Zdravím,
po naběhnutí Windows se zobrazí Policie České Republiky - Váš počítač byl zablokován a bla bla bla. Bohužel virus kompletně blokuje veškeré myslitelné akce včetně spuštění v nouzovém režimu (v takovém případě se počítač před naběhnutím v nouzovém režimu znovu restartuje a spustí se v běžném režimu se zablokovanou obrazovkou). Z výše uvedeného důvodu nejsem schopen vložit žádné logy, nejprve bude třeba rady, jak se ke spuštění těchto programů vůbec dostat. Předem díky za pomoc.
Tomáš
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zablokovaný počítač
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Zablokovaný počítač
Po nabootování z CD a dokončení procesu "Starting Reatogo-X-PE" se vždy objeví "modrá smrt" vyzývající k restartu.
Technical information:
*** STOP: 0x0000007B (0xF78DA528,0xC0000034,0x00000000,0x00000000)
K dalším krokům se tudíž nedostanu.
Technical information:
*** STOP: 0x0000007B (0xF78DA528,0xC0000034,0x00000000,0x00000000)
K dalším krokům se tudíž nedostanu.
Re: Zablokovaný počítač
Poprosím o trochu podrobnější postup, BIOS jsem spustil (Esc, F10), teda alespoň doufám, protože v záhlaví není napsáno BIOS ale InsydeH2O Setup Utility, ale žádné nabídky odpovídající popisu nevidím.
Re: Zablokovaný počítač
Prolezl jsem všechny nabídky, nic takovýho tu nevidím.
V záložce MAIN je pouze
- System time
- System date
- nějaký údaje o počítači a systému, na terý nejde najet a na konci
- Diagnostic log,
záložka Security
- Administrator Password
- Power-On Password
záložka Diagnostics
- Primary Hard Disk Self Test
- Memory Test
záložka System Configuration
- Language (English)
- Virtualization Technology (Disabled)
- Lan Power Saving (Enabled)
- Fan Always On (Enabled)
- Action Key Moed (Enabled)
- Boot Option (dál rozkliknutelný)
-- POST HotKey Delay (sec) 0
-- HP QuickWeb (Disabled)
-- CD-ROM Boot (Enabled)
-- Floppy Boot (Disabled)
-- Internal Network Adapter Boot (Disabled)
-- Boot Order (dál rozkliknutelný)
--- Notebook Hard Drive
--- Internal CD/DVD ROM Drive
--- USB Diskette on Key/USB Hard Disk
--- USB CD/DVD ROM Drive
--- ! USB Floppy
--- ! Network Adapter
no a zbývá už jen záložka Exit.
Klidně to nafotím, jestli to pomůže, ale nic víc tady nevidím.
V záložce MAIN je pouze
- System time
- System date
- nějaký údaje o počítači a systému, na terý nejde najet a na konci
- Diagnostic log,
záložka Security
- Administrator Password
- Power-On Password
záložka Diagnostics
- Primary Hard Disk Self Test
- Memory Test
záložka System Configuration
- Language (English)
- Virtualization Technology (Disabled)
- Lan Power Saving (Enabled)
- Fan Always On (Enabled)
- Action Key Moed (Enabled)
- Boot Option (dál rozkliknutelný)
-- POST HotKey Delay (sec) 0
-- HP QuickWeb (Disabled)
-- CD-ROM Boot (Enabled)
-- Floppy Boot (Disabled)
-- Internal Network Adapter Boot (Disabled)
-- Boot Order (dál rozkliknutelný)
--- Notebook Hard Drive
--- Internal CD/DVD ROM Drive
--- USB Diskette on Key/USB Hard Disk
--- USB CD/DVD ROM Drive
--- ! USB Floppy
--- ! Network Adapter
no a zbývá už jen záložka Exit.
Klidně to nafotím, jestli to pomůže, ale nic víc tady nevidím.
Re: Zablokovaný počítač
Už ano, jsem tam 
Re: Zablokovaný počítač
Spíš základy, co si vybavuju z mládí. Navigaci zvládnu. Jdu na to.
Re: Zablokovaný počítač
Jinak systém na notebooku (ten opravujem) by měl být 32, ale než riskovat, je nějakej způsob, jak to z příkazovýho řádku ověřit?
Re: Zablokovaný počítač
SysWOW64? Tak přecejen 64.
Můžeš mně připomenout formát příkazu COPY? Nebo je to prostě jen "COPY G:\FRST64 C:\"?
Můžeš mně připomenout formát příkazu COPY? Nebo je to prostě jen "COPY G:\FRST64 C:\"?
Re: Zablokovaný počítač
Nebo já to vlastně asi můžu nechat na tý flashce, že?
Re: Zablokovaný počítač
Spustil jsem soubor přímo z flashky (zbytečný kopírování jak FRST, tak následně logu na flash) a flashku samotnou jsem si našel brutální silou (zkoušel jsem písmenka disků a DIR)
Každopádně tady máme log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-03-2013 01
Ran by SYSTEM at 12-03-2013 22:25:39
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2028328 2010-01-22] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-17] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-01] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2009-12-16] (Hewlett-Packard)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [401192 2009-12-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201512 2009-12-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run [379248 2010-01-18] (Egis Technology Inc. )
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-01-25] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Lsa: [Notification Packages] EgisPwdFilter EgisDSPwdFilter
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Services (Whitelisted) ===================
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
2 DvmMDES; "C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2009-11-25] (DeviceVM, Inc.)
2 EgisTec Service; "C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe" [689008 2010-01-18] (Egis Technology Inc. )
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22056 2013-01-27] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [379360 2013-01-27] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe [244736 2010-02-01] (IDT, Inc.)
==================== Drivers (Whitelisted) =====================
1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2009-11-11] (DeviceVM, Inc.)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\Program Files\iTunes
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\Program Files\iPod
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-02-27 22:36 - 2013-01-13 13:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-02-27 22:36 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-02-27 22:36 - 2013-01-13 12:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-02-27 22:36 - 2013-01-13 12:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-02-27 22:36 - 2013-01-13 12:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-02-27 22:36 - 2013-01-13 12:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-02-27 22:36 - 2013-01-13 11:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-02-27 22:36 - 2013-01-13 11:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-02-27 22:36 - 2013-01-13 11:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-02-27 22:36 - 2013-01-13 11:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-02-27 22:36 - 2013-01-13 11:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-02-27 22:36 - 2013-01-13 11:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-02-27 22:36 - 2013-01-13 11:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-02-27 22:36 - 2013-01-13 11:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-02-27 22:36 - 2013-01-13 11:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-02-27 22:36 - 2013-01-13 11:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-02-27 22:36 - 2013-01-13 11:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-02-27 22:36 - 2013-01-13 11:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-02-27 22:36 - 2013-01-13 11:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-02-27 22:36 - 2013-01-13 11:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-02-27 22:36 - 2013-01-13 11:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-02-27 22:36 - 2013-01-13 11:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-02-27 22:36 - 2013-01-13 11:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-02-27 22:36 - 2013-01-13 11:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-02-27 22:36 - 2013-01-13 11:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-02-27 22:36 - 2013-01-13 11:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-02-27 22:36 - 2013-01-13 11:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-02-27 22:36 - 2013-01-13 11:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-02-27 22:36 - 2013-01-13 10:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-02-27 22:36 - 2013-01-13 10:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-02-27 22:36 - 2013-01-13 10:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-02-27 22:36 - 2013-01-13 09:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-02-27 22:36 - 2013-01-13 09:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-02-27 22:36 - 2013-01-03 22:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-02-27 22:36 - 2013-01-03 22:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-02-20 02:02 - 2013-02-20 02:02 - 00000850 ____A C:\Windows\PFRO.log
2013-02-19 23:18 - 2013-03-12 12:50 - 00002184 ____A C:\Windows\setupact.log
2013-02-19 23:18 - 2013-02-19 23:18 - 00000000 ____A C:\Windows\setuperr.log
2013-02-12 18:00 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-12 18:00 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-12 18:00 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-12 18:00 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-12 18:00 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-12 18:00 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-12 18:00 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-12 18:00 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-12 18:00 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-12 18:00 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-12 18:00 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-12 18:00 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-12 18:00 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-12 18:00 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-12 18:00 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-12 18:00 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-12 18:00 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-12 18:00 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-12 18:00 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-12 18:00 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-12 18:00 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-12 18:00 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-12 18:00 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-12 18:00 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-12 18:00 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-12 18:00 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-12 18:00 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-12 18:00 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-12 18:00 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-12 18:00 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-12 18:00 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-12 18:00 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-12 17:24 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-12 17:24 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-12 17:24 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-12 17:24 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-12 17:24 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-12 17:24 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-12 17:24 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-12 17:24 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-12 17:24 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-12 17:24 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-12 17:24 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-12 17:24 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
==================== One Month Modified Files and Folders =======
2013-03-12 13:12 - 2010-03-25 19:09 - 00631276 ____A C:\Windows\System32\perfh005.dat
2013-03-12 13:12 - 2010-03-25 19:09 - 00121930 ____A C:\Windows\System32\perfc005.dat
2013-03-12 13:12 - 2009-07-13 21:13 - 01470298 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-12 13:02 - 2012-05-11 17:32 - 01149525 ____A C:\Windows\WindowsUpdate.log
2013-03-12 12:50 - 2013-02-19 23:18 - 00002184 ____A C:\Windows\setupact.log
2013-03-12 12:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-12 12:27 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-12 12:27 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-12 09:42 - 2012-04-10 18:18 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-05 00:16 - 2012-11-20 00:34 - 00000368 ____A C:\Windows\Tasks\HPCeeScheduleForTomáš Krivánek.job
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\Program Files\iTunes
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\Program Files\iPod
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-03-04 06:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-03 05:41 - 2011-03-22 23:42 - 00000342 ____A C:\Windows\Tasks\HPCeeScheduleForTOMÁŠ-PC$.job
2013-03-01 05:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-02-27 23:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-02-27 23:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-02-27 23:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-02-27 23:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-02-27 13:00 - 2012-04-10 18:18 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-27 13:00 - 2011-05-14 09:55 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-20 02:02 - 2013-02-20 02:02 - 00000850 ____A C:\Windows\PFRO.log
2013-02-19 23:18 - 2013-02-19 23:18 - 00000000 ____A C:\Windows\setuperr.log
2013-02-18 23:50 - 2011-06-10 12:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-02-18 23:49 - 2010-10-01 04:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-17 20:43 - 2011-01-29 11:51 - 00001912 ____A C:\Windows\epplauncher.mif
2013-02-17 20:43 - 2011-01-29 11:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-02-17 20:43 - 2011-01-29 11:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-02-16 19:58 - 2010-11-14 21:30 - 00000000 ____D C:\Games
2013-02-13 03:32 - 2009-07-13 20:45 - 00357096 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-12 18:07 - 2010-03-25 11:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-02-12 18:05 - 2010-10-01 02:43 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-02-12 18:00:26
Restore point made on: 2013-02-16 08:47:40
Restore point made on: 2013-02-19 23:39:49
Restore point made on: 2013-02-23 08:25:39
Restore point made on: 2013-02-27 11:04:29
Restore point made on: 2013-02-27 22:36:22
Restore point made on: 2013-03-03 05:52:19
Restore point made on: 2013-03-07 11:34:45
Restore point made on: 2013-03-11 06:11:53
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3893.86 MB
Available physical RAM: 3169.93 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3156.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:448.86 GB) (Free:388.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:16.61 GB) (Free:2.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive g: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
5 Drive h: () (Removable) (Total:7.51 GB) (Free:5.81 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Stav Velikost Voln‚ Dyn Gpt
-------- ------------- -------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7702 MB 0 B
Probˇh ukoncenˇ programu DiskPart...
Partitions of Disk 0:
===============
Nynˇ je vybr n disk 0.
ID disku: 4F4E2E05
Oddˇl ### Typ Velikost Posunutˇ
------------- ---------------- -------- --------
Oddˇl 1 Prim rnˇ 199 MB 1024 KB
Oddˇl 2 Prim rnˇ 448 GB 200 MB
Oddˇl 3 Prim rnˇ 16 GB 449 GB
Oddˇl 4 Prim rnˇ 103 MB 465 GB
Probˇh ukoncenˇ programu DiskPart...
==================================================================================
Partitions of Disk 1:
===============
Nynˇ je vybr n disk 1.
ID disku: 04DD5721
Oddˇl ### Typ Velikost Posunutˇ
------------- ---------------- -------- --------
Oddˇl 1 Prim rnˇ 7701 MB 31 KB
Probˇh ukoncenˇ programu DiskPart...
==================================================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: 4F4E2E05
Partition 1:
=========
Hex: 80202100077E25190008000000380600
Active: YES
Type: 07 (NTFS)
Size: 199 MB
Partition 2:
=========
Hex: 007E261907FEFFFF0040060000801B38
Active: NO
Type: 07 (NTFS)
Size: 449 GB
Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00C0213800601302
Active: NO
Type: 07 (NTFS)
Size: 17 GB
Partition 4:
=========
Hex: 00FEFFFF0CFEFFFF0020353A30380300
Active: NO
Type: 0C
Size: 103 MB
==============================
Partitions of Disk 1:
===============
Disk ID: 04DD5721
Partition 1:
=========
Hex: 800101000CFEFFD43F000000C1AFF000
Active: YES
Type: 0C
Size: 8 GB
Last Boot: 2013-03-04 19:21
==================== End Of Log =============================
Každopádně tady máme log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-03-2013 01
Ran by SYSTEM at 12-03-2013 22:25:39
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2028328 2010-01-22] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-17] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-01] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2009-12-16] (Hewlett-Packard)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [401192 2009-12-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201512 2009-12-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run [379248 2010-01-18] (Egis Technology Inc. )
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-01-25] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Lsa: [Notification Packages] EgisPwdFilter EgisDSPwdFilter
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Services (Whitelisted) ===================
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
2 DvmMDES; "C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2009-11-25] (DeviceVM, Inc.)
2 EgisTec Service; "C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe" [689008 2010-01-18] (Egis Technology Inc. )
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22056 2013-01-27] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [379360 2013-01-27] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe [244736 2010-02-01] (IDT, Inc.)
==================== Drivers (Whitelisted) =====================
1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2009-11-11] (DeviceVM, Inc.)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\Program Files\iTunes
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\Program Files\iPod
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-02-27 22:36 - 2013-01-13 13:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-02-27 22:36 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 22:36 - 2013-01-13 12:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-02-27 22:36 - 2013-01-13 12:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-02-27 22:36 - 2013-01-13 12:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-02-27 22:36 - 2013-01-13 12:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-02-27 22:36 - 2013-01-13 12:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-02-27 22:36 - 2013-01-13 11:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-02-27 22:36 - 2013-01-13 11:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-02-27 22:36 - 2013-01-13 11:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-02-27 22:36 - 2013-01-13 11:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-02-27 22:36 - 2013-01-13 11:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-02-27 22:36 - 2013-01-13 11:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-02-27 22:36 - 2013-01-13 11:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-02-27 22:36 - 2013-01-13 11:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-02-27 22:36 - 2013-01-13 11:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-02-27 22:36 - 2013-01-13 11:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-02-27 22:36 - 2013-01-13 11:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-02-27 22:36 - 2013-01-13 11:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-02-27 22:36 - 2013-01-13 11:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-02-27 22:36 - 2013-01-13 11:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-02-27 22:36 - 2013-01-13 11:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-02-27 22:36 - 2013-01-13 11:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-02-27 22:36 - 2013-01-13 11:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-02-27 22:36 - 2013-01-13 11:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-02-27 22:36 - 2013-01-13 11:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-02-27 22:36 - 2013-01-13 11:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-02-27 22:36 - 2013-01-13 11:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-02-27 22:36 - 2013-01-13 11:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-02-27 22:36 - 2013-01-13 10:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-02-27 22:36 - 2013-01-13 10:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-02-27 22:36 - 2013-01-13 10:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-02-27 22:36 - 2013-01-13 09:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-02-27 22:36 - 2013-01-13 09:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-02-27 22:36 - 2013-01-03 22:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-02-27 22:36 - 2013-01-03 22:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-02-20 02:02 - 2013-02-20 02:02 - 00000850 ____A C:\Windows\PFRO.log
2013-02-19 23:18 - 2013-03-12 12:50 - 00002184 ____A C:\Windows\setupact.log
2013-02-19 23:18 - 2013-02-19 23:18 - 00000000 ____A C:\Windows\setuperr.log
2013-02-12 18:00 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-12 18:00 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-12 18:00 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-12 18:00 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-12 18:00 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-12 18:00 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-12 18:00 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-12 18:00 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-12 18:00 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-12 18:00 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-12 18:00 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-12 18:00 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-12 18:00 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-12 18:00 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-12 18:00 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-12 18:00 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-12 18:00 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-12 18:00 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-12 18:00 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-12 18:00 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-12 18:00 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-12 18:00 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-12 18:00 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-12 18:00 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-12 18:00 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-12 18:00 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-12 18:00 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-12 18:00 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-12 18:00 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-12 18:00 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-12 18:00 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-12 18:00 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-12 17:24 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-12 17:24 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-12 17:24 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-12 17:24 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-12 17:24 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-12 17:24 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-12 17:24 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-12 17:24 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-12 17:24 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-12 17:24 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-12 17:24 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-12 17:24 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
==================== One Month Modified Files and Folders =======
2013-03-12 13:12 - 2010-03-25 19:09 - 00631276 ____A C:\Windows\System32\perfh005.dat
2013-03-12 13:12 - 2010-03-25 19:09 - 00121930 ____A C:\Windows\System32\perfc005.dat
2013-03-12 13:12 - 2009-07-13 21:13 - 01470298 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-12 13:02 - 2012-05-11 17:32 - 01149525 ____A C:\Windows\WindowsUpdate.log
2013-03-12 12:50 - 2013-02-19 23:18 - 00002184 ____A C:\Windows\setupact.log
2013-03-12 12:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-12 12:27 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-12 12:27 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-12 09:42 - 2012-04-10 18:18 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-05 00:16 - 2012-11-20 00:34 - 00000368 ____A C:\Windows\Tasks\HPCeeScheduleForTomáš Krivánek.job
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\Program Files\iTunes
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\Program Files\iPod
2013-03-04 23:49 - 2013-03-04 23:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-03-04 06:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-03 05:41 - 2011-03-22 23:42 - 00000342 ____A C:\Windows\Tasks\HPCeeScheduleForTOMÁŠ-PC$.job
2013-03-01 05:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-02-27 23:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-02-27 23:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-02-27 23:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-02-27 23:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-02-27 13:00 - 2012-04-10 18:18 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-27 13:00 - 2011-05-14 09:55 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-20 02:02 - 2013-02-20 02:02 - 00000850 ____A C:\Windows\PFRO.log
2013-02-19 23:18 - 2013-02-19 23:18 - 00000000 ____A C:\Windows\setuperr.log
2013-02-18 23:50 - 2011-06-10 12:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-02-18 23:49 - 2010-10-01 04:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-17 20:43 - 2011-01-29 11:51 - 00001912 ____A C:\Windows\epplauncher.mif
2013-02-17 20:43 - 2011-01-29 11:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-02-17 20:43 - 2011-01-29 11:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-02-16 19:58 - 2010-11-14 21:30 - 00000000 ____D C:\Games
2013-02-13 03:32 - 2009-07-13 20:45 - 00357096 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-12 18:07 - 2010-03-25 11:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-02-12 18:05 - 2010-10-01 02:43 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-02-12 18:00:26
Restore point made on: 2013-02-16 08:47:40
Restore point made on: 2013-02-19 23:39:49
Restore point made on: 2013-02-23 08:25:39
Restore point made on: 2013-02-27 11:04:29
Restore point made on: 2013-02-27 22:36:22
Restore point made on: 2013-03-03 05:52:19
Restore point made on: 2013-03-07 11:34:45
Restore point made on: 2013-03-11 06:11:53
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3893.86 MB
Available physical RAM: 3169.93 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3156.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:448.86 GB) (Free:388.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:16.61 GB) (Free:2.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive g: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
5 Drive h: () (Removable) (Total:7.51 GB) (Free:5.81 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Stav Velikost Voln‚ Dyn Gpt
-------- ------------- -------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7702 MB 0 B
Probˇh ukoncenˇ programu DiskPart...
Partitions of Disk 0:
===============
Nynˇ je vybr n disk 0.
ID disku: 4F4E2E05
Oddˇl ### Typ Velikost Posunutˇ
------------- ---------------- -------- --------
Oddˇl 1 Prim rnˇ 199 MB 1024 KB
Oddˇl 2 Prim rnˇ 448 GB 200 MB
Oddˇl 3 Prim rnˇ 16 GB 449 GB
Oddˇl 4 Prim rnˇ 103 MB 465 GB
Probˇh ukoncenˇ programu DiskPart...
==================================================================================
Partitions of Disk 1:
===============
Nynˇ je vybr n disk 1.
ID disku: 04DD5721
Oddˇl ### Typ Velikost Posunutˇ
------------- ---------------- -------- --------
Oddˇl 1 Prim rnˇ 7701 MB 31 KB
Probˇh ukoncenˇ programu DiskPart...
==================================================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: 4F4E2E05
Partition 1:
=========
Hex: 80202100077E25190008000000380600
Active: YES
Type: 07 (NTFS)
Size: 199 MB
Partition 2:
=========
Hex: 007E261907FEFFFF0040060000801B38
Active: NO
Type: 07 (NTFS)
Size: 449 GB
Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00C0213800601302
Active: NO
Type: 07 (NTFS)
Size: 17 GB
Partition 4:
=========
Hex: 00FEFFFF0CFEFFFF0020353A30380300
Active: NO
Type: 0C
Size: 103 MB
==============================
Partitions of Disk 1:
===============
Disk ID: 04DD5721
Partition 1:
=========
Hex: 800101000CFEFFD43F000000C1AFF000
Active: YES
Type: 0C
Size: 8 GB
Last Boot: 2013-03-04 19:21
==================== End Of Log =============================
Re: Zablokovaný počítač
Co přesně si představuješ pod "vyextrahovat"? Vyhledat nebo odstranit?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - nenalezeno
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun - nenalezeno
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun - nenalezeno
HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon - složka s podsložkama a několika desítkami položek
HKCU\Software\Microsoft\Windows NT - nenalezeno
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - nenalezeno
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun - nenalezeno
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun - nenalezeno
HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon - složka s podsložkama a několika desítkami položek
HKCU\Software\Microsoft\Windows NT - nenalezeno
Re: Zablokovaný počítač
A "C:\ProgramData" taky neexistuje.
Re: Zablokovaný počítač
Tak nejprve oprava, "C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69" existuje (zřejmě skrytý, na první pohled nebyl vidět) a obsahuje soubor GEARDIFx.exe a složku x64, která obsahuje nějaký *.exe, *.dll, *.txt, *.inf a *.cat soubory a další složku x64, ve které je *.sys soubor. Všechno přes DIR, takže jestli je tam něco dalšího skrytýho, tak to nejspíš neuvidím.
No a pak jsem exportoval:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon
HKLM\Software\Wow6432Node
Viz přílohu.
HKLM\Software\Wow6432Node\Microsoft\Command Processor - nenalezen
No a pak jsem exportoval:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon
HKLM\Software\Wow6432Node
Viz přílohu.
HKLM\Software\Wow6432Node\Microsoft\Command Processor - nenalezen
- Přílohy
-
- reg.zip
- (368 KiB) Staženo 57 x
Re: Zablokovaný počítač
Budu potřebovat nápovědu, jak kopírovat i s podsložkama, protože klasický "COPY" bere jen soubory z daných adresářů.
A k tomu souboru %Userprofile%\NTUser.dat neznám cestu.
Jinak dneska (čtvrtek) bych měl být online zhruba od poledne celý den, tak se nám to snad podaří vyřešit.
A k tomu souboru %Userprofile%\NTUser.dat neznám cestu.
Jinak dneska (čtvrtek) bych měl být online zhruba od poledne celý den, tak se nám to snad podaří vyřešit.
Re: Zablokovaný počítač
Nahrávání obsahu C:\WINDOWS\system32\config na fórum v *.zip má necelých 30 MB a trvá už dobrou hodinu. Není možný, že po nějaké době nahrávání dojde k odhlášení z fóra a v důsledku toho se zbytek nenahraje?
C:\Windows\SysWOW64\config žádné soubory neobsahuje (resp. až v podsložkách)
NTUser.dat jsem v dané cestě (C:\Users\*\NTUser.dat) nenašel. Nejspíš se schovává jinde, daná cesta obsahuje jen 12 podlsožek (Contacts, Desktop, Documents, Downloads,...)
C:\Windows\SysWOW64\config žádné soubory neobsahuje (resp. až v podsložkách)
NTUser.dat jsem v dané cestě (C:\Users\*\NTUser.dat) nenašel. Nejspíš se schovává jinde, daná cesta obsahuje jen 12 podlsožek (Contacts, Desktop, Documents, Downloads,...)
Přispějete na provoz fóra?