost s tim bat souborem, muzete jej obnovit z karanten ComboFixu (c:\qoobox) a OTM (c:\_OTM\MovedFiles), pak by to melo byt ok...

Napiste ci se povedlo a pak pouklizime...

[peter1973]

v tych adresaroch / karantenach sa nevyznam
budem to musiet nechat zajtra asi na odbornika.

dakujem moc za pomoc

[vyosek]

To zvladnem i spolu, nebojte

Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :filefind
  *startsubst*.*

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte