Prosim o Kontrolu, systém se zasekává

[votrok33]

HDtune Health

[altrok]

Kliknete pravym na Tento pocitac -> Vlastnosti -> Upresnit nastaveni systemu -> nahore zalozka Ochrana systemu -> Konfigurovat -> vyberte Obnovit nastaveni systemu a predchozi verze souboru a ulozte klikem na Pouzit

Nemám upřesnit nastavení systému ani nic podobného (win 7)

Upresnit nastaveni systemu se nachazi v leve casti okna - http://static1.esetstatic.com/uploads/p ... m_0_01.png

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  File: C:\Users\Pepa\AppData\Roaming\msdgaw.dat
  File: C:\Users\Pepa\AppData\Roaming\mslakpmn.dat
  HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
  HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\...\MountPoints2: {0a048d1a-1184-11e5-b91d-002522facfeb} - I:\Startme.exe
  HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\...\MountPoints2: {0cf3784d-7150-11e4-8fd2-806e6f6e6963} - Explorer.exe monitor.htm
  HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\...\MountPoints2: {20861c06-b410-11e4-8d9d-002522facfeb} - H:\Launch.exe
  HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\...\MountPoints2: {80df8991-8a6f-11e4-bb50-002522facfeb} - F:\setup.exe
  HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\...\MountPoints2: {80df8993-8a6f-11e4-bb50-002522facfeb} - autorun.bat
  ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
  FF DefaultSearchEngine: Seznam
  FF DefaultSearchUrl: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
  FF SearchEngineOrder.1: Seznam
  FF SelectedSearchEngine: Seznam
  FF Keyword.URL: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
  FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
  S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
  S3 OSFMount; \??\C:\Program Files\Counter-Strike Global Offensive\image\x86\OSFMount.sys [X]
  2015-09-26 17:26 - 2015-09-26 17:27 - 00112640 _____ (forum.viry.cz) C:\Users\Pepa\Desktop\FRSTLauncher.exe
  2015-09-26 17:09 - 2015-09-26 17:10 - 02817875 _____ C:\Users\Pepa\Downloads\CrystalDiskInfo6_2_2(1).zip
  2015-09-25 14:01 - 2015-09-25 14:06 - 00000248 _____ C:\Users\Pepa\Desktop\DiskInfo.ini
  2015-09-25 14:00 - 2015-09-25 14:00 - 02817875 _____ C:\Users\Pepa\Downloads\CrystalDiskInfo6_2_2.zip
  2015-09-24 21:47 - 2015-09-24 21:47 - 00000570 _____ C:\Windows\PFRO.log
  2015-09-24 21:44 - 2015-09-24 21:46 - 00000000 ____D C:\AdwCleaner
  2015-09-24 21:43 - 2015-09-24 21:43 - 01662976 _____ C:\Users\Pepa\Downloads\adwcleaner_5.008.exe
  2015-09-24 16:50 - 2015-09-24 16:55 - 00000000 ____D C:\rsit
  2015-09-24 16:50 - 2015-09-24 16:55 - 00000000 ____D C:\Program Files\trend micro
  2015-09-24 16:49 - 2015-09-24 16:49 - 01107968 _____ C:\Users\Pepa\Downloads\RSIT.exe
  Task: {34C8D2BE-A2CB-4F47-9046-EE11A7066939} - System32\Tasks\{11C30B99-1DB9-475C-95B0-5C470EFFE1BB} => pcalua.exe -a C:\Users\Pepa\Downloads\od-dudomila-Plants-vs.-Zombies-2.exe -d C:\Users\Pepa\Downloads
  Task: {A09C9C21-F82C-48AE-BB38-64ACD9676462} - System32\Tasks\{0D7ED39F-4F77-4869-85CB-691CFE103467} => pcalua.exe -a C:\Users\Pepa\Desktop\forge-1.8-11.14.1.1334-installer-win.exe -d C:\Users\Pepa\Desktop
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Hosts:
  EmptyTemp:
  End

[votrok33]

Fix result of Farbar Recovery Scan Tool (x86) Version:27-09-2015 01
Ran by Pepa (2015-09-28 14:03:23) Run:1
Running from C:\Users\Pepa\Desktop
Loaded Profiles: Pepa (Available Profiles: Pepa)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Users\Pepa\AppData\Roaming\msdgaw.dat
File: C:\Users\Pepa\AppData\Roaming\mslakpmn.dat
HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\...\MountPoints2: {0a048d1a-1184-11e5-b91d-002522facfeb} - I:\Startme.exe
HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\...\MountPoints2: {0cf3784d-7150-11e4-8fd2-806e6f6e6963} - Explorer.exe monitor.htm
HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\...\MountPoints2: {20861c06-b410-11e4-8d9d-002522facfeb} - H:\Launch.exe
HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\...\MountPoints2: {80df8991-8a6f-11e4-bb50-002522facfeb} - F:\setup.exe
HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\...\MountPoints2: {80df8993-8a6f-11e4-bb50-002522facfeb} - autorun.bat
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF DefaultSearchEngine: Seznam
FF DefaultSearchUrl: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: Seznam
FF SelectedSearchEngine: Seznam
FF Keyword.URL: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 OSFMount; \??\C:\Program Files\Counter-Strike Global Offensive\image\x86\OSFMount.sys [X]
2015-09-26 17:26 - 2015-09-26 17:27 - 00112640 _____ (forum.viry.cz) C:\Users\Pepa\Desktop\FRSTLauncher.exe
2015-09-26 17:09 - 2015-09-26 17:10 - 02817875 _____ C:\Users\Pepa\Downloads\CrystalDiskInfo6_2_2(1).zip
2015-09-25 14:01 - 2015-09-25 14:06 - 00000248 _____ C:\Users\Pepa\Desktop\DiskInfo.ini
2015-09-25 14:00 - 2015-09-25 14:00 - 02817875 _____ C:\Users\Pepa\Downloads\CrystalDiskInfo6_2_2.zip
2015-09-24 21:47 - 2015-09-24 21:47 - 00000570 _____ C:\Windows\PFRO.log
2015-09-24 21:44 - 2015-09-24 21:46 - 00000000 ____D C:\AdwCleaner
2015-09-24 21:43 - 2015-09-24 21:43 - 01662976 _____ C:\Users\Pepa\Downloads\adwcleaner_5.008.exe
2015-09-24 16:50 - 2015-09-24 16:55 - 00000000 ____D C:\rsit
2015-09-24 16:50 - 2015-09-24 16:55 - 00000000 ____D C:\Program Files\trend micro
2015-09-24 16:49 - 2015-09-24 16:49 - 01107968 _____ C:\Users\Pepa\Downloads\RSIT.exe
Task: {34C8D2BE-A2CB-4F47-9046-EE11A7066939} - System32\Tasks\{11C30B99-1DB9-475C-95B0-5C470EFFE1BB} => pcalua.exe -a C:\Users\Pepa\Downloads\od-dudomila-Plants-vs.-Zombies-2.exe -d C:\Users\Pepa\Downloads
Task: {A09C9C21-F82C-48AE-BB38-64ACD9676462} - System32\Tasks\{0D7ED39F-4F77-4869-85CB-691CFE103467} => pcalua.exe -a C:\Users\Pepa\Desktop\forge-1.8-11.14.1.1334-installer-win.exe -d C:\Users\Pepa\Desktop
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Users\Pepa\AppData\Roaming\msdgaw.dat ========================

File not signed
MD5: 4E4DC46B57840764685A253F9E1568EF
Creation and modification date: 2015-01-10 18:49 - 2015-01-10 18:49
Size: 0000035
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======


========================= File: C:\Users\Pepa\AppData\Roaming\mslakpmn.dat ========================

File not signed
MD5: F8EECC379B4C4E0208287AA7945E1FF4
Creation and modification date: 2015-01-10 18:49 - 2015-01-10 18:49
Size: 0009687
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully.
"HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a048d1a-1184-11e5-b91d-002522facfeb}" => key removed successfully.
HKCR\CLSID\{0a048d1a-1184-11e5-b91d-002522facfeb} => key not found.
"HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cf3784d-7150-11e4-8fd2-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{0cf3784d-7150-11e4-8fd2-806e6f6e6963} => key not found.
"HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20861c06-b410-11e4-8d9d-002522facfeb}" => key removed successfully.
HKCR\CLSID\{20861c06-b410-11e4-8d9d-002522facfeb} => key not found.
"HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80df8991-8a6f-11e4-bb50-002522facfeb}" => key removed successfully.
HKCR\CLSID\{80df8991-8a6f-11e4-bb50-002522facfeb} => key not found.
"HKU\S-1-5-21-3794978121-2036784905-2389283103-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80df8993-8a6f-11e4-bb50-002522facfeb}" => key removed successfully.
HKCR\CLSID\{80df8993-8a6f-11e4-bb50-002522facfeb} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
Firefox DefaultSearchEngine removed successfully.
Firefox DefaultSearchUrl removed successfully.
Firefox SearchEngineOrder.1 removed successfully.
Firefox SelectedSearchEngine removed successfully.
Firefox "Keyword.URL" removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
EagleXNt => service removed successfully.
OSFMount => service removed successfully.
"C:\Users\Pepa\Desktop\FRSTLauncher.exe" => File/Folder not found.
C:\Users\Pepa\Downloads\CrystalDiskInfo6_2_2(1).zip => moved successfully
C:\Users\Pepa\Desktop\DiskInfo.ini => moved successfully
C:\Users\Pepa\Downloads\CrystalDiskInfo6_2_2.zip => moved successfully
C:\Windows\PFRO.log => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\Pepa\Downloads\adwcleaner_5.008.exe => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\Pepa\Downloads\RSIT.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34C8D2BE-A2CB-4F47-9046-EE11A7066939}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34C8D2BE-A2CB-4F47-9046-EE11A7066939}" => key removed successfully.
C:\Windows\System32\Tasks\{11C30B99-1DB9-475C-95B0-5C470EFFE1BB} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11C30B99-1DB9-475C-95B0-5C470EFFE1BB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A09C9C21-F82C-48AE-BB38-64ACD9676462}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A09C9C21-F82C-48AE-BB38-64ACD9676462}" => key removed successfully.
C:\Windows\System32\Tasks\{0D7ED39F-4F77-4869-85CB-691CFE103467} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0D7ED39F-4F77-4869-85CB-691CFE103467}" => key removed successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:05:35 ====

[altrok]

Otestujte na virustotal.com C:\Users\Pepa\AppData\Roaming\msdgaw.dat a C:\Users\Pepa\AppData\Roaming\mslakpmn.dat - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.



Start -> Vsechny programy -> Prislusenstvi -> pravej klik na Prikazovy radek a Spustit jako spravce

• vepiste chkdsk /r
• enter a restartujte PC
• tato kontrola a opravovani probihaji pred nactenim OS a trvaji az nekolik hodin

[votrok33]

C:\Users\Pepa\AppData\Roaming\msdgaw.dat - https://www.virustotal.com/cs/file/bdbb ... 443538141/

C:\Users\Pepa\AppData\Roaming\mslakpmn.dat - https://www.virustotal.com/cs/file/04f3 ... 443538352/

[votrok33]

Musím říct že se to značně zlepšilo

[altrok]

To rad slysim, kazdopadne stale nemam dobry pocit z Vaseho HDD - HD Tune i pri rychlem skenu nasel 2 vadne sektory, ktere jsou navic na zacatku disku, kde byva zapsan operacni system. CDI disk pro zmenu nevidi vubec. Jeden pad operacniho systemu ma pravdepodobne na svedomi rovnez HDD. Nejsem kovany v identifikaci hardwarovych problemu a modre smrti (BSOD) se teprve zacinam ucit, takze se jedna jen a pouze o moje domnenky, ktere mohou byt mylne.



Start -> vepiste cmd

• na vysledek vyhledavani kliknete pravy a zvolte Spustit jako spravce
• do spusteneho okna vepiste: sfc /scannow
• a odentrujte
• tento proces trva nekolik desitek minut
• po jeho skonceni jeste do otevreneho prikazoveho radku vepiste (pripadne text zkopirujte do schranky pomoci Ctrl+C a vlozte pres pravy klik a vlozit)
• findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
• a odentrujte
• obsah logu sfcdetails.txt umisteneho na plose zkopirujte do pristi odpovedi

[votrok33]

Musím vám něco říct, hard disk jsem dal na reklamaci, děkuji za vaší ochotu a pomoc - samozřejmě přispěji nějaké ty peníze

[altrok]

Nemate zac.


Mohu Vas nasledne poprosit o vyjadreni servisu, kde byl konkretne problem a zda reklamace disku problemy vyresila?

Za prispevek na provoz fora Vam jmenem celeho tymu dekuji.