W7HP 64 bit jen nouzový režim

Zpráva

dvc64 · #1 Příspěvek od **dvc64** » 09 srp 2011 10:21

Dobrý den, dostal se mi do ruky ntb Acer Aspire 5738G s tím, že se po připojení k internetu sám vypne. Tak s tím už laboruji skoro měsíc a výsledek je ten, že ntb nenabootuje jinak než do nouzového režimu (ikdyž vyberu "spustit normálním způsobem" tak nouzák). V době kdy se mi dostal do ruk tam nebyl žádný antivirák, jen McAfee (pravděpodobně trial od výrobce), ale byl "natvrdo" smazaný, tj. v adresáři bylo jen pár souborů a jely některé jeho služby. Počítač se náhodně (někdy hned po přihlášení, někdy později) korektně, tj. s odhlášením uživatele a vypnutím, restartoval. Přikládám log a prosím o pomoc, pokud to jde.
Děkuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dominik at 2011-08-09 11:13:18
Microsoft Windows 7 Home Premium
System drive C: has 493 GB (83%) free of 596 GB
Total RAM: 3067 MB (86% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
ctfmon.exe
"C:\Users\Dominik\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1685106172-579925320-1233995380-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1685106172-579925320-1233995380-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-06-20 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-05 186904]
"mwlDaemon"=C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [2010-05-27 349552]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2010-05-26 585376]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2010-05-26 354464]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-08-06 8060960]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-09-18 1842472]
"PLFSetI"=C:\Windows\PLFSetI.exe [2010-06-10 206208]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2010-02-26 818720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 136176]
"Software Informer"=C:\Program Files (x86)\Software Informer\softinfo.exe [2009-10-28 1978437]
"fsm"= []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]
"BackupManagerTray"=C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2010-06-29 265984]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-02 1155928]
"SuiteTray"=C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2010-05-27 337264]
"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-03-11 201584]
"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-03-11 407920]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-01-22 98304]
"VitaKeyPdtWzd"=c:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [2009-09-26 3568640]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2009-11-02 1094736]
"ArcadeDeluxeAgent"=C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2009-10-29 419112]
"PlayMovie"=C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2010-01-19 181480]
"NBAgent"=C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2011-07-06 1047656]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=c:\Program Files (x86)\Acer Bio Protection\PwdFilterV64

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-09 11:13:19 ----D---- C:\Program Files\trend micro
2011-08-09 11:13:18 ----D---- C:\rsit
2011-08-09 10:40:41 ----SD---- C:\Windows\SYSWOW64\Microsoft
2011-08-09 10:14:03 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-08-09 10:13:59 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-08-09 10:03:03 ----A---- C:\Windows\ntbtlog.txt
2011-08-09 07:45:18 ----D---- C:\Windows\LastGood
2011-07-30 19:42:50 ----D---- C:\ProgramData\AVG10
2011-07-30 18:43:08 ----D---- C:\_
2011-07-30 13:16:27 ----D---- C:\Users\Dominik\AppData\Roaming\Malwarebytes
2011-07-30 13:16:21 ----D---- C:\ProgramData\Malwarebytes
2011-07-30 13:16:18 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-30 12:52:39 ----HD---- C:\ProgramData\Common Files
2011-07-30 12:52:15 ----D---- C:\ProgramData\MFAData
2011-07-28 11:04:43 ----HD---- C:\Windows\update.5.0
2011-07-28 11:04:38 ----HD---- C:\Windows\update.2
2011-07-14 19:22:25 ----HD---- C:\Windows\update.1
2011-07-14 19:22:00 ----HD---- C:\Windows\update.tray-9-0

======List of files/folders modified in the last 1 month======

2011-08-09 19:19:41 ----D---- C:\Windows\system32\config
2011-08-09 19:19:35 ----RD---- C:\Users
2011-08-09 19:19:35 ----D---- C:\Windows\winsxs
2011-08-09 19:19:35 ----D---- C:\Windows\System32
2011-08-09 19:19:34 ----D---- C:\Windows\Tasks
2011-08-09 19:19:34 ----D---- C:\Windows\SYSWOW64\wbem
2011-08-09 19:19:34 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-09 19:19:34 ----D---- C:\Windows\system32\wfp
2011-08-09 19:19:34 ----D---- C:\Windows\system32\wbem
2011-08-09 19:19:34 ----D---- C:\Windows\system32\DriverStore
2011-08-09 19:19:34 ----D---- C:\Windows\system32\drivers\UMDF
2011-08-09 19:19:34 ----D---- C:\Windows\system32\drivers\etc
2011-08-09 19:19:34 ----D---- C:\Windows\system32\cs-CZ
2011-08-09 19:19:34 ----D---- C:\Windows\rescache
2011-08-09 19:19:34 ----D---- C:\Windows\inf
2011-08-09 19:19:34 ----D---- C:\Windows\ehome
2011-08-09 19:19:34 ----D---- C:\Windows\AppPatch
2011-08-09 19:19:34 ----D---- C:\Program Files\Internet Explorer
2011-08-09 19:17:57 ----D---- C:\Windows\system32\CodeIntegrity
2011-08-09 19:17:32 ----D---- C:\Windows\AppCompat
2011-08-09 19:17:20 ----D---- C:\Program Files (x86)\Software Informer
2011-08-09 19:17:17 ----D---- C:\Program Files (x86)\Launch Manager
2011-08-09 19:17:16 ----D---- C:\Program Files (x86)\EgisTec IPS
2011-08-09 19:17:16 ----D---- C:\Program Files (x86)\Common Files
2011-08-09 19:17:15 ----D---- C:\Program Files (x86)\Bluetooth Suite
2011-08-09 19:17:14 ----D---- C:\Program Files (x86)\Acer Bio Protection
2011-08-09 19:16:12 ----D---- C:\Windows\registration
2011-08-09 19:14:39 ----D---- C:\Windows\Web
2011-08-09 19:14:39 ----D---- C:\Windows\Vss
2011-08-09 19:14:39 ----D---- C:\Windows\SYSWOW64\XPSViewer
2011-08-09 19:14:38 ----D---- C:\Windows\SYSWOW64\winrm
2011-08-09 19:14:38 ----D---- C:\Windows\SYSWOW64\WindowsPowerShell
2011-08-09 19:14:38 ----D---- C:\Windows\SYSWOW64\wdi
2011-08-09 19:14:38 ----D---- C:\Windows\SYSWOW64\WCN
2011-08-09 19:14:36 ----D---- C:\Windows\SYSWOW64\spp
2011-08-09 19:14:36 ----D---- C:\Windows\SYSWOW64\Speech
2011-08-09 19:14:36 ----D---- C:\Windows\SYSWOW64\slmgr
2011-08-09 19:14:35 ----D---- C:\Windows\SYSWOW64\Printing_Admin_Scripts
2011-08-09 19:14:34 ----D---- C:\Windows\SYSWOW64\NetworkList
2011-08-09 19:14:34 ----D---- C:\Windows\SYSWOW64\MUI
2011-08-09 19:14:33 ----D---- C:\Windows\SYSWOW64\Msdtc
2011-08-09 19:14:32 ----D---- C:\Windows\SYSWOW64\migwiz
2011-08-09 19:14:32 ----D---- C:\Windows\SYSWOW64\migration
2011-08-09 19:14:32 ----D---- C:\Windows\SYSWOW64\Macromed
2011-08-09 19:14:31 ----D---- C:\Windows\SYSWOW64\InstallShield
2011-08-09 19:14:31 ----D---- C:\Windows\SYSWOW64\IME
2011-08-09 19:14:29 ----D---- C:\Windows\SYSWOW64\DriverStore
2011-08-09 19:14:29 ----D---- C:\Windows\SYSWOW64\drivers\nti
2011-08-09 19:14:29 ----D---- C:\Windows\SYSWOW64\Dism
2011-08-09 19:14:28 ----D---- C:\Windows\SYSWOW64\config
2011-08-09 19:14:28 ----D---- C:\Windows\SYSWOW64\com
2011-08-09 19:14:24 ----D---- C:\Windows\system32\winrm
2011-08-09 19:14:24 ----D---- C:\Windows\system32\WindowsPowerShell
2011-08-09 19:14:24 ----D---- C:\Windows\system32\WinBioPlugIns
2011-08-09 19:14:23 ----D---- C:\Windows\system32\wdi
2011-08-09 19:14:23 ----D---- C:\Windows\system32\WCN
2011-08-09 19:14:22 ----D---- C:\Windows\system32\Tasks
2011-08-09 19:14:21 ----D---- C:\Windows\system32\sysprep
2011-08-09 19:14:20 ----D---- C:\Windows\system32\spp
2011-08-09 19:14:20 ----D---- C:\Windows\system32\spool
2011-08-09 19:14:20 ----D---- C:\Windows\system32\Speech
2011-08-09 19:14:20 ----D---- C:\Windows\system32\SMI
2011-08-09 19:14:20 ----D---- C:\Windows\system32\slmgr
2011-08-09 19:14:18 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2011-08-09 19:14:17 ----D---- C:\Windows\system32\oobe
2011-08-09 19:14:16 ----D---- C:\Windows\system32\OEM
2011-08-09 19:14:15 ----D---- C:\Windows\system32\NetworkList
2011-08-09 19:14:15 ----D---- C:\Windows\system32\MUI
2011-08-09 19:14:14 ----D---- C:\Windows\system32\Msdtc
2011-08-09 19:14:13 ----SD---- C:\Windows\system32\Microsoft
2011-08-09 19:14:13 ----D---- C:\Windows\system32\migwiz
2011-08-09 19:14:13 ----D---- C:\Windows\system32\migration
2011-08-09 19:14:12 ----D---- C:\Windows\system32\IME
2011-08-09 19:14:04 ----D---- C:\Windows\system32\Dism
2011-08-09 19:14:02 ----D---- C:\Windows\system32\com
2011-08-09 19:14:01 ----D---- C:\Windows\system32\catroot
2011-08-09 19:13:58 ----D---- C:\Windows\system32\Boot
2011-08-09 19:13:56 ----D---- C:\Windows\Speech
2011-08-09 19:13:56 ----D---- C:\Windows\Setup
2011-08-09 19:13:56 ----D---- C:\Windows\servicing
2011-08-09 19:13:51 ----D---- C:\Windows\schemas
2011-08-09 19:13:51 ----D---- C:\Windows\ServiceProfiles
2011-08-09 19:13:51 ----D---- C:\Windows\security
2011-08-09 19:13:51 ----D---- C:\Windows\Resources
2011-08-09 19:13:50 ----D---- C:\Windows\PolicyDefinitions
2011-08-09 19:13:50 ----D---- C:\Windows\PLA
2011-08-09 19:13:50 ----D---- C:\Windows\Performance
2011-08-09 19:13:50 ----D---- C:\Windows\oem
2011-08-09 19:13:50 ----D---- C:\Windows\NAPP_Dism_Log
2011-08-09 19:13:47 ----D---- C:\Windows\Microsoft.NET
2011-08-09 19:13:46 ----SHD---- C:\Windows\Installer
2011-08-09 19:13:46 ----RSD---- C:\Windows\Media
2011-08-09 19:13:46 ----D---- C:\Windows\LP
2011-08-09 19:13:43 ----D---- C:\Windows\IME
2011-08-09 19:13:43 ----D---- C:\Windows\Help
2011-08-09 19:13:43 ----D---- C:\Windows\Globalization
2011-08-09 19:13:42 ----D---- C:\Windows\Downloaded Installations
2011-08-09 19:13:42 ----D---- C:\Windows\diagnostics
2011-08-09 19:13:42 ----D---- C:\Windows\Branding
2011-08-09 19:13:41 ----D---- C:\Windows\Boot
2011-08-09 19:13:40 ----RSD---- C:\Windows\assembly
2011-08-09 19:13:23 ----D---- C:\Vietcong2
2011-08-09 19:13:20 ----SD---- C:\Users\Dominik\AppData\Roaming\Microsoft
2011-08-09 19:13:20 ----D---- C:\Users\Dominik\AppData\Roaming\Software Informer
2011-08-09 19:13:09 ----D---- C:\ProgramData\Symantec
2011-08-09 19:13:09 ----D---- C:\ProgramData\oem
2011-08-09 19:13:09 ----D---- C:\ProgramData\OberonGameConsole
2011-08-09 19:13:09 ----AD---- C:\ProgramData\Temp
2011-08-09 19:13:07 ----D---- C:\ProgramData\CyberLink
2011-08-09 19:13:07 ----D---- C:\ProgramData\Acer
2011-08-09 19:13:06 ----D---- C:\Program Files\Windows Sidebar
2011-08-09 19:13:06 ----D---- C:\Program Files\Windows Photo Viewer
2011-08-09 19:13:06 ----D---- C:\Program Files\Windows NT
2011-08-09 19:13:06 ----D---- C:\Program Files\Windows Media Player
2011-08-09 19:13:06 ----D---- C:\Program Files\Windows Mail
2011-08-09 19:13:06 ----D---- C:\Program Files\Windows Journal
2011-08-09 19:13:06 ----D---- C:\Program Files\Windows Defender
2011-08-09 19:13:06 ----D---- C:\Program Files\Synaptics
2011-08-09 19:13:06 ----D---- C:\Program Files\Reference Assemblies
2011-08-09 19:13:05 ----D---- C:\Program Files\Realtek
2011-08-09 19:13:05 ----D---- C:\Program Files\Preload
2011-08-09 19:13:05 ----D---- C:\Program Files\MSBuild
2011-08-09 19:13:05 ----D---- C:\Program Files\Microsoft Games
2011-08-09 19:12:36 ----D---- C:\Program Files\DVD Maker
2011-08-09 19:12:36 ----D---- C:\Program Files\Common Files\System
2011-08-09 19:12:36 ----D---- C:\Program Files\Common Files\SpeechEngines
2011-08-09 19:12:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-08-09 19:12:23 ----D---- C:\Program Files\Broadcom
2011-08-09 19:12:23 ----D---- C:\Program Files\ATI
2011-08-09 19:12:23 ----D---- C:\Program Files\Acer
2011-08-09 19:12:22 ----D---- C:\Program Files (x86)\WinRAR
2011-08-09 19:12:22 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-08-09 19:12:22 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-08-09 19:12:22 ----D---- C:\Program Files (x86)\Windows NT
2011-08-09 19:12:22 ----D---- C:\Program Files (x86)\Windows Media Player
2011-08-09 19:12:22 ----D---- C:\Program Files (x86)\Windows Mail
2011-08-09 19:12:22 ----D---- C:\Program Files (x86)\Windows Live
2011-08-09 19:12:21 ----D---- C:\Program Files (x86)\Windows Defender
2011-08-09 19:12:21 ----D---- C:\Program Files (x86)\Symantec
2011-08-09 19:12:21 ----D---- C:\Program Files (x86)\Reference Assemblies
2011-08-09 19:12:21 ----D---- C:\Program Files (x86)\Realtek
2011-08-09 19:12:20 ----D---- C:\Program Files (x86)\NewTech Infosystems
2011-08-09 19:12:20 ----D---- C:\Program Files (x86)\Nero
2011-08-09 19:12:17 ----D---- C:\Program Files (x86)\MSBuild
2011-08-09 19:12:17 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-08-09 19:12:17 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-08-09 19:12:17 ----D---- C:\Program Files (x86)\Microsoft
2011-08-09 19:12:16 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-08-09 19:12:16 ----D---- C:\Program Files (x86)\Microsoft Office
2011-08-09 19:12:16 ----D---- C:\Program Files (x86)\Microsoft Games
2011-08-09 19:12:12 ----D---- C:\Program Files (x86)\Java
2011-08-09 19:12:12 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-09 19:12:11 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-08-09 19:12:11 ----D---- C:\Program Files (x86)\Intel
2011-08-09 19:12:11 ----D---- C:\Program Files (x86)\Fingerprint Sensor
2011-08-09 19:12:11 ----D---- C:\Program Files (x86)\eSobi
2011-08-09 19:12:11 ----D---- C:\Program Files (x86)\EgisTec Shredder
2011-08-09 19:12:11 ----D---- C:\Program Files (x86)\EgisTec MyWinLockerSuite
2011-08-09 19:12:10 ----D---- C:\Program Files (x86)\EgisTec MyWinLocker
2011-08-09 19:12:09 ----D---- C:\Program Files (x86)\Drakensang - The River of Time
2011-08-09 19:12:09 ----D---- C:\Program Files (x86)\Cyberlink
2011-08-09 19:12:06 ----D---- C:\Program Files (x86)\Bethesda Softworks
2011-08-09 19:12:05 ----D---- C:\Program Files (x86)\ATI Technologies
2011-08-09 19:12:05 ----D---- C:\Program Files (x86)\Adobe
2011-08-09 19:12:04 ----D---- C:\Program Files (x86)\Acer Inc
2011-08-09 19:12:04 ----D---- C:\Program Files (x86)\Acer GameZone
2011-08-09 19:12:04 ----D---- C:\Program Files (x86)\Acer
2011-08-09 19:12:01 ----HD---- C:\OEM
2011-08-09 19:12:01 ----D---- C:\Program Files (x86)\Acer Arcade Deluxe
2011-08-09 19:12:01 ----D---- C:\Program Files (x86)\2K Games
2011-08-09 19:11:59 ----SHD---- C:\$Recycle.Bin
2011-08-09 11:13:19 ----RD---- C:\Program Files
2011-08-09 11:12:40 ----D---- C:\Windows\system32\catroot2
2011-08-09 11:05:18 ----HD---- C:\ProgramData
2011-08-09 10:46:36 ----D---- C:\Program Files\Common Files
2011-08-09 10:45:23 ----D---- C:\Windows
2011-08-09 10:45:18 ----SD---- C:\ProgramData\Microsoft
2011-08-09 10:41:27 ----D---- C:\Windows\system32\drivers
2011-08-09 10:40:41 ----D---- C:\Windows\SysWOW64
2011-08-09 10:14:03 ----D---- C:\Windows\SYSWOW64\drivers
2011-08-09 10:01:34 ----D---- C:\Windows\Temp
2011-08-09 10:00:28 ----RD---- C:\Program Files (x86)
2011-08-09 09:31:20 ----SHD---- C:\System Volume Information
2011-07-31 04:17:25 ----D---- C:\Windows\system32\LogFiles
2011-07-14 19:12:09 ----D---- C:\Windows\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-05 408600]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-06-19 213888]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2010-05-20 32296]
R3 DKbFltr;Dritek Keyboard Filter Driver (64-bit); C:\Windows\SysWOW64\Drivers\DKbFltr.sys [2009-03-26 25608]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2010-04-29 18432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-09-18 292912]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2010-04-29 17408]
S1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [2011-06-12 3852976]
S1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-06-12 310728]
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-06-12 42696]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-04-07 1208320]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-01-22 6233088]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-01-22 161280]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2010-05-20 38248]
S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys [2010-05-20 55336]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 121872]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-01-22 6233088]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-09-21 734720]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2010-05-20 294760]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2010-05-20 202792]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2010-05-20 52584]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2010-05-20 156392]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2010-05-26 264040]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-08-06 1974944]
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-06-20 54272]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-06-05 216064]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-06-25 205472]
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-03-28 16896]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-01-22 202752]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe [2011-06-12 551896]
S2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2010-05-26 47776]
S2 ATService;AuthenTec Fingerprint Service; C:\Program Files (x86)\Fingerprint Sensor\AtService.exe [2009-09-21 1815800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-26 841248]
S2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-05 354840]
S2 IGBASVC;EgisTec Service; c:\Program Files (x86)\Acer Bio Protection\BASVC.exe [2009-09-26 3449856]
S2 McMPFSvc;McAfee Služba programu Personal Firewall; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc []
S2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-02 2804568]
S2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-29 255744]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
S2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S3 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-12 1255736]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 09 srp 2011 17:34

Je tam FB virus. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

dvc64 · #3 Příspěvek od **dvc64** » 10 srp 2011 09:23

Moc děkuji za reakci a omlouvám se, že jsem nenapsal dříve (včera večer mi nejel net), ale ještě večer jsem zjistil, že lze nastavit, aby OS automaticky najížděl v nouzovém režimu, aniž by k tomu měl důvod (ovládací panely --> nástroje pro správu --> konfigurace systému --> záložka spuštění počítače - tady bylo zaškrtnuto bezpečné spuštění a já to určitě nezaškrtával a netuším čím se to mohlo zapnout). Po zrušení tohoto nastavení systém normálně naběhl a zdá se, že vše funguje (proběhlo několik aktualizací - vč. instalace SP1, je možné běžně prohlížet internet, šel spustit a úspěšně skončil odinstalátor McAfee, šel nainstalovat antivir od Microsoftu, ...). V prohlížeči událostí již nejsou červené vykřičníky s jedinou výjimkou - stále i přes spec. odinstalátor McAfee Personal firewall se snaží spustit služba McAfee Personal firewall - to jsem vyřešil zakázáním této služby. Kromě výše uvedeného jsem včera ještě spustil MBAM a našel nějakou havěť ve dvou souborech, ale ty byly v TEMPu, tak jsem je smazal. Pak už nic nenašel. Antivir také nic nenašel.

Děkuji

P.S.: ještě před tím logem, co jsem zde včera umístil, jsem již ze zoufalství použil nástroj OS na obnovu systému s datem v minulosti, který se mi nabídl - je možné, že by to pomohlo a vir vyřadilo z provozu, přestože jste jej v logu viděl?

#4 Příspěvek od **Rudy** » 10 srp 2011 18:03

Tohle:

2011-07-28 11:04:43 ----HD---- C:\Windows\update.5.0
2011-07-28 11:04:38 ----HD---- C:\Windows\update.2
2011-07-14 19:22:25 ----HD---- C:\Windows\update.1
2011-07-14 19:22:00 ----HD---- C:\Windows\update.tray-9-0

všechno k tomu viru patří a myslím, že tam budou další skryté. Některé viry opravdu vyřadí z činnosti obnova systému, nicméně soubory tam zůstanou. Nikdy nevíte (a v případě tohoto viru ani já nevím) zda nemůže být něčím znovu aktivován.

VIRY.CZ

W7HP 64 bit jen nouzový režim

W7HP 64 bit jen nouzový režim

Re: W7HP 64 bit jen nouzový režim

Re: W7HP 64 bit jen nouzový režim

Re: W7HP 64 bit jen nouzový režim