Prosím o pomoc

Zpráva

#196 Příspěvek od **stell** » 24 zář 2012 21:16

Takze spravis toto:
1:Stiahnuť aswMBR.exe na plochu.
http://public.avast.com/%7Egmerek/aswMBR.exe
2:Dvakrát kliknite na aswMBR.exe a spusťte
3:Klikni na tlačidlo "Scan" pre spustenie skenovania.
4:Ak bude chciet aktualizaciu klikni na ANO,YES,
5:Po skonceni Uložt asw.log na plochu.
6:Otvor a obsah vloz sem,

Poznamka:
Ziadne ine tlacitka nestlacat.

1:Otvor flashku co sme pouzivali predtym, a vymaz okrem FRST64.exe , no vsetky subory, co sme tam dali,>>frst.txt, fixlist.txt<<<ale FRST64.exe >>musi tam zostat.

2:skopirujes na tu flashku MBRFIX64.exe.
3:Skopirujes tam z c:\original.dat
4:aj>>aswMBR.exe

5:Takze na flashke, budes mat tieto subory.
FRST64.exe
MBRFIX64.exe
original.dat
aswMBR.exe

5:MBRFIX64.exe>>Skopiruj priamo aj na disk C:\

6:Nabootujes na win7 recovery disk, do prikazoveho riadku..uz sme to robili.
a spustis cez notepad, RFRST64, SCAN, a FRST64.txt vlozis sem.pretoze najprv docistime. pc.
zatial tolko.

bek69 · #197 Příspěvek od **bek69** » 25 zář 2012 13:37

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-25 14:30:29
-----------------------------
14:30:29.802 OS Version: Windows x64 6.1.7601 Service Pack 1
14:30:29.802 Number of processors: 4 586 0x2505
14:30:29.802 ComputerName: G6-HP UserName: G6
14:30:31.736 Initialize success
14:30:31.877 AVAST engine defs: 12092500
14:31:08.833 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:31:08.833 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 3
14:31:08.849 Disk 0 MBR read successfully
14:31:08.849 Disk 0 MBR scan
14:31:08.849 Disk 0 Windows 7 default MBR code
14:31:08.864 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
14:31:08.864 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 456839 MB offset 409600
14:31:08.895 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15837 MB offset 936015872
14:31:08.911 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 968450048
14:31:08.958 Disk 0 scanning C:\Windows\system32\drivers
14:31:15.182 Service scanning
14:31:35.013 Modules scanning
14:31:35.029 Disk 0 trace - called modules:
14:31:35.075 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
14:31:35.075 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005268060]
14:31:35.091 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> [0xfffffa80050f6b10]
14:31:35.091 5 hpdskflt.sys[fffff880018b7189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fe4050]
14:31:36.558 AVAST engine scan C:\Windows
14:31:39.741 AVAST engine scan C:\Windows\system32
14:34:17.305 AVAST engine scan C:\Windows\system32\drivers
14:34:41.229 AVAST engine scan C:\Users\G6
14:36:24.169 Disk 0 MBR has been saved successfully to "C:\Users\G6\Desktop\MBR.dat"
14:36:24.200 The log file has been saved successfully to "C:\Users\G6\Desktop\aswMBR.txt"

bek69 · #198 Příspěvek od **bek69** » 25 zář 2012 14:22

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2012
Ran by SYSTEM at 25-09-2012 15:14:55
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\G6\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\G6\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\G6\...\Policies\system: [DisableLockWorkstation] 0
HKU\G6\...\Policies\system: [DisableChangePassword] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) ===================

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-08-21] (AVAST Software)

==================== Drivers (Whitelisted) =====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-07-19] (DT Soft Ltd)
3 TVICHW64; C:\Windows\SysWow64\Drivers\TVICHW64.sys [13824 2005-10-08] (EnTech Taiwan)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 tswNT; \??\C:\Users\ADMINI~1\AppData\Local\Temp\0011BE01\tswnt.sys [x]
3 TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-09-25 04:48 - 2012-09-24 11:30 - 00133632 ____A (Systemintegrasjon AS) C:\MbrFix64.exe
2012-09-25 04:36 - 2012-09-25 04:36 - 00001998 ____A C:\Users\G6\Desktop\aswMBR.txt
2012-09-25 04:36 - 2012-09-25 04:36 - 00000512 ____A C:\Users\G6\Desktop\MBR.dat
2012-09-25 04:29 - 2012-09-25 04:29 - 04731392 ____A (AVAST Software) C:\Users\G6\Desktop\aswMBR.exe
2012-09-24 11:30 - 2012-09-24 11:30 - 00133632 ____A (Systemintegrasjon AS) C:\Users\G6\Desktop\MbrFix64.exe
2012-09-24 10:58 - 2012-09-24 10:58 - 00437384 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-24 10:43 - 2012-09-24 10:43 - 00000512 ____A C:\original.dat
2012-09-24 07:48 - 2012-09-25 05:06 - 00001460 ____A C:\Windows\setupact.log
2012-09-24 07:48 - 2012-09-24 07:48 - 00000000 ____A C:\Windows\setuperr.log
2012-09-23 10:18 - 2012-09-23 10:20 - 98077435 ____A (Igor Pavlov) C:\Users\G6\Desktop\OTLPEStd.exe
2012-09-23 09:50 - 2012-09-24 11:37 - 00058364 ____A C:\Users\G6\Desktop\MbrScan.log
2012-09-23 09:50 - 2012-09-24 11:37 - 00000512 ____A C:\Users\G6\Desktop\Dump_Hdd0_DR0.old
2012-09-23 09:33 - 2012-09-24 11:37 - 00000512 ____A C:\Users\G6\Desktop\Dump_Hdd1_DR1.mbr
2012-09-23 09:33 - 2012-09-24 11:37 - 00000512 ____A C:\Users\G6\Desktop\Dump_Hdd0_DR0.mbr
2012-09-23 09:32 - 2012-09-23 09:32 - 00147456 ____A (Eric_71) C:\Users\G6\Desktop\MbrScan.exe
2012-09-23 09:18 - 2012-09-23 10:28 - 00000000 ____D C:\users\TEMP.G6-HP.007
2012-09-23 08:16 - 2012-09-23 08:16 - 00006584 ____A C:\Users\G6\Desktop\profil.REG
2012-09-23 03:13 - 2012-09-23 03:13 - 00040765 ____A C:\ComboFix.txt
2012-09-23 03:00 - 2012-09-23 03:13 - 00000000 ____D C:\Qoobox
2012-09-23 03:00 - 2012-09-23 03:11 - 00000000 ____D C:\Windows\erdnt
2012-09-23 03:00 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-23 03:00 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-23 03:00 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-23 03:00 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-23 03:00 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-23 03:00 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-23 03:00 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-23 03:00 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-22 23:27 - 2012-09-22 23:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-09-22 22:05 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-22 22:05 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-22 22:04 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-22 22:04 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-22 22:04 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-22 22:04 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-22 22:04 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-22 22:03 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-22 22:03 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-22 22:03 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-22 22:03 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-22 22:03 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-22 22:03 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-22 22:03 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-22 22:03 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-22 22:03 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-22 22:03 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-22 22:03 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-22 22:03 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-22 22:03 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-22 22:03 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-22 22:03 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-22 22:03 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-22 22:03 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-22 22:03 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-22 22:03 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-22 22:03 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-22 22:03 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-22 22:03 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-22 22:03 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-22 22:03 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-22 22:03 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-22 22:03 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-22 22:03 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-22 22:03 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-22 22:03 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-22 22:03 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-22 22:03 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-22 22:03 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-22 20:47 - 2012-09-22 20:47 - 00000000 ____D C:\FRST
2012-09-22 09:11 - 2012-09-22 09:11 - 00000000 ____D C:\Users\All Users\Astroburn Lite
2012-09-22 07:08 - 2005-10-08 15:07 - 00013824 ____A (EnTech Taiwan) C:\Windows\SysWOW64\Drivers\TVICHW64.SYS
2012-09-22 03:25 - 2012-09-22 03:25 - 00000359 ____A C:\Users\TEMP.G6-HP.006\Desktop\Pocítac – zástupce.lnk
2012-09-22 03:14 - 2012-09-22 03:14 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Roaming\Macromedia
2012-09-22 03:14 - 2012-09-22 03:14 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Local\Macromedia
2012-09-22 03:13 - 2012-09-22 03:13 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Roaming\Mozilla
2012-09-22 03:13 - 2012-09-22 03:13 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Local\Mozilla
2012-09-22 03:11 - 2012-09-22 03:11 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Roaming\Apple Computer
2012-09-22 03:11 - 2012-09-22 03:11 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Roaming\Adobe
2012-09-22 03:10 - 2012-09-23 09:30 - 00000000 ____D C:\users\TEMP.G6-HP.006
2012-09-22 03:10 - 2012-09-22 03:10 - 00000020 __ASH C:\Users\TEMP.G6-HP.006\ntuser.ini
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Soubory cookie
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Šablony
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Poslední
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Okolní tiskárny
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Okolní sít
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Nabídka Start
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Dokumenty
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Documents\Obrázky
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Documents\Hudba
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Documents\Filmy
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Data aplikací
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\AppData\Local\Data aplikací
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Local\VirtualStore
2012-09-22 03:10 - 2012-07-24 10:10 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Local\Microsoft Help
2012-09-22 02:39 - 2012-09-22 05:19 - 00000000 ____D C:\users\TEMP.G6-HP.005
2012-09-22 01:28 - 2012-09-22 05:19 - 00000000 ____D C:\users\TEMP.G6-HP.004
2012-09-21 23:53 - 2012-09-21 23:53 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-21 23:53 - 2012-09-21 23:53 - 00000000 ____D C:\Program Files\iTunes
2012-09-21 23:53 - 2012-09-21 23:53 - 00000000 ____D C:\Program Files\iPod
2012-09-21 23:53 - 2012-09-21 23:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-09-21 23:53 - 2012-08-21 03:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-21 23:36 - 2012-09-22 05:19 - 00000000 ____D C:\users\TEMP.G6-HP.003
2012-09-21 23:26 - 2012-09-22 05:19 - 00000000 ____D C:\users\TEMP.TOMAS
2012-09-20 08:00 - 2012-09-22 04:34 - 00000000 ____D C:\users\TEMP.G6-HP.002
2012-09-20 07:27 - 2012-09-20 08:07 - 00000000 ____D C:\users\TEMP.G6-HP.001
2012-09-20 07:02 - 2012-09-20 07:02 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe
2012-09-20 06:58 - 2012-09-20 06:58 - 00000000 ____D C:\Users\Guest\AppData\Roaming\OpenOffice.org
2012-09-20 06:47 - 2012-09-20 06:47 - 00115576 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-20 06:22 - 2012-09-20 06:22 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2012-09-20 06:22 - 2012-09-20 06:22 - 00000000 ____D C:\Users\Guest\AppData\Local\Macromedia
2012-09-20 06:21 - 2012-09-21 23:35 - 00000000 ____D C:\users\Guest
2012-09-20 06:21 - 2012-09-20 07:02 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2012-09-20 06:21 - 2012-09-20 06:22 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Mozilla
2012-09-20 06:21 - 2012-09-20 06:21 - 00000000 __SHD C:\Users\Guest\Soubory cookie
2012-09-20 06:21 - 2012-09-20 06:21 - 00000000 __SHD C:\Users\Guest\Šablony
2012-09-20 06:21 - 2012-09-20 06:21 - 00000000 __SHD C:\Users\Guest\Poslední
2012-09-20 06:21 - 2012-09-20 06:21 - 00000000 __SHD C:\Users\Guest\Okolní tiskárny
2012-09-20 06:21 - 2012-09-20 06:21 - 00000000 __SHD C:\Users\Guest\Okolní sít
2012-09-20 06:21 - 2012-09-20 06:21 - 00000000 __SHD C:\Users\Guest\Nabídka Start
2012-09-20 06:21 - 2012-09-20 06:21 - 00000000 __SHD C:\Users\Guest\Dokumenty
2012-09-20 06:21 - 2012-09-20 06:21 - 00000000 __SHD C:\Users\Guest\Documents\Obrázky
2012-09-20 06:21 - 2012-09-20 06:21 - 00000000 __SHD C:\Users\Guest\Documents\Hudba
2012-09-20 06:21 - 2012-09-20 06:21 - 00000000 __SHD C:\Users\Guest\Documents\Filmy
2012-09-20 06:21 - 2012-09-20 06:21 - 00000000 __SHD C:\Users\Guest\Data aplikací
2012-09-20 06:21 - 2012-09-20 06:21 - 00000000 __SHD C:\Users\Guest\AppData\Local\Data aplikací
2012-09-20 06:21 - 2012-09-20 06:21 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2012-09-20 06:21 - 2012-09-20 06:21 - 00000000 ____D C:\Users\Guest\AppData\Local\Mozilla
2012-09-20 06:21 - 2012-07-24 10:10 - 00000000 ____D C:\Users\Guest\AppData\Local\Microsoft Help
2012-09-20 05:46 - 2012-09-22 01:08 - 00000000 ____D C:\users\Tomáš a Hanca.G6-HP
2012-09-20 05:36 - 2012-09-20 06:01 - 00000000 ____D C:\users\Tomáš a Hanca
2012-09-20 05:20 - 2012-09-21 23:53 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-19 04:32 - 2012-09-19 09:00 - 00000000 ____D C:\users\TEMP.G6-HP.000
2012-09-18 09:47 - 2012-09-18 10:00 - 1150472192 ____A C:\Users\G6\Desktop\Nezastavitelny.avi
2012-09-18 08:53 - 2012-09-18 09:01 - 744439808 ____A C:\Users\G6\Desktop\Den zrady.avi
2012-09-17 05:34 - 2012-09-17 05:34 - 21041152 ____A C:\Users\G6\Documents\.evtx
2012-09-16 08:33 - 2012-09-16 08:45 - 998793346 ____A C:\Users\G6\Desktop\Zelezna-lady-CZ-2011.avi
2012-09-15 22:42 - 2012-09-16 03:52 - 00000000 ____D C:\Program Files (x86)\HD Tune
2012-09-15 05:01 - 2012-09-21 23:35 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2012-09-15 04:19 - 2012-09-21 23:56 - 00000320 ____A C:\Windows\Tasks\HPCeeScheduleForG6.job
2012-09-14 21:26 - 2012-09-15 04:27 - 00000000 ____D C:\users\TEMP.G6-HP
2012-09-10 23:12 - 2012-09-10 23:12 - 00000000 ____D C:\Users\G6\Documents\SelfMV
2012-09-07 02:09 - 2012-09-07 02:16 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2012-09-07 02:09 - 2012-09-07 02:09 - 00000000 ____D C:\Users\All Users\Premium
2012-09-07 02:07 - 2012-09-07 02:17 - 00000000 ____D C:\Users\All Users\InstallMate
2012-09-05 03:54 - 2012-09-07 02:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-09-01 08:57 - 2012-09-25 05:10 - 00540183 ____A C:\Windows\WindowsUpdate.log
2012-08-27 03:06 - 2012-08-27 03:06 - 00000000 ____D C:\Users\G6\Documents\pojistky

==================== 3 Months Modified Files ==================

2012-09-25 05:10 - 2012-09-01 08:57 - 00540183 ____A C:\Windows\WindowsUpdate.log
2012-09-25 05:10 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-25 05:10 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-25 05:06 - 2012-09-24 07:48 - 00001460 ____A C:\Windows\setupact.log
2012-09-25 05:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-25 04:50 - 2012-07-19 01:00 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-25 04:36 - 2012-09-25 04:36 - 00001998 ____A C:\Users\G6\Desktop\aswMBR.txt
2012-09-25 04:36 - 2012-09-25 04:36 - 00000512 ____A C:\Users\G6\Desktop\MBR.dat
2012-09-25 04:29 - 2012-09-25 04:29 - 04731392 ____A (AVAST Software) C:\Users\G6\Desktop\aswMBR.exe
2012-09-24 11:37 - 2012-09-23 09:50 - 00058364 ____A C:\Users\G6\Desktop\MbrScan.log
2012-09-24 11:37 - 2012-09-23 09:50 - 00000512 ____A C:\Users\G6\Desktop\Dump_Hdd0_DR0.old
2012-09-24 11:37 - 2012-09-23 09:33 - 00000512 ____A C:\Users\G6\Desktop\Dump_Hdd1_DR1.mbr
2012-09-24 11:37 - 2012-09-23 09:33 - 00000512 ____A C:\Users\G6\Desktop\Dump_Hdd0_DR0.mbr
2012-09-24 11:30 - 2012-09-25 04:48 - 00133632 ____A (Systemintegrasjon AS) C:\MbrFix64.exe
2012-09-24 11:30 - 2012-09-24 11:30 - 00133632 ____A (Systemintegrasjon AS) C:\Users\G6\Desktop\MbrFix64.exe
2012-09-24 10:58 - 2012-09-24 10:58 - 00437384 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-24 10:43 - 2012-09-24 10:43 - 00000512 ____A C:\original.dat
2012-09-24 07:50 - 2012-02-01 08:31 - 00631292 ____A C:\Windows\System32\perfh005.dat
2012-09-24 07:50 - 2012-02-01 08:31 - 00121914 ____A C:\Windows\System32\perfc005.dat
2012-09-24 07:50 - 2011-07-14 16:55 - 00689108 ____A C:\Windows\System32\perfh010.dat
2012-09-24 07:50 - 2011-07-14 16:55 - 00127144 ____A C:\Windows\System32\perfc010.dat
2012-09-24 07:50 - 2009-07-13 21:13 - 02285128 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-24 07:48 - 2012-09-24 07:48 - 00000000 ____A C:\Windows\setuperr.log
2012-09-23 10:26 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-23 10:20 - 2012-09-23 10:18 - 98077435 ____A (Igor Pavlov) C:\Users\G6\Desktop\OTLPEStd.exe
2012-09-23 09:32 - 2012-09-23 09:32 - 00147456 ____A (Eric_71) C:\Users\G6\Desktop\MbrScan.exe
2012-09-23 08:16 - 2012-09-23 08:16 - 00006584 ____A C:\Users\G6\Desktop\profil.REG
2012-09-23 03:13 - 2012-09-23 03:13 - 00040765 ____A C:\ComboFix.txt
2012-09-23 03:10 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-22 23:27 - 2012-03-13 04:52 - 00002533 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-22 22:02 - 2012-07-19 05:55 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-22 03:25 - 2012-09-22 03:25 - 00000359 ____A C:\Users\TEMP.G6-HP.006\Desktop\Pocítac – zástupce.lnk
2012-09-22 03:10 - 2012-09-22 03:10 - 00000020 __ASH C:\Users\TEMP.G6-HP.006\ntuser.ini
2012-09-22 00:50 - 2012-07-19 01:00 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-22 00:50 - 2011-07-14 07:23 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-21 23:56 - 2012-09-15 04:19 - 00000320 ____A C:\Windows\Tasks\HPCeeScheduleForG6.job
2012-09-21 23:53 - 2012-09-21 23:53 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-21 23:48 - 2012-07-19 00:39 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-09-21 23:37 - 2012-07-19 00:42 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-20 06:47 - 2012-09-20 06:47 - 00115576 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-18 10:00 - 2012-09-18 09:47 - 1150472192 ____A C:\Users\G6\Desktop\Nezastavitelny.avi
2012-09-18 09:01 - 2012-09-18 08:53 - 744439808 ____A C:\Users\G6\Desktop\Den zrady.avi
2012-09-17 05:34 - 2012-09-17 05:34 - 21041152 ____A C:\Users\G6\Documents\.evtx
2012-09-16 08:45 - 2012-09-16 08:33 - 998793346 ____A C:\Users\G6\Desktop\Zelezna-lady-CZ-2011.avi
2012-08-30 22:58 - 2012-08-16 04:15 - 00019236 ____A C:\Users\G6\Documents\cv.odt
2012-08-24 06:32 - 2012-07-19 00:46 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-24 03:15 - 2012-09-22 22:03 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-22 22:03 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-22 22:03 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-22 22:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-22 22:03 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-22 22:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-22 22:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-22 22:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-22 22:03 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-22 22:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-22 22:03 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-22 22:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-22 22:03 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-22 22:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-22 22:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-22 22:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-22 22:03 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-22 22:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-22 22:03 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-22 22:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-22 22:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-22 22:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-22 22:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-22 22:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-22 22:03 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-22 22:03 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-22 22:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-22 22:03 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-22 22:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-22 22:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-22 22:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-22 22:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-09-22 22:05 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-22 22:04 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-22 22:04 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-22 22:04 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 03:01 - 2012-09-21 23:53 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 03:01 - 2012-07-19 01:21 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 03:01 - 2012-07-19 01:21 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-21 01:13 - 2012-07-19 00:42 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-21 01:13 - 2012-07-19 00:42 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-21 01:13 - 2012-07-19 00:42 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-21 01:13 - 2012-07-19 00:42 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-21 01:13 - 2012-07-19 00:42 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-21 01:13 - 2012-07-19 00:42 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-21 01:12 - 2012-07-19 00:42 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-21 01:12 - 2012-07-19 00:42 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-21 01:12 - 2012-07-19 00:42 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-18 05:39 - 2012-08-18 05:39 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-08-18 05:37 - 2012-08-18 05:37 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_42.dll
2012-08-18 05:35 - 2012-08-18 05:35 - 00002283 ____A C:\Users\G6\Desktop\Medal of Honor 2010.lnk
2012-08-18 05:24 - 2012-08-18 04:33 - 360342008 ____A C:\Users\G6\Documents\Medal-of-Honor-2010_Czech.zip
2012-08-02 09:58 - 2012-09-22 22:04 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-22 22:04 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-01 23:39 - 2012-08-01 07:17 - 00001476 ____A C:\Users\G6\Desktop\FM 2012.lnk
2012-08-01 07:11 - 2012-08-01 06:39 - 3077619349 ____A C:\Users\G6\Documents\Football-Manager-2012.rar
2012-08-01 06:45 - 2012-08-01 06:45 - 00001591 ____A C:\Users\G6\Desktop\Medal of Honor Airborne.lnk
2012-08-01 04:57 - 2012-08-01 04:57 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_41.dll
2012-07-29 09:57 - 2012-07-29 09:57 - 00003584 ____A C:\Users\G6\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-25 05:32 - 2012-07-25 05:32 - 00002179 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-07-25 03:17 - 2012-07-25 03:17 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-24 10:10 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-23 03:04 - 2012-07-23 02:47 - 1034991616 ____A C:\Users\G6\Desktop\Jist,meditovat,milovat.avi
2012-07-22 00:42 - 2012-07-22 00:42 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-21 01:08 - 2012-07-21 01:08 - 00000646 ____A C:\Users\G6\Desktop\Total Commander 64 bit.lnk
2012-07-21 00:03 - 2012-07-21 00:03 - 00001191 ____A C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
2012-07-20 21:58 - 2012-07-20 21:58 - 00001168 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
2012-07-20 21:52 - 2012-07-20 21:52 - 00011187 ____A C:\Users\G6\Documents\motivacní dopis.odt
2012-07-19 07:14 - 2012-03-13 04:50 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-19 07:04 - 2012-07-19 07:04 - 01338232 ____A C:\Users\G6\Desktop\Resampler.zip
2012-07-19 03:46 - 2012-07-19 03:46 - 00001953 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2012-07-19 03:18 - 2012-07-19 03:18 - 00002885 ____A C:\Users\Public\Desktop\ACDSee Photo Manager 12.lnk
2012-07-19 01:44 - 2012-07-19 01:45 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-19 01:44 - 2012-07-19 01:44 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-19 01:44 - 2012-07-19 01:44 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-19 01:44 - 2012-03-13 04:51 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-07-19 01:44 - 2012-03-13 04:51 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-19 01:34 - 2012-07-19 01:34 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-07-19 01:14 - 2012-07-19 01:14 - 00000359 ____A C:\Users\G6\Desktop\Tento pocítac.lnk
2012-07-19 01:09 - 2012-07-19 01:09 - 00001950 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-07-19 01:08 - 2012-07-19 01:08 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-07-18 10:15 - 2012-08-14 22:14 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-18 00:41 - 2011-12-22 00:37 - 00015482 ____A C:\Windows\System32\results.xml
2012-07-18 00:40 - 2012-07-18 00:40 - 00000000 ____A C:\Windows\ativpsrm.bin
2012-07-18 00:36 - 2012-07-18 00:36 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2012-07-06 12:07 - 2012-08-15 08:20 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 14:16 - 2012-08-14 22:14 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-14 22:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-14 22:14 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-14 22:14 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-14 22:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 12:26 - 2012-09-22 22:05 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-23 08:18:21
Restore point made on: 2012-09-23 09:00:01
Restore point made on: 2012-09-23 09:12:52
Restore point made on: 2012-09-23 09:21:14

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3893.86 MB
Available physical RAM: 3252.5 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3244.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:446.13 GB) (Free:276.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Recovery) (Fixed) (Total:15.47 GB) (Free:1.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
4 Drive g: (???? ????? Windows 7 64 ??????) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
5 Drive h: (FLASH 4GB) (Removable) (Total:3.73 GB) (Free:0.72 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3830 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 446 GB 200 MB
Partition 3 Primary 15 GB 446 GB
Partition 4 Primary 4063 MB 461 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 446 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 15 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 4063 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3826 MB 4096 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FLASH 4GB FAT32 Removable 3826 MB Healthy

=========================================================

Last Boot: 2012-09-16 01:50

==================== End Of Log =============================

#199 Příspěvek od **stell** » 25 zář 2012 14:48

ok,
spust poznamkovy blok, Notepad a skopiruj don tento kod.

Kód: Vybrat vše

Start
HKU\G6\...\Policies\system: [DisableLockWorkstation] 0
HKU\G6\...\Policies\system: [DisableChangePassword] 0
2012-09-23 10:18 - 2012-09-23 10:20 - 98077435 ____A (Igor Pavlov) C:\Users\G6\Desktop\OTLPEStd.exe
2012-09-23 09:18 - 2012-09-23 10:28 - 00000000 ____D C:\users\TEMP.G6-HP.007
2012-09-22 03:25 - 2012-09-22 03:25 - 00000359 ____A C:\Users\TEMP.G6-HP.006\Desktop\Pocítac – zástupce.lnk
2012-09-22 03:14 - 2012-09-22 03:14 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Roaming\Macromedia
2012-09-22 03:14 - 2012-09-22 03:14 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Local\Macromedia
2012-09-22 03:13 - 2012-09-22 03:13 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Roaming\Mozilla
2012-09-22 03:13 - 2012-09-22 03:13 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Local\Mozilla
2012-09-22 03:11 - 2012-09-22 03:11 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Roaming\Apple Computer
2012-09-22 03:11 - 2012-09-22 03:11 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Roaming\Adobe
2012-09-22 03:10 - 2012-09-23 09:30 - 00000000 ____D C:\users\TEMP.G6-HP.006
2012-09-22 03:10 - 2012-09-22 03:10 - 00000020 __ASH C:\Users\TEMP.G6-HP.006\ntuser.ini
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Soubory cookie
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Šablony
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Poslední
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Okolní tiskárny
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Okolní sít
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Nabídka Start
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Dokumenty
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Documents\Obrázky
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Documents\Hudba
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Documents\Filmy
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\Data aplikací
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 __SHD C:\Users\TEMP.G6-HP.006\AppData\Local\Data aplikací
2012-09-22 03:10 - 2012-09-22 03:10 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Local\VirtualStore
2012-09-22 03:10 - 2012-07-24 10:10 - 00000000 ____D C:\Users\TEMP.G6-HP.006\AppData\Local\Microsoft Help
2012-09-22 02:39 - 2012-09-22 05:19 - 00000000 ____D C:\users\TEMP.G6-HP.005
2012-09-22 01:28 - 2012-09-22 05:19 - 00000000 ____D C:\users\TEMP.G6-HP.004
2012-09-21 23:36 - 2012-09-22 05:19 - 00000000 ____D C:\users\TEMP.G6-HP.003
2012-09-21 23:26 - 2012-09-22 05:19 - 00000000 ____D C:\users\TEMP.TOMAS
2012-09-20 08:00 - 2012-09-22 04:34 - 00000000 ____D C:\users\TEMP.G6-HP.002
2012-09-20 07:27 - 2012-09-20 08:07 - 00000000 ____D C:\users\TEMP.G6-HP.001
2012-09-19 04:32 - 2012-09-19 09:00 - 00000000 ____D C:\users\TEMP.G6-HP.000
2012-09-05 03:54 - 2012-09-07 02:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
Last Boot: 2012-09-16 01:50
End

uloz ho na Flashku kde mas Frst64.exe.
ako nazov napis fixlist.txt

znova pojdes na win7 recovery disk>.spustis frst64, ale teraz zatlac gombik FIX
pockaj kym program dokonci akciu,,restart do windows a
Log (Fixlog.txt) vloz sem,a napis ci sa ti nabootoval na 1x.

#200 Příspěvek od **stell** » 25 zář 2012 16:14

No co je beky, zaspal si???

bek69 · #201 Příspěvek od **bek69** » 25 zář 2012 16:30

Tak jsem zpět a NAPOPRVÉ !!!!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-09-2012
Ran by SYSTEM at 2012-09-25 17:23:48 Run:2
Running from H:\

==============================================

HKEY_USERS\G6\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation Value deleted successfully.
HKEY_USERS\G6\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword Value deleted successfully.
C:\Users\G6\Desktop\OTLPEStd.exe moved successfully.
C:\users\TEMP.G6-HP.007 moved successfully.
C:\Users\TEMP.G6-HP.006\Desktop\Pocítac – zástupce.lnk not found.
C:\Users\TEMP.G6-HP.006\AppData\Roaming\Macromedia moved successfully.
C:\Users\TEMP.G6-HP.006\AppData\Local\Macromedia moved successfully.
C:\Users\TEMP.G6-HP.006\AppData\Roaming\Mozilla moved successfully.
C:\Users\TEMP.G6-HP.006\AppData\Local\Mozilla moved successfully.
C:\Users\TEMP.G6-HP.006\AppData\Roaming\Apple Computer moved successfully.
C:\Users\TEMP.G6-HP.006\AppData\Roaming\Adobe moved successfully.
C:\users\TEMP.G6-HP.006 moved successfully.
C:\Users\TEMP.G6-HP.006\ntuser.ini not found.
C:\Users\TEMP.G6-HP.006\Soubory cookie not found.
C:\Users\TEMP.G6-HP.006\Šablony not found.
C:\Users\TEMP.G6-HP.006\Poslední not found.
C:\Users\TEMP.G6-HP.006\Okolní tiskárny not found.
C:\Users\TEMP.G6-HP.006\Okolní sít not found.
C:\Users\TEMP.G6-HP.006\Nabídka Start not found.
C:\Users\TEMP.G6-HP.006\Dokumenty not found.
C:\Users\TEMP.G6-HP.006\Documents\Obrázky not found.
C:\Users\TEMP.G6-HP.006\Documents\Hudba not found.
C:\Users\TEMP.G6-HP.006\Documents\Filmy not found.
C:\Users\TEMP.G6-HP.006\Data aplikací not found.
C:\Users\TEMP.G6-HP.006\AppData\Local\Data aplikací not found.
C:\Users\TEMP.G6-HP.006\AppData\Local\VirtualStore not found.
C:\Users\TEMP.G6-HP.006\AppData\Local\Microsoft Help not found.
C:\users\TEMP.G6-HP.005 moved successfully.
C:\users\TEMP.G6-HP.004 moved successfully.
C:\users\TEMP.G6-HP.003 moved successfully.
C:\users\TEMP.TOMAS moved successfully.
C:\users\TEMP.G6-HP.002 moved successfully.
C:\users\TEMP.G6-HP.001 moved successfully.
C:\users\TEMP.G6-HP.000 moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2 moved successfully.
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

#202 Příspěvek od **stell** » 25 zář 2012 16:45

ok, no len este sprav tu vo windowsw log z erick mbrscan, a log vloz sem, a uvidime pretoze ani virustotal ani aws nedektuje nic,

bek69 · #203 Příspěvek od **bek69** » 25 zář 2012 17:08

Je to tohle?

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/09/25 (ISO 8601) at 18:07:51
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __TOSHIBA MK5056GSY (LH00)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR1 __JetFlash Transcend 4GB (8.07)
BUS_TYPE       : (0x07)  USB
USE_PIO        : NO
MAX_TRANSFER   : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

Device\Harddisk0\DR0	465.8 Go  [Fixed] ==> 7 MBR Code ==> PARTITION TABLE FAKED !!

MBR_MD5   : 23971C2D0BA75F64C750C478A6CE347B
MBR_SHA1  : F69DBBF4FEC005336BBEBE63E3E689FFAD2FAD63

Device\Harddisk0\Partition1	199.0 Mo  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	446.1 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition3	15.47 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition4	3.97 Go  	0x0C FAT32 [LBA] 
________________________________________________________________________________

Device\Harddisk1\DR1	3.74 Go  [Removable] ==> Unknown MBR Code

MBR_MD5   : 489185096C4DD1D639D691B0261F097D
MBR_SHA1  : F55FA05E7B59BCC281A2FEF8D7C3B4E273602C57

Device\Harddisk1\Partition1	3.74 Go  	0x0B FAT32 [CHS] 
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x03007000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00B9C000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C2F000
SIZE    : 316.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00C92000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00CF0000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E59000
SIZE    : 656.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00EFD000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F0C000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00F63000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00F6C000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00F76000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00FA9000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00FB6000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\compbatt.sys => Invisible on the disk
ADDRESS : 0x00FCB000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00FD4000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00FE0000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x01061000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x010BD000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\iaStor.sys => Invisible on the disk
ADDRESS : 0x01257000
SIZE    : 3.60 Mo

DRIVER  : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x015F1000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x01200000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\drivers\msahci.sys => Invisible on the disk
ADDRESS : 0x0122A000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x01235000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x01245000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x010D7000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x01123000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01607000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01137000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x017AA000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01821000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01893000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x018A4000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x018AE000
SIZE    : 968.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x019A0000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x017C5000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01A00000
SIZE    : 2.00 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01195000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wd.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01808000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x0104C000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01810000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hpdskflt.sys => Invisible on the disk
ADDRESS : 0x017EF000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x00DB0000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x011DF000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01CB4000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\dtsoftbus01.sys => Invisible on the disk
ADDRESS : 0x01CF2000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x04400000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswSnx.SYS => Invisible on the disk
ADDRESS : 0x07041000
SIZE    : 960.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x07131000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x0713A000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x07141000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x0714F000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x07174000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x07184000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x0718D000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x07196000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x0719F000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x071AA000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x071BB000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x071DD000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswTdi.SYS => Invisible on the disk
ADDRESS : 0x071EA000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x01D3B000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswrdr2.sys => Invisible on the disk
ADDRESS : 0x07000000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x01C00000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x07010000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x07019000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x01C45000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x0442A000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x01C5B000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x047EB000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x076FA000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x0774B000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x07757000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x07762000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x07771000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\drivers\blbdrive.sys => Invisible on the disk
ADDRESS : 0x0778F000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswSP.SYS => Invisible on the disk
ADDRESS : 0x077A0000
SIZE    : 372.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x07600000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\atikmpag.sys => Invisible on the disk
ADDRESS : 0x07626000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\atikmdag.sys => Invisible on the disk
ADDRESS : 0x0781B000
SIZE    : 7.73 Mo

DRIVER  : C:\Windows\system32\DRIVERS\igdpmd64.sys => Invisible on the disk
ADDRESS : 0x08433000
SIZE    : 10.12 Mo

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x08E52000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x08F46000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x08F8C000
SIZE    : 216.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x08FC2000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x08FE6000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x08400000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x07670000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bcmwl664.sys => Invisible on the disk
ADDRESS : 0x094D1000
SIZE    : 4.54 Mo

DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x0995B000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk
ADDRESS : 0x09968000
SIZE    : 532.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x09400000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x0941E000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the disk
ADDRESS : 0x0942D000
SIZE    : 412.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x09494000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x09496000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\GEARAspiWDM.sys => Invisible on the disk
ADDRESS : 0x094A5000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Impcd.sys => Invisible on the disk
ADDRESS : 0x07FD6000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Accelerometer.sys => Invisible on the disk
ADDRESS : 0x094AC000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\CmBatt.sys => Invisible on the disk
ADDRESS : 0x094B9000
SIZE    : 20.0 Ko

DRIVER  : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x094BE000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x08411000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x099ED000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\clwvd.sys => Invisible on the disk
ADDRESS : 0x094C7000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x0801B000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x0805E000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x08064000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x0807A000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x0809E000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x080AA000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x080D9000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x080F4000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x08115000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x0812F000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x08131000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x08143000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x0819D000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\AtiHdmi.sys => Invisible on the disk
ADDRESS : 0x081B2000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x01C76000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x081D5000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\stwrt64.sys => Invisible on the disk
ADDRESS : 0x0A0DD000
SIZE    : 520.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x000C0000
SIZE    : 3.08 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x0A15F000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\udfs.sys => Invisible on the disk
ADDRESS : 0x0A16B000
SIZE    : 340.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk
ADDRESS : 0x0A1C0000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\BTHUSB.sys => Invisible on the disk
ADDRESS : 0x0A1DB000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\System32\Drivers\bthport.sys => Invisible on the disk
ADDRESS : 0x0A000000
SIZE    : 560.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\WinUSB.sys => Invisible on the disk
ADDRESS : 0x0A08C000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x0A09D000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x04439000
SIZE    : 3.60 Mo

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x0A0AB000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rfcomm.sys => Invisible on the disk
ADDRESS : 0x076C6000
SIZE    : 176.0 Ko

DRIVER  : C:\Windows\system32\drivers\BthEnum.sys => Invisible on the disk
ADDRESS : 0x0A0BE000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bthpan.sys => Invisible on the disk
ADDRESS : 0x01DC4000
SIZE    : 128.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x00E3A000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 184.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x0A0CE000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x005E0000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00660000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x03CF8000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\drivers\aswMonFlt.sys => Invisible on the disk
ADDRESS : 0x03D1B000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswFsBlk.SYS => Invisible on the disk
ADDRESS : 0x03D3D000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x03D46000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x03D67000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x03D7C000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x03DCF000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x03DE2000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x03C00000
SIZE    : 804.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x03CC9000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x08000000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x0826A000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x08297000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x082E5000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x08309000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x083AF000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x083BA000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x083EB000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x08200000
SIZE    : 420.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x0AEF6000
SIZE    : 608.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x0AF8E000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47DC0000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_____FAKED   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 9A E4 89 32 00 00 00 7E   em...c{..ä.2...~
0x000001C0   26 19 07 FE FF FF 00 40 06 00 00 F8 7F 09 80 FE   &..þ...@...ø...þ
0x000001D0   FF FF 0C FE FF FF 00 38 86 09 00 80 0C 00 00 00   ...þ...8........
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__ORIGINAL   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A FE 92 6A 61 00 00 80 20   em...c{.þ.ja... 
0x000001C0   21 00 07 7E 25 19 00 08 00 00 00 38 06 00 00 7E   !..~%......8...~
0x000001D0   26 19 07 FE FF FF 00 40 06 00 00 38 C4 37 00 FE   &..þ...@...8Ä7.þ
0x000001E0   FF FF 07 FE FF FF 00 78 CA 37 00 E8 EE 01 00 FE   ...þ...xÊ7.èî..þ
0x000001F0   FF FF 0C FE FF FF 00 60 B9 39 30 F8 7E 00 55 AA   ...þ...`¹90ø~.Uª

_______MBR   \Device\Harddisk1\DR1  

0x00000000   FA B8 00 00 8E D0 BC 00 7C 8B F4 50 07 50 1F FB   ú¸...Ð¼.|.ôP.P.û
0x00000010   FC BF 00 06 B9 00 01 F3 A5 EA 1E 06 00 00 BE BE   ü¿..¹..ó¥ê....¾¾
0x00000020   07 80 3C 80 74 02 CD 18 56 53 06 BB 00 7C B9 01   ..<.t.Í.VS.».|¹.
0x00000030   00 BA 00 00 B8 01 02 CD 13 07 5B 5E B2 80 72 0B   .º..¸..Í..[^².r.
0x00000040   BF BC 7D 81 3D 55 53 75 02 B2 00 BF EB 06 88 15   ¿¼}.=USu.².¿ë...
0x00000050   8A 74 01 8B 4C 02 8B EE EB 15 BE 9B 06 AC 3C 00   .t..L..îë.¾..¬<.
0x00000060   74 0B 56 BB 07 00 B4 0E CD 10 5E EB F0 EB FE BB   t.V»..´.Í.^ëðëþ»
0x00000070   00 7C B8 01 02 CD 13 73 05 BE B3 06 EB DF BE D2   .|¸..Í.s.¾³.ëß¾Ò
0x00000080   06 BF FE 7D 81 3D 55 AA 75 D3 BF 24 7C BE EB 06   .¿þ}.=UªuÓ¿$|¾ë.
0x00000090   8A 04 88 05 8B F5 EA 00 7C 00 00 49 6E 76 61 6C   .....õê.|..Inval
0x000000A0   69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 62   id partition tab
0x000000B0   6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E 67   le.Error loading
0x000000C0   20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65    operating syste
0x000000D0   6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 74   m.Missing operat
0x000000E0   69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 00   ing system......
0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 C7 DF C7 DF 00 00 00 82   ........ÇßÇß....
0x000001C0   03 00 0B 59 D9 CC 00 20 00 00 00 90 77 00 00 00   ...YÙÌ. ....w...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

#204 Příspěvek od **stell** » 25 zář 2012 17:15

jedine tento nastroj detektuje ze MBR je FAKED, teda Falosny, rozmyslam ci vymenit,alebo nie,
Mas na notbooku dolezite data??

bek69 · #205 Příspěvek od **bek69** » 25 zář 2012 17:25

No radeji jsem vsechno zalohoval na externi hdd... Proc?

#206 Příspěvek od **stell** » 25 zář 2012 17:30

Ok, pretoze ak nieco sa stane, pri takychto infekciach nikdy nevies, mozes prist o vsetky data.
Ale mame to za zalohovane takze vieme vratit to spat, no uvidime.
Nie siom spokojny pretoze tento nastroj nezvykne sa mylit, moze to byt uplne nova infekcia co ani virustotal nedetektuje, takze ideme to vy,emit,

Takze pozorne citaj co teraz napisem, napisem aj to ,ze ak system nenabehne tak co urobis, takze vydrz hned to bude.

#207 Příspěvek od **stell** » 25 zář 2012 17:43

Nezabudni na nic""

1:Tieto textove subory zmaz z flashky.
FRST.txt
Fixlist.txt
fixlog.txt

2:skopiruj aj tento subor priamo na C:\MBR.dat
teraz to mas na ploche.
C:\Users\G6\Desktop\MBR.dat

3:AKCIA:
Otvor notepad a skopiruj tento kod do notepad.

Kód: Vybrat vše

Start
CMD: C:\MbrFix64.exe /drive 0 restorembr C:\original.dat
End

Uloz to na Flashku ,ako Fixlist.txt
a cez recovery disk to spustis tak ako doteraz
Teda zmacknes gombik FIX
ak nabehne system log fixlog.txt vloz sem.

Pripade havarie spravis toto.
ak system nenabehne, tak znovu vymazes z flasky textove subory.
Fixlist.txt
fixlog.txt

Do poznamkoveho bloku skopirujes tento prikaz.

Kód: Vybrat vše

Start
CMD: C:\MbrFix64.exe /drive 0 restorembr C:\MBR.dat
End

A ulozis si to na flashku, ako
Fixlist.txt

a zopajkujess akciu.

A napis ze co a ako aby som vedel

bek69 · #208 Příspěvek od **bek69** » 25 zář 2012 19:00

Tak ani jeden pokus nevysel a navic se opet nemuzu dostat do sveho profilu

#209 Příspěvek od **stell** » 25 zář 2012 19:02

no vloz sem z flashky fixlog.txt

bek69 · #210 Příspěvek od **bek69** » 25 zář 2012 19:06

Zadny tam neni. V obou pripadech jsem zmacknul FIX a v obou pripadech trvala kontrola asi 15-20 minut a protoze predtim to netrvalo ani 5 minut tak jsem to vypnul. Nebo jsem to mel nechat bezet dal?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-09-2012
Ran by SYSTEM at 2012-09-25 19:40:58 Run:4
Running from H:\

==============================================

========= C:\MbrFix64.exe /drive 0 restorembr C:\MBR.dat =========

VIRY.CZ

Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc