Po stažení hry počítač zamrzá, pomalu reaguje

[cocinella]

a hra se opět spustila sama od sebe, i když jsem se ji pokoušela vymazat... ve "hrách" pořád je

[vyosek]

dejte primo cestu k te hre

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[cocinella]

cestu nenajdu, když jsem všechny soubory týkající se hry smazala. ale je divný, že v sekci "hry" ta hra byla... a přes tu sekci cestu nalézt nelze, hru jsem prozatím dala "skrýt". jdu na ten combofix, zatím díky.

[vyosek]

Oki, pockam na CF a pak uvidime

prozatim neni zac, jeste jsme se zatim skoro nikam nedostali...akorat vyloucili par typu haveti..

[cocinella]

už asi 10 minut se připravuje Log report... to je normální? a navíc se mi na notebooku nějak vypnul internet, to ten Combofix?

[cocinella]

konečně ten log
tady je:


ComboFix 12-05-29.01 - Acer 29.05.2012 22:29:47.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3956.1803 [GMT 2:00]
Spuštěný z: d:\users\EliÜka\Downloads\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\Temp\log.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-28 do 2012-05-29 )))))))))))))))))))))))))))))))
.
.
2012-05-29 20:43 . 2012-05-29 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-29 18:24 . 2012-05-29 18:24 -------- d-----w- c:\program files\trend micro
2012-05-29 18:24 . 2012-05-29 18:24 -------- d-----w- C:\rsit
2012-05-29 17:56 . 2012-05-29 17:56 -------- d-----w- c:\programdata\Malwarebytes
2012-05-29 17:56 . 2012-05-29 19:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-29 16:48 . 2012-05-29 16:49 -------- d-----w- c:\windows\system32\drivers\NISx64\1207010.003
2012-05-29 10:00 . 2012-05-29 10:00 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-29 10:00 . 2012-05-29 10:00 -------- d-----w- c:\windows\system32\Wat
2012-05-29 09:45 . 2012-05-29 09:45 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-05-29 09:39 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-29 09:39 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-29 09:39 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-29 09:39 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-29 09:39 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-29 09:39 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-29 09:39 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-29 06:38 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-29 06:37 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-28 18:03 . 2010-02-04 08:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-05-28 18:02 . 2008-03-05 13:56 4910088 ----a-w- c:\windows\system32\D3DX9_37.dll
2012-05-28 18:00 . 2012-05-28 18:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-28 18:00 . 2012-05-28 18:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-28 17:56 . 2012-05-28 18:08 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2012-05-28 17:55 . 2012-05-28 17:55 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-28 17:55 . 2012-05-28 17:55 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-05-28 17:54 . 2012-05-28 17:56 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-05-28 15:50 . 2012-05-29 10:00 -------- d-----w- c:\windows\system32\drivers\NISx64\1207000.00D
2012-05-28 08:52 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-28 08:52 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-28 08:52 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-28 08:52 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-28 08:52 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-28 08:52 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-28 08:52 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-27 14:09 . 2012-05-27 14:09 -------- d-----w- C:\Fraps
2012-05-27 13:29 . 2012-05-27 13:29 -------- d-----r- c:\program files (x86)\Skype
2012-05-27 11:16 . 2012-05-27 11:19 -------- d-----w- c:\program files (x86)\Portal
2012-05-27 11:03 . 2012-05-27 11:03 -------- d-----w- c:\program files (x86)\uTorrent
2012-05-26 12:41 . 2012-05-26 12:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-26 12:41 . 2012-05-26 12:41 -------- d-----w- c:\program files (x86)\Oracle
2012-05-26 12:40 . 2012-04-04 16:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-26 12:40 . 2012-04-04 16:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-26 12:40 . 2012-05-26 12:40 -------- d-----w- c:\program files (x86)\Java
2012-05-26 11:58 . 2012-05-26 11:58 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-05-26 11:42 . 2012-05-26 11:42 -------- d-----w- c:\program files (x86)\ICQ7M
2012-05-22 00:32 . 2012-05-22 00:32 -------- d-----w- c:\windows\SysWow64\cs
2012-05-22 00:32 . 2012-05-22 00:32 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-05-22 00:32 . 2012-05-22 00:32 -------- d-----w- c:\windows\SysWow64\drivers\cs-CZ
2012-05-22 00:32 . 2012-05-22 00:32 -------- d-----w- c:\windows\system32\cs
2012-05-22 00:32 . 2012-05-22 00:32 -------- d-----w- c:\windows\cs-CZ
2012-05-22 00:32 . 2012-05-21 15:01 -------- d-----w- c:\windows\SysWow64\wbem\cs-CZ
2012-05-22 00:32 . 2012-05-22 00:32 -------- d-----w- c:\windows\system32\drivers\UMDF\cs-CZ
2012-05-22 00:32 . 2012-05-22 00:32 -------- d-----w- c:\windows\system32\drivers\cs-CZ
2012-05-22 00:32 . 2012-05-21 15:01 -------- d-----w- c:\windows\system32\wbem\cs-CZ
2012-05-22 00:31 . 2012-05-22 00:31 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\cs-CZ\LXKPTPRC.DLL.mui
2012-05-22 00:26 . 2012-05-22 00:26 -------- d-----w- c:\windows\NAPP_Dism_Log
2012-05-22 00:23 . 2010-05-12 02:11 2229608 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-05-22 00:23 . 2010-01-25 23:09 349776 ----a-w- c:\windows\UNINSTLMv4.EXE
2012-05-22 00:23 . 2009-10-24 01:22 99328 ----a-w- c:\windows\system32\Vxdif.dll
2012-05-22 00:23 . 2009-10-22 04:55 272432 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-05-22 00:23 . 2008-03-28 00:51 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-05-22 00:21 . 2010-12-04 08:42 2312232 ----a-w- c:\windows\WisGAPasx64.exe
2012-05-22 00:21 . 2009-10-27 18:46 342560 ----a-w- c:\windows\ParseModule_X64.exe
2012-05-22 00:21 . 2010-12-04 08:41 1714728 ----a-w- c:\windows\WisGAPas.exe
2012-05-22 00:21 . 2009-10-27 18:46 231968 ----a-w- c:\windows\ParseModule_X86.exe
2012-05-21 15:37 . 2012-05-21 15:37 -------- d-----w- c:\users\Public\Symantec
2012-05-21 15:36 . 2012-05-21 15:36 -------- d-----w- c:\users\Acer
2012-05-21 15:36 . 2012-05-21 15:36 -------- d-----w- C:\Recovery
2012-05-21 15:11 . 2012-05-21 15:11 -------- d-----w- C:\BOOK
2012-05-21 15:10 . 2012-05-21 15:10 -------- d-----w- c:\program files (x86)\Microsoft
2012-05-21 15:10 . 2012-05-21 15:10 -------- d-----w- c:\program files (x86)\Cyberlink
2012-05-21 15:10 . 2012-05-21 15:10 -------- d-----w- c:\program files (x86)\Social Networks
2012-05-21 15:08 . 2012-05-21 15:09 -------- d-----w- c:\programdata\SmartSound Software Inc
2012-05-21 15:08 . 2012-05-21 15:08 -------- d-----w- c:\programdata\eSellerate
2012-05-21 15:08 . 2012-05-21 15:08 -------- d-----w- c:\program files (x86)\SmartSound Software
2012-05-21 15:04 . 2010-03-19 01:00 55856 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-05-21 15:04 . 2009-10-20 01:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-05-21 15:04 . 2009-10-20 01:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-05-21 15:03 . 2012-05-21 15:07 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-05-21 15:03 . 2012-05-21 15:03 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-05-21 14:53 . 2012-05-21 14:54 -------- d-----w- c:\program files (x86)\Video Web Camera
2012-05-21 14:52 . 2012-05-21 14:52 -------- d-----w- c:\program files (x86)\Launch Manager
2012-05-21 14:52 . 2010-06-26 09:13 342056 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2012-05-21 14:52 . 2010-06-26 09:12 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-05-21 14:52 . 2010-06-26 09:12 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-05-21 14:52 . 2010-06-26 09:12 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-05-21 14:52 . 2010-06-26 09:12 102952 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-05-21 14:52 . 2012-05-21 14:52 -------- d-----w- c:\program files\Apoint2K
2012-05-21 14:51 . 2012-05-21 14:51 -------- d-----w- c:\program files\WIDCOMM
2012-05-21 14:48 . 2009-12-03 23:28 27648 ------w- c:\windows\SysWow64\agrsco64.dll
2012-05-21 14:48 . 2009-12-03 23:28 64000 ------w- c:\windows\SysWow64\agrsmdel.exe
2012-05-21 14:48 . 2012-05-21 14:48 -------- d-----w- c:\windows\Options
2012-05-21 14:48 . 2012-05-21 14:48 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-05-21 14:46 . 2012-05-21 14:46 -------- d-----w- c:\program files\Broadcom
2012-05-21 14:46 . 2012-05-21 14:46 -------- d-----w- c:\programdata\ATI
2012-05-21 14:45 . 2012-05-21 14:45 -------- d-----w- c:\program files\ATI
2012-05-21 14:45 . 2012-05-21 14:46 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-05-21 14:44 . 2012-05-21 14:44 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-05-21 14:44 . 2009-09-17 10:54 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2012-05-21 14:44 . 2009-12-14 20:33 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-05-21 14:43 . 2012-05-21 14:43 -------- d-----w- C:\Intel
2012-05-21 14:43 . 2010-03-03 17:51 540696 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-05-21 14:43 . 2012-05-21 14:46 -------- d-----w- c:\program files (x86)\Intel
2012-05-21 14:41 . 2012-05-21 14:41 0 ----a-w- c:\windows\ativpsrm.bin
2012-05-21 14:39 . 2011-08-29 10:24 -------- d-----w- c:\users\Default\AppData\Local\Adobe
2012-05-21 14:39 . 2011-08-29 10:13 -------- d-----w- c:\users\Default\AppData\Local\Windows Live
2012-05-20 08:03 . 2012-05-20 08:03 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-20 08:03 . 2012-05-20 08:03 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-28 08:45 . 2010-06-24 18:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-26 12:00 . 2011-08-29 10:25 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-05-22 00:31 . 2012-05-22 00:31 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\qwavedrv.sys.mui
2012-05-22 00:31 . 2012-05-22 00:31 5632 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\ndiscap.sys.mui
2012-05-22 00:31 . 2012-05-22 00:31 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\scfilter.sys.mui
2012-05-22 00:31 . 2012-05-22 00:31 50176 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\tcpip.sys.mui
2012-05-22 00:31 . 2012-05-22 00:31 27136 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\bfe.dll.mui
2012-05-22 00:31 . 2012-05-22 00:31 15360 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\pacer.sys.mui
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 PCDSRVC{11725DDC-93082FF6-06020200}_0;PCDSRVC{11725DDC-93082FF6-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\acer\appdata\local\temp\nummwucuzny7\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 PCDSRVC{D1725DDC-A0C4B5F2-06020200}_0;PCDSRVC{D1725DDC-A0C4B5F2-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\acer\appdata\local\temp\e23lx5uvayid\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-05-17 1160824]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120528.001\IDSvia64.sys [2012-05-25 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-01-05 867712]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-01-31 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-26 138360]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]
S4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 51349654
*NewlyCreated* - MBAMPROTECTOR
*Deregistered* - 51349654
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879240178-3437811780-3597250203-1000Core.job
- c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-26 11:39]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879240178-3437811780-3597250203-1000UA.job
- c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-26 11:39]
.
2012-05-29 c:\windows\Tasks\Packard Bell Registration - Reminder Recall task.job
- c:\program files (x86)\Packard Bell\Registration\GREG.exe [2011-01-25 02:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-01-05 860040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{11725DDC-93082FF6-06020200}_0]
"ImagePath"="\??\c:\users\acer\appdata\local\temp\nummwucuzny7\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D1725DDC-A0C4B5F2-06020200}_0]
"ImagePath"="\??\c:\users\acer\appdata\local\temp\e23lx5uvayid\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-05-29 23:03:27
ComboFix-quarantined-files.txt 2012-05-29 21:03
.
Před spuštěním: Volných bajtů: 234 689 798 144
Po spuštění: Volných bajtů: 238 425 554 944
.
- - End Of File - - F202EFADE671D0505B1B869A4E37CC33

[vyosek]

CF meni par veci pri svem behu, aby nebyla narusena jeho cinnost a nebylo do ni mozne zasahovat...da vse pak zpatky

Dejte mi chvili nez to prelouskam a napisu co dale...

[cocinella]

dobře, SNAD na tom tolik práce nebude

[vyosek]

Pokud nemate, tak presunte Combofix primo na disk c:\ at neni v zadne slozce

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879240178-3437811780-3597250203-1000Core.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879240178-3437811780-3597250203-1000UA.job
  c:\windows\Tasks\Packard Bell Registration - Reminder Recall task.job
  
  DDS::
  uStart Page = hxxp://packardbell.msn.com
  mStart Page = hxxp://packardbell.msn.com
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::
  

• Ulozte vytvoreny TXT jako CFScript.txt taktez primo na disk c:\
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[cocinella]

restart, log, ale nejde nic nejde spustit, prý: pokus použít neplatnou operaci na klíč v registru, který je označen pro odstranění...
co s tím?

[vyosek]

Jen restartujte PC, to pomuze

Jedna se o bug CF, ktery zatim autor neumi vyresit - vznika nahodne na nekterych systemech

[cocinella]

uf
tady by měl být log:

ComboFix 12-05-29.01 - Acer 29.05.2012 23:22:04.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3956.2342 [GMT 2:00]
Spuštěný z: d:\users\user\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Acer\Desktop\CFScript.txt
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879240178-3437811780-3597250203-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879240178-3437811780-3597250203-1000UA.job"
"c:\windows\Tasks\Packard Bell Registration - Reminder Recall task.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879240178-3437811780-3597250203-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879240178-3437811780-3597250203-1000UA.job
c:\windows\Tasks\Packard Bell Registration - Reminder Recall task.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-28 do 2012-05-29 )))))))))))))))))))))))))))))))
.
.
2012-05-29 21:26 . 2012-05-29 21:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-29 18:24 . 2012-05-29 18:24 -------- d-----w- c:\program files\trend micro
2012-05-29 18:24 . 2012-05-29 18:24 -------- d-----w- C:\rsit
2012-05-29 17:56 . 2012-05-29 17:56 -------- d-----w- c:\programdata\Malwarebytes
2012-05-29 16:48 . 2012-05-29 21:05 -------- d-----w- c:\windows\system32\drivers\NISx64\1207010.003
2012-05-29 10:00 . 2012-05-29 10:00 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-29 10:00 . 2012-05-29 10:00 -------- d-----w- c:\windows\system32\Wat
2012-05-29 09:45 . 2012-05-29 09:45 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-05-29 09:39 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-29 09:39 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-29 09:39 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-29 09:39 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-29 09:39 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-29 09:39 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-29 09:39 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-29 06:38 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-29 06:37 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-28 18:03 . 2010-02-04 08:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-05-28 18:02 . 2008-03-05 13:56 4910088 ----a-w- c:\windows\system32\D3DX9_37.dll
2012-05-28 18:00 . 2012-05-28 18:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-28 18:00 . 2012-05-28 18:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-28 17:56 . 2012-05-28 18:08 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2012-05-28 17:55 . 2012-05-28 17:55 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-28 17:55 . 2012-05-28 17:55 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-05-28 17:54 . 2012-05-28 17:56 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-05-28 08:52 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-28 08:52 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-28 08:52 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-28 08:52 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-28 08:52 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-28 08:52 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-28 08:52 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-27 14:09 . 2012-05-27 14:09 -------- d-----w- C:\Fraps
2012-05-27 13:29 . 2012-05-27 13:29 -------- d-----r- c:\program files (x86)\Skype
2012-05-27 11:16 . 2012-05-27 11:19 -------- d-----w- c:\program files (x86)\Portal
2012-05-27 11:03 . 2012-05-27 11:03 -------- d-----w- c:\program files (x86)\uTorrent
2012-05-26 12:41 . 2012-05-26 12:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-26 12:41 . 2012-05-26 12:41 -------- d-----w- c:\program files (x86)\Oracle
2012-05-26 12:40 . 2012-04-04 16:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-26 12:40 . 2012-04-04 16:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-26 12:40 . 2012-05-26 12:40 -------- d-----w- c:\program files (x86)\Java
2012-05-26 11:58 . 2012-05-26 11:58 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-05-26 11:42 . 2012-05-26 11:42 -------- d-----w- c:\program files (x86)\ICQ7M
2012-05-22 00:32 . 2012-05-22 00:32 -------- d-----w- c:\windows\SysWow64\cs
2012-05-22 00:32 . 2012-05-22 00:32 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-05-22 00:32 . 2012-05-22 00:32 -------- d-----w- c:\windows\SysWow64\drivers\cs-CZ
2012-05-22 00:32 . 2012-05-22 00:32 -------- d-----w- c:\windows\system32\cs
2012-05-22 00:32 . 2012-05-22 00:32 -------- d-----w- c:\windows\cs-CZ
2012-05-22 00:32 . 2012-05-21 15:01 -------- d-----w- c:\windows\SysWow64\wbem\cs-CZ
2012-05-22 00:32 . 2012-05-22 00:32 -------- d-----w- c:\windows\system32\drivers\UMDF\cs-CZ
2012-05-22 00:32 . 2012-05-22 00:32 -------- d-----w- c:\windows\system32\drivers\cs-CZ
2012-05-22 00:32 . 2012-05-21 15:01 -------- d-----w- c:\windows\system32\wbem\cs-CZ
2012-05-22 00:31 . 2012-05-22 00:31 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\cs-CZ\LXKPTPRC.DLL.mui
2012-05-22 00:26 . 2012-05-22 00:26 -------- d-----w- c:\windows\NAPP_Dism_Log
2012-05-22 00:23 . 2010-05-12 02:11 2229608 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-05-22 00:23 . 2010-01-25 23:09 349776 ----a-w- c:\windows\UNINSTLMv4.EXE
2012-05-22 00:23 . 2009-10-24 01:22 99328 ----a-w- c:\windows\system32\Vxdif.dll
2012-05-22 00:23 . 2009-10-22 04:55 272432 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-05-22 00:23 . 2008-03-28 00:51 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-05-22 00:21 . 2010-12-04 08:42 2312232 ----a-w- c:\windows\WisGAPasx64.exe
2012-05-22 00:21 . 2009-10-27 18:46 342560 ----a-w- c:\windows\ParseModule_X64.exe
2012-05-22 00:21 . 2010-12-04 08:41 1714728 ----a-w- c:\windows\WisGAPas.exe
2012-05-22 00:21 . 2009-10-27 18:46 231968 ----a-w- c:\windows\ParseModule_X86.exe
2012-05-21 15:37 . 2012-05-21 15:37 -------- d-----w- c:\users\Public\Symantec
2012-05-21 15:36 . 2012-05-21 15:36 -------- d-----w- c:\users\Acer
2012-05-21 15:36 . 2012-05-21 15:36 -------- d-----w- C:\Recovery
2012-05-21 15:11 . 2012-05-21 15:11 -------- d-----w- C:\BOOK
2012-05-21 15:10 . 2012-05-21 15:10 -------- d-----w- c:\program files (x86)\Microsoft
2012-05-21 15:10 . 2012-05-21 15:10 -------- d-----w- c:\program files (x86)\Cyberlink
2012-05-21 15:10 . 2012-05-21 15:10 -------- d-----w- c:\program files (x86)\Social Networks
2012-05-21 15:08 . 2012-05-21 15:09 -------- d-----w- c:\programdata\SmartSound Software Inc
2012-05-21 15:08 . 2012-05-21 15:08 -------- d-----w- c:\programdata\eSellerate
2012-05-21 15:08 . 2012-05-21 15:08 -------- d-----w- c:\program files (x86)\SmartSound Software
2012-05-21 15:04 . 2010-03-19 01:00 55856 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-05-21 15:04 . 2009-10-20 01:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-05-21 15:04 . 2009-10-20 01:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-05-21 15:03 . 2012-05-21 15:07 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-05-21 15:03 . 2012-05-21 15:03 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-05-21 14:53 . 2012-05-21 14:54 -------- d-----w- c:\program files (x86)\Video Web Camera
2012-05-21 14:52 . 2012-05-21 14:52 -------- d-----w- c:\program files (x86)\Launch Manager
2012-05-21 14:52 . 2010-06-26 09:13 342056 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2012-05-21 14:52 . 2010-06-26 09:12 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-05-21 14:52 . 2010-06-26 09:12 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-05-21 14:52 . 2010-06-26 09:12 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-05-21 14:52 . 2010-06-26 09:12 102952 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-05-21 14:52 . 2012-05-21 14:52 -------- d-----w- c:\program files\Apoint2K
2012-05-21 14:51 . 2012-05-21 14:51 -------- d-----w- c:\program files\WIDCOMM
2012-05-21 14:48 . 2009-12-03 23:28 27648 ------w- c:\windows\SysWow64\agrsco64.dll
2012-05-21 14:48 . 2009-12-03 23:28 64000 ------w- c:\windows\SysWow64\agrsmdel.exe
2012-05-21 14:48 . 2012-05-21 14:48 -------- d-----w- c:\windows\Options
2012-05-21 14:48 . 2012-05-21 14:48 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-05-21 14:46 . 2012-05-21 14:46 -------- d-----w- c:\program files\Broadcom
2012-05-21 14:46 . 2012-05-21 14:46 -------- d-----w- c:\programdata\ATI
2012-05-21 14:45 . 2012-05-21 14:45 -------- d-----w- c:\program files\ATI
2012-05-21 14:45 . 2012-05-21 14:46 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-05-21 14:44 . 2012-05-21 14:44 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-05-21 14:44 . 2009-09-17 10:54 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2012-05-21 14:44 . 2009-12-14 20:33 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-05-21 14:43 . 2012-05-21 14:43 -------- d-----w- C:\Intel
2012-05-21 14:43 . 2010-03-03 17:51 540696 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-05-21 14:43 . 2012-05-21 14:46 -------- d-----w- c:\program files (x86)\Intel
2012-05-21 14:41 . 2012-05-21 14:41 0 ----a-w- c:\windows\ativpsrm.bin
2012-05-21 14:39 . 2011-08-29 10:24 -------- d-----w- c:\users\Default\AppData\Local\Adobe
2012-05-21 14:39 . 2011-08-29 10:13 -------- d-----w- c:\users\Default\AppData\Local\Windows Live
2012-05-20 08:03 . 2012-05-20 08:03 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-20 08:03 . 2012-05-20 08:03 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-28 08:45 . 2010-06-24 18:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-26 12:00 . 2011-08-29 10:25 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-05-22 00:31 . 2012-05-22 00:31 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\qwavedrv.sys.mui
2012-05-22 00:31 . 2012-05-22 00:31 5632 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\ndiscap.sys.mui
2012-05-22 00:31 . 2012-05-22 00:31 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\scfilter.sys.mui
2012-05-22 00:31 . 2012-05-22 00:31 50176 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\tcpip.sys.mui
2012-05-22 00:31 . 2012-05-22 00:31 27136 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\bfe.dll.mui
2012-05-22 00:31 . 2012-05-22 00:31 15360 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\pacer.sys.mui
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-29_20.44.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-05-29 21:08 61858 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-05-29 21:09 96720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-29 20:58 . 2012-05-29 20:58 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\543b0e12423bcec010bdd2ac27c5dc04\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-29 20:57 . 2012-05-29 20:57 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\d24744f15243e28ea541a459ff7ff5d5\PresentationFontCache.ni.exe
+ 2012-05-29 20:57 . 2012-05-29 20:57 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\87a30ba337ed55d0905f19742e2985bc\napcrypt.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\9f2e8e0df9ff39ad21088f1d66cfadb1\Microsoft.WSMan.Runtime.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d797123d55bb7b823120d0a7ffbbc2a7\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb8ad29814d9e5589bd400d38e7a0b10\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb42a0f25b7608b2675080081b03f6e5\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\c6e9143be5afb36345875d56b61c444f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\91767cf3facefe10e00734c815e925ad\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\66cd99d2f576cde047074e98bd5e1848\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\4308e1bdc640e1c3f1ea966e84e48900\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\06fcf2fbbe38d9425fc49d935498ec93\Microsoft.Vsa.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e3ef400b1f37e4d3b79a42a8a602ea02\Microsoft.Build.Framework.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2095344bf8c40f8baa94ba53a993fb4c\Microsoft.Build.Framework.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\dc93539af5a961641a26ada75f730136\ehiUserXp.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\53d03b0e238c77cf7e5ac88e02aecd2c\dfsvc.ni.exe
+ 2012-05-23 08:41 . 2012-05-29 21:08 3078 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2879240178-3437811780-3597250203-1000_UserData.bin
+ 2012-05-29 21:27 . 2012-05-29 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-29 10:02 . 2012-05-29 10:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-29 21:27 . 2012-05-29 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-29 10:02 . 2012-05-29 10:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-05-29 10:07 607190 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-29 21:10 607190 c:\windows\system32\perfh009.dat
- 2012-05-22 00:32 . 2012-05-29 10:07 622660 c:\windows\system32\perfh005.dat
+ 2012-05-22 00:32 . 2012-05-29 21:10 622660 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2012-05-29 10:07 103568 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-29 21:10 103568 c:\windows\system32\perfc009.dat
- 2012-05-22 00:32 . 2012-05-29 10:07 118810 c:\windows\system32\perfc005.dat
+ 2012-05-22 00:32 . 2012-05-29 21:10 118810 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2012-05-29 21:26 232280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-29 20:45 . 2012-05-29 20:45 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\89ef9ecbcf1f666b498c9ccc8632621d\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\779b08c46960a1824503aa6f089673fa\UIAutomationClient.ni.dll
+ 2012-05-29 20:58 . 2012-05-29 20:58 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
+ 2012-05-29 20:58 . 2012-05-29 20:58 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e180769a4c85964760934226d795a5b2\System.Web.Abstractions.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\20d81596f0a78f61d0cfe7b1f75e052c\System.Messaging.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\100d39c2f8985cb93e26feef86ba5212\System.IdentityModel.Selectors.ni.dll
+ 2012-05-29 20:58 . 2012-05-29 20:58 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e36e03067b12bc35fcc3787dc81022c8\System.Data.Services.Design.ni.dll
+ 2012-05-29 20:58 . 2012-05-29 20:58 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a29fff52e2c3d13ec15e8701027ab17\System.Data.Entity.Design.ni.dll
+ 2012-05-29 20:58 . 2012-05-29 20:58 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\940f62a5d077405e0b324422afb6ff2c\System.Data.DataSetExtensions.ni.dll
+ 2012-05-29 20:58 . 2012-05-29 20:58 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1b0b19607668635281fa260707f4352f\SMSvcHost.ni.exe
+ 2012-05-29 20:45 . 2012-05-29 20:45 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
+ 2012-05-29 20:57 . 2012-05-29 20:57 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\dbe83f0466f3c15f2391432c46be4992\napsnap.ni.dll
+ 2012-05-29 20:57 . 2012-05-29 20:57 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\a116c35c69449bbc7dbab2a7a4cf4b86\napinit.ni.dll
+ 2012-05-29 20:57 . 2012-05-29 20:57 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\e0c40329b9cdd7f141a3702d79eb4bda\naphlpr.ni.dll
+ 2012-05-29 20:57 . 2012-05-29 20:57 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\74a8b6419deb005337a1e43ec2502134\MSBuild.ni.exe
+ 2012-05-29 20:46 . 2012-05-29 20:46 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\ee856f5244b04ad8bff60614b09474a6\MMCFxCommon.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\070505350ec9daa3343b3cd2bc8cf59e\Microsoft.WSMan.Management.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1e639225ba30d7f182b893ddacea506b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d4c36b363fcd1ca494218e74ba606e99\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ba2ca86f5d270f493501848843d2f227\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\607324a312b1c6d7fbede8300e8cee91\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1f1185444c8a12ace85ba4c2d49f41f8\Microsoft.PowerShell.Security.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\12715b7e3e89758161053520b57764b2\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\0d6a371076a696788268aa5e78b2de39\Microsoft.ManagementConsole.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7e59b3b84ca3c61adfc0dc74a65ea177\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\07e346ee0e3f7433f2de7a72fadd6713\Microsoft.Build.Utilities.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\432160eff3b1f9301c6a74c2e647e03d\Microsoft.Build.Engine.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\8297305de86377d0070a983d99a7f943\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\541a5bb4d0f8490e506f885a4b435566\mcstoredb.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\464674d5e3ef52ffa0fccc2043c38e0e\EventViewer.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\5ae5c6732ef8e7115baaeb66fd69cdd2\ehRecObj.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\fbfc09fefc5a4d33f9a009f0157875f0\ehiVidCtl.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\cbf3a07d3ab873b19f47d6a24f06c796\ehiProxy.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\5cc4a5672758f4732ef430b3431f47fc\ehiExtens.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\83314c8ed8a90829fff41be1364833ef\ehExtHost32.ni.exe
+ 2012-05-29 20:45 . 2012-05-29 20:45 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\3912b69593af13d0922279a063e5af66\ComSvcConfig.ni.exe
- 2009-07-14 04:45 . 2012-05-29 10:02 7284024 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-05-29 21:08 7284024 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-05-23 06:01 . 2012-05-29 21:26 2539332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2879240178-3437811780-3597250203-1000-8192.dat
+ 2012-05-29 20:58 . 2012-05-29 20:58 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ab83e0de98f69306d49754a9174bf10a\System.Web.Extensions.ni.dll
+ 2012-05-29 20:58 . 2012-05-29 20:58 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\a8495b797e6f7adddc5811a4e1f97db5\System.Management.Automation.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
+ 2012-05-29 20:58 . 2012-05-29 20:58 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\3285887b33030a7ce453573d3bed4e95\System.Data.Services.ni.dll
+ 2012-05-29 20:58 . 2012-05-29 20:58 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\330d3ad45a00455b537047183e128def\System.Data.Services.Client.ni.dll
+ 2012-05-29 20:58 . 2012-05-29 20:58 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\2fe1658f05b0a96fe25c956a31d27b06\System.Data.Linq.ni.dll
+ 2012-05-29 20:58 . 2012-05-29 20:58 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
+ 2012-05-29 20:57 . 2012-05-29 20:57 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b3f13707cbd5d48aabaa9ef5264c8a30\PresentationBuildTasks.ni.dll
+ 2012-05-29 20:57 . 2012-05-29 20:57 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\2765de8f1b3d8b1da336d3e70121e3b2\Narrator.ni.exe
+ 2012-05-29 20:46 . 2012-05-29 20:46 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\e7c74193104063352085477c2d866a93\MMCEx.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\922d749af286fccba928ccd4456ec222\MIGUIControls.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7046d73435e4cb840cc1afea22aba9a6\Microsoft.VisualBasic.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cd9e47effec6549cdec61eb3aef99f7c\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fce19ef1694f4fc4db08ffb0237f4ac7\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\86ad0b271dc4905c82b11c21dc33b1a9\Microsoft.PowerShell.Editor.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7ee29045f76b1e9577bfc1e0fab723d8\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\c31b76610d07fcaa42a8eddcbca8bd30\Microsoft.MediaCenter.UI.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\28efe61ef266e48178a379a830623b20\Microsoft.MediaCenter.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\e3d2577e00aef6bc9b3e235eb83634f3\Microsoft.JScript.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\2ec9426778058b0a331acb9c12c08200\Microsoft.Ink.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a519a2c009c973846c3712038a0cd308\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\24849ea16bc781c24452fddd856b31f2\Microsoft.Build.Tasks.ni.dll
+ 2012-05-29 20:46 . 2012-05-29 20:46 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6b66f52dbd8f87e53c3c9a1de7ca5bba\Microsoft.Build.Engine.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\d346e535d1caec5d4ed0dd2be5c193d3\mcstore.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\69b8de21b08c3412422c5918399ed702\mcepg.ni.dll
+ 2012-05-29 20:45 . 2012-05-29 20:45 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 PCDSRVC{11725DDC-93082FF6-06020200}_0;PCDSRVC{11725DDC-93082FF6-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\acer\appdata\local\temp\nummwucuzny7\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 PCDSRVC{D1725DDC-A0C4B5F2-06020200}_0;PCDSRVC{D1725DDC-A0C4B5F2-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\acer\appdata\local\temp\e23lx5uvayid\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-05-17 1160824]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120528.001\IDSvia64.sys [2012-05-25 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-01-05 867712]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-01-31 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-26 138360]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-01-05 860040]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{11725DDC-93082FF6-06020200}_0]
"ImagePath"="\??\c:\users\acer\appdata\local\temp\nummwucuzny7\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D1725DDC-A0C4B5F2-06020200}_0]
"ImagePath"="\??\c:\users\acer\appdata\local\temp\e23lx5uvayid\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2012-05-29 23:30:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-29 21:30
ComboFix2.txt 2012-05-29 21:03
.
Před spuštěním: Volných bajtů: 238 394 712 064
Po spuštění: Volných bajtů: 238 324 428 800
.
- - End Of File - - D6AA1BFFD50D1577813A3BAE4E7B733D

[vyosek]

Co nas pacient?? stale si spousti diablo jak chce??

[cocinella]

ne, zatím nic, už šmejda ani nikde nevidím, takže snad v pořádku.... byla tam nějaká havěť?

[vyosek]

Ano, neco tam bylo

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

napiste co PC