VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Vypínání NB po lupnutí v obrazovce a další..

https://forum.viry.cz:443/viewtopic.php?t=119647

Stránka 1 z 2

Vypínání NB po lupnutí v obrazovce a další..

Napsal: 14 úno 2012 22:44
od sc0pe
Zdravím,vždy z nejasných důvodů mi lupne v obrazovce u mého NB a sekne se celý obraz,klávesnice i myš a nezbývá nic jiného než natvrdo vypnout a zapnout NB.Toto se mi opakuje stále.Nezáleží jestli mám zaplých xxx aplikací,nebo žádnou.Nevšiml jsem si žádného spouštěcího procesu,po kterém se mi ten NB sekne.. Tak bych poprosil o nějáký názor čím by to mohlo být a jestli s tím jde něco udělat.

Také jsem si stáhl StopZillu a ta mi našla nějaké viry a špióny jenže bez aktivace na plný přístup mi je nesmaže :-D zde dávám log z RSIT,tak se mi na něj prosím mrkněte a pomožte se mi zbavit těch virů prosím.

Zrovna nepoužívám žadný antivir,proto mi prosím pomozte smazat zbytky po nich,je možné že těch zbytků z antivirů tam bude více (Ve stopzille se mi psalo že tam našla i nějáký fake antivir-špióna)




Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-02-14 22:28:29
Microsoft Windows 7 Professional
System drive C: has 2 GB (11%) free of 20 GB
Total RAM: 1407 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:29:28, on 14.2.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
D:\Stazene\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss ... 15f24d9c05
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: ˙ţ1 2 7 . 0 . 0 . 1 l o c a l h o s t
O1 - Hosts: : : 1 l o c a l h o s t
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\ADMINI~1\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - HKCU\..\Run: [Media Finder] "C:\Program Files\Media Finder\MF.exe" /opentotray
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Plug-in 1.6.0_24) -
O23 - Service: 1258759455 (.1258759455) - Unknown owner - C:\Program Files\1258759455\Michal1258759455L.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Unknown owner - D:\Avira\Avira\AntiVir Desktop\avmailc.exe (file missing)
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - D:\Avira\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HDD & SSD access service - Unknown owner - C:\Program Files\Common Files\BinarySense\disksvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - Unknown owner - D:\IObit Malware Fighter\IMFsrv.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

--
End of file - 6175 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}]
Help the General-Search Project - C:\Users\ADMINI~1\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL [2011-12-07 428544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14 237680]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Media Finder"=C:\Program Files\Media Finder\MF.exe /opentotray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvUpdater]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2]
C:\Users\Michal\AppData\Local\MediaGet2\mediaget.exe --minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERQU~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Michal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=iyvu9_32.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"VIDC.FPS1"=frapsvid.dll
"wave5"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer5"=wdmaud.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-02-14 22:17:18 ----D---- C:\rsit
2012-02-13 11:23:03 ----D---- C:\Users\Administrator\AppData\Roaming\Media Finder
2012-02-13 11:22:53 ----A---- C:\user.js
2012-02-13 11:22:52 ----D---- C:\Program Files\BabylonToolbar
2012-02-13 11:22:14 ----D---- C:\Users\Administrator\AppData\Roaming\Babylon
2012-02-13 11:22:14 ----D---- C:\ProgramData\Babylon
2012-02-13 10:06:32 ----A---- C:\Windows\ntbtlog.txt
2012-02-03 18:18:56 ----D---- C:\Users\Administrator\AppData\Roaming\BSplayer
2012-02-02 14:48:24 ----D---- C:\Program Files\Update Services 3.0 API Samples and Tools
2012-02-02 04:54:17 ----D---- C:\Windows\Temp
2012-02-02 04:33:57 ----SHD---- C:\$RECYCLE.BIN
2012-02-01 21:17:08 ----N---- C:\bootsqm.dat
2012-01-28 20:29:54 ----D---- C:\Rbackup
2012-01-26 13:00:14 ----D---- C:\Program Files\trend micro
2012-01-26 00:40:38 ----D---- C:\Users\Administrator\AppData\Roaming\driveridentifier
2012-01-26 00:24:16 ----D---- C:\Users\Administrator\AppData\Roaming\3v
2012-01-24 08:50:06 ----ASH---- C:\pagefile.sys
2012-01-15 01:05:21 ----N---- C:\Windows\Setup1.exe
2012-01-15 01:05:20 ----A---- C:\Windows\ST6UNST.EXE

======List of files/folders modified in the last 1 month======

2012-02-14 22:17:39 ----D---- C:\Windows\Prefetch
2012-02-14 18:44:56 ----D---- C:\Windows\system32\config
2012-02-14 18:44:51 ----D---- C:\Windows\winsxs
2012-02-14 18:34:48 ----SHD---- C:\Windows\Installer
2012-02-14 18:34:28 ----D---- C:\Windows\system32\drivers
2012-02-14 18:34:28 ----D---- C:\Windows\System32
2012-02-14 18:34:28 ----D---- C:\Program Files\Common Files
2012-02-14 18:34:26 ----D---- C:\ProgramData
2012-02-14 18:33:22 ----SHD---- C:\System Volume Information
2012-02-13 11:27:39 ----D---- C:\Windows
2012-02-13 11:27:01 ----RD---- C:\Program Files
2012-02-13 10:59:34 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft
2012-02-13 10:17:26 ----D---- C:\ProgramData\Norton
2012-02-13 10:16:05 ----D---- C:\Windows\system32\Tasks
2012-02-12 18:48:44 ----D---- C:\Windows\system32\LogFiles
2012-02-06 21:27:31 ----D---- C:\ProgramData\Microsoft Help
2012-02-02 12:04:29 ----D---- C:\Windows\Tasks
2012-02-02 04:33:57 ----D---- C:\Windows\system32\drivers\etc
2012-02-02 04:33:22 ----D---- C:\Windows\Downloaded Program Files
2012-01-28 21:14:50 ----HD---- C:\Program Files\InstallShield Installation Information
2012-01-28 21:14:50 ----D---- C:\Program Files\Common Files\AVerMedia
2012-01-28 21:14:50 ----D---- C:\Program Files\AVerMedia
2012-01-28 21:14:50 ----D---- C:\Program Files\ATI
2012-01-28 20:57:27 ----D---- C:\Windows\system32\DriverStore
2012-01-28 20:57:27 ----D---- C:\Windows\system32\catroot
2012-01-28 20:57:26 ----D---- C:\Windows\inf
2012-01-28 20:57:14 ----D---- C:\Windows\Driver Cache
2012-01-26 02:07:10 ----D---- C:\ProgramData\NortonInstaller
2012-01-26 01:47:51 ----RSD---- C:\Windows\assembly
2012-01-26 00:35:04 ----D---- C:\Windows\system32\catroot2
2012-01-26 00:34:48 ----D---- C:\Windows\WindowsMobile
2012-01-25 22:17:29 ----D---- C:\ProgramData\Avira
2012-01-24 12:33:24 ----RD---- C:\Users
2012-01-24 12:33:12 ----D---- C:\Windows\system32\appmgmt
2012-01-24 12:21:09 ----D---- C:\Users\Administrator\AppData\Roaming\IObit
2012-01-24 08:44:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-20 21:41:49 ----D---- C:\ProgramData\IObit

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 risdptsk;risdptsk; C:\Windows\system32\DRIVERS\risdptsk.sys [2005-04-18 27136]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-02-17 691696]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-11-04 214664]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2009-07-14 96768]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-10-16 18048]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-01 4179968]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-08 2506232]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSF_DPV.sys [2005-05-23 1034752]
R3 HSFHWATI;HSFHWATI; C:\Windows\system32\DRIVERS\HSFHWATI.sys [2005-05-23 216832]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2009-07-13 43008]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSF_CNXT.sys [2005-05-23 716288]
S0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2005-08-10 50688]
S0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2005-11-03 63488]
S1 aswFW;avast! TDI Firewall driver; C:\Windows\system32\drivers\aswFW.sys [2010-09-07 99792]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-10-22 271360]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:\Windows\system32\DRIVERS\AVerBDA3x.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 CFcatchme;CFcatchme; \??\C:\Users\Michal\AppData\Local\Temp\CFcatchme.sys []
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 FileMonitor;FileMonitor; \??\D:\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\D:\Nová složka (2)\Garena Plus\Room\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-10-20 25280]
S3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2008-01-19 20992]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-11-04 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-11-04 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-11-04 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-11-04 40552]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RegFilter;RegFilter; \??\D:\IObit Malware Fighter\drivers\win7_x86\regfilter.sys []
S3 RTCore32;RTCore32; \??\D:\RCCU\RTCore32.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 UrlFilter;UrlFilter; \??\D:\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S4 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-12-01 720896]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-07-14 9216]
R2 SNMP;@%SystemRoot%\system32\snmp.exe,-3; C:\Windows\System32\snmp.exe [2009-07-14 47616]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 .1258759455;1258759455; C:\Program Files\1258759455\Michal1258759455L.exe []
S2 AntiVirMailService;Avira AntiVir MailGuard; D:\Avira\Avira\AntiVir Desktop\avmailc.exe []
S2 AntiVirWebService;Avira AntiVir WebGuard; D:\Avira\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-08-02 403624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-01 136176]
S2 HDD & SSD access service;HDD & SSD access service; C:\Program Files\Common Files\BinarySense\disksvc.exe []
S2 IMFservice;IMF Service; D:\IObit Malware Fighter\IMFsrv.exe []
S2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-03-01 72704]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-01 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR []
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Re: Vypínání NB po lupnutí v obrazovce

Napsal: 14 úno 2012 23:02
od sc0pe
Také mám v procesech 2x csrss což by nemělo být normální.Jednou na jiném NB sem měl podobný problém a ukázalo se že to je vir,který dokázal blokovat smazaní antivirama a blokoval i přístup do regeditu,ale nakonec se mi to povedlo odstranit (bohužel nevím jak už) a byl to soubor získaný z nodu32.Když ten csrss ukončím v procesech,tak se mi ukáže modrá obrazovka "modrá smrt" se tomu taky říká myslím a restartuje se mi PC.Když dám umístění v souboru,oboje se mi odkáže na stejný soubor csrss.exe.Jeden z těch procesů mi zabírá někdy 100% vytížení CPU a je to ten,který se zobrazuje v běžných procesech,ten druhý,který se mi zobrazí až po zaškrtnutí "zobrazit procesy všech uživatelů" je v pohodě a je to nejspíše ten systémový.. co mám dělat s tímto ?:-)

Re: Vypínání NB po lupnutí v obrazovce a další..

Napsal: 14 úno 2012 23:24
od vyosek
Zdravim a pekny vecer preji :)

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Vypínání NB po lupnutí v obrazovce a další..

Napsal: 14 úno 2012 23:46
od sc0pe
restart mi neproběhl,mám restartovat PC?



ComboFix 12-02-13.01 - Administrator 14.02.2012 23:33:44.5.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1407.996 [GMT 1:00]
Spuštěný z: d:\stazene\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\TempDIR
c:\users\Administrator\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\Administrator\AppData\Roaming\3v
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-14 do 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-14 22:41 . 2012-02-14 22:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-14 22:41 . 2012-02-14 22:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-14 22:41 . 2012-02-14 22:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-14 22:26 . 2012-02-14 22:26 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-02-14 22:26 . 2012-02-14 22:26 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-02-14 22:26 . 2012-02-14 22:26 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-02-14 22:26 . 2012-02-14 22:26 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-02-14 22:26 . 2012-02-14 22:26 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-02-14 22:26 . 2012-02-14 22:26 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-02-14 22:26 . 2012-02-14 22:26 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-02-14 22:26 . 2012-02-14 22:26 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-02-14 22:26 . 2012-02-14 22:26 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-02-14 22:25 . 2012-02-14 22:25 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-02-14 22:25 . 2012-02-14 22:25 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-02-14 22:25 . 2012-02-14 22:25 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-02-14 22:25 . 2012-02-14 22:25 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-02-14 22:25 . 2012-02-14 22:25 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-02-14 22:25 . 2012-02-14 22:25 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-02-14 22:25 . 2012-02-14 22:25 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-02-14 22:25 . 2012-02-14 22:25 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-02-14 21:17 . 2012-02-14 21:18 -------- d-----w- C:\rsit
2012-02-13 10:23 . 2012-02-13 10:27 -------- d-----w- c:\users\Administrator\AppData\Roaming\Media Finder
2012-02-13 10:22 . 2012-02-13 10:22 237 ----a-w- C:\user.js
2012-02-13 10:22 . 2012-02-13 10:22 -------- d-----w- c:\program files\BabylonToolbar
2012-02-13 10:22 . 2012-02-13 10:22 -------- d-----w- c:\users\Administrator\AppData\Local\Babylon
2012-02-13 10:22 . 2012-02-13 10:22 -------- d-----w- c:\users\Administrator\AppData\Roaming\Babylon
2012-02-13 10:22 . 2012-02-13 10:22 -------- d-----w- c:\programdata\Babylon
2012-02-03 17:18 . 2012-02-04 14:41 -------- d-----w- c:\users\Administrator\AppData\Roaming\BSplayer
2012-02-02 13:48 . 2012-02-02 13:48 -------- d-----w- c:\program files\Update Services 3.0 API Samples and Tools
2012-01-28 20:44 . 2012-01-29 13:23 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps
2012-01-28 19:29 . 2012-01-28 19:29 -------- d-----w- C:\Rbackup
2012-01-26 12:00 . 2012-02-14 21:28 -------- d-----w- c:\program files\trend micro
2012-01-25 23:40 . 2012-01-25 23:40 -------- d-----w- c:\users\Administrator\AppData\Roaming\driveridentifier
2012-01-25 21:19 . 2012-01-25 21:19 -------- d-----w- c:\users\Administrator\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-15 00:07 . 2012-01-15 00:05 249856 ------w- c:\windows\Setup1.exe
2012-01-15 00:07 . 2012-01-15 00:05 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-11-21 10:47 . 2011-12-17 20:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BC1C471-3B6B-41EE-8762-04098954FC93}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Michal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvUpdater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
.
R1 aswFW;avast! TDI Firewall driver; [x]
R2 .1258759455;1258759455;c:\program files\1258759455\Michal1258759455L.exe [x]
R2 AntiVirMailService;Avira AntiVir MailGuard;d:\avira\Avira\AntiVir Desktop\avmailc.exe [x]
R2 AntiVirWebService;Avira AntiVir WebGuard;d:\avira\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-08-02 403624]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 136176]
R2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [x]
R2 IMFservice;IMF Service;d:\iobit malware fighter\IMFsrv.exe [x]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [x]
R3 CFcatchme;CFcatchme;c:\users\Michal\AppData\Local\Temp\CFcatchme.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FileMonitor;FileMonitor;d:\iobit malware fighter\Drivers\win7_x86\FileMonitor.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\nová složka (2)\Garena Plus\Room\safedrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 RegFilter;RegFilter;d:\iobit malware fighter\drivers\win7_x86\regfilter.sys [x]
R3 RTCore32;RTCore32;d:\rccu\RTCore32.sys [x]
R3 UrlFilter;UrlFilter;d:\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-17 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-05-23 216832]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 19:43]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=30be0eff0000000000000015f24d9c05
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: d:\avira\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 10.21.5.19
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Media Finder - c:\program files\Media Finder\MF.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-MediaGet2 - c:\users\Michal\AppData\Local\MediaGet2\mediaget.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,76,53,d4,db,68,4b,48,9f,0c,a4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,77,58,c3,ae,87,70,42,b1,b8,88,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,f5,ed,e0,89,32,af,47,ae,f7,ca,\
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BSPlayerFile.AVI"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BSPlayerFile.CDA"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.key\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\NOTEPAD.EXE"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BSPlayerFile.M3U"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BSPlayerFile.MP2"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BSPlayerFile.MP3"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-02-14 23:45:16
ComboFix-quarantined-files.txt 2012-02-14 22:45
ComboFix2.txt 2011-04-17 22:07
ComboFix3.txt 2011-01-28 21:42
.
Před spuštěním: 2 315 694 080
Po spuštění: 2 393 419 776
.
- - End Of File - - FD4DCF405C65A641966C22FD2D0B5B31

Re: Vypínání NB po lupnutí v obrazovce a další..

Napsal: 15 úno 2012 07:51
od vyosek
:arrow: v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) projedte PC temito utilitami, at se zbavime zbytku antiviru co tam mate :arrow: nainstalujte zabezpeceni PC - nejlepe Avast Free http://www.avast.com/cs-cz/free-antivirus-download

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

Driver::
IMFservice;
gupdate
gupdatem
.1258759455
RegFilter
UrlFilter

Collect::
c:\program files\1258759455\Michal1258759455L.exe

Folder::
C:\Program Files\BabylonToolbar
d:\iobit malware fighter
c:\program files\1258759455

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

DDS::
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss ... 15f24d9c05
uInternet Settings,ProxyServer = 127.0.0.1:8080

RegLock::
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-3289402150-1498037597-1724562835-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Vypínání NB po lupnutí v obrazovce a další..

Napsal: 15 úno 2012 18:14
od sc0pe
Takže :/

1. ta druhá utilita pro aviru mi po scenování oznámila,že žádné soubory nenalezla.Přitom jsem se díval když skenoval D:Avira soubory..

2. když jsem pomocí toho txt souboru spustil combofix,tak u mazání souborů mi luplo v PC a musel jsem PC natvrdo vypnout.Při druhém spuštění pomocí toho txt souboru se mi zpáva o mazání souborů již neobjevila - restartoval se PC - spustil se combofix se zprávou že se vytváří log,atd jenže avast,který jsem si nainstaloval mi combofix furt blokoval ikdyž jsem vypl jeho štíty a povolil přístup combufixu.Takže asi po 10 minutách čekání zda-li se combofix pohne jsem ho vypl.. Tak,co teď? :D :shock:

Re: Vypínání NB po lupnutí v obrazovce a další..

Napsal: 15 úno 2012 18:28
od vyosek
Aplikujte skript pro CF v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Domnivam se ale, ze je tam nejaka HW zavada

Re: Vypínání NB po lupnutí v obrazovce a další..

Napsal: 15 úno 2012 18:46
od sc0pe
Takže mám vytvořit znovu ten CFScript.txt ?Jinak co s tou avirou?Stale tu mám ty její soubory..

Re: Vypínání NB po lupnutí v obrazovce a další..

Napsal: 15 úno 2012 19:00
od vyosek
Nechte je tam, ja je pak odpalim rucne...

Ano, znovu udelejte CFScript.txt

Re: Vypínání NB po lupnutí v obrazovce a další..

Napsal: 15 úno 2012 20:38
od sc0pe
skenoval jsem to combofixem 2x,protože jednou se mi to nevyvedlo a při tom prvním nevyvedeném skenu na konci před restartem mi to napsalo že systém je inflikován a pod tím byl odkaz na soubor C/windows/system32/userinit.exe ... přidalším se mi to už nenapsalo a z toho sem dávám log..


ComboFix 12-02-15.01 - Administrator 15.02.2012 20:16:30.9.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1407.946 [GMT 1:00]
Spuštěný z: c:\users\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Předchozí spuštění --
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\userinit.exe
.
--------
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_REGFILTER
-------\Legacy_URLFILTER
-------\Service_.1258759455
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_RegFilter
-------\Service_UrlFilter
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-15 do 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-15 19:26 . 2012-02-15 19:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-15 19:26 . 2012-02-15 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-15 16:29 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-15 16:29 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-15 16:29 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-15 16:29 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-15 16:29 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-15 16:29 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-15 16:29 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-15 16:29 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-15 16:29 . 2012-02-15 16:29 -------- d-----w- c:\programdata\AVAST Software
2012-02-14 22:45 . 2012-02-15 19:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-13 10:23 . 2012-02-13 10:27 -------- d-----w- c:\users\Administrator\AppData\Roaming\Media Finder
2012-02-13 10:22 . 2012-02-13 10:22 237 ----a-w- C:\user.js
2012-02-13 10:22 . 2012-02-13 10:22 -------- d-----w- c:\users\Administrator\AppData\Local\Babylon
2012-02-13 10:22 . 2012-02-13 10:22 -------- d-----w- c:\users\Administrator\AppData\Roaming\Babylon
2012-02-03 17:18 . 2012-02-04 14:41 -------- d-----w- c:\users\Administrator\AppData\Roaming\BSplayer
2012-02-02 13:48 . 2012-02-02 13:48 -------- d-----w- c:\program files\Update Services 3.0 API Samples and Tools
2012-01-28 20:44 . 2012-02-15 16:46 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps
2012-01-28 19:29 . 2012-01-28 19:29 -------- d-----w- C:\Rbackup
2012-01-26 12:00 . 2012-02-14 21:28 -------- d-----w- c:\program files\trend micro
2012-01-25 23:40 . 2012-01-25 23:40 -------- d-----w- c:\users\Administrator\AppData\Roaming\driveridentifier
2012-01-25 21:19 . 2012-01-25 21:19 -------- d-----w- c:\users\Administrator\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-15 00:07 . 2012-01-15 00:05 249856 ------w- c:\windows\Setup1.exe
2012-01-15 00:07 . 2012-01-15 00:05 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-11-21 10:47 . 2011-12-17 20:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BC1C471-3B6B-41EE-8762-04098954FC93}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- d:\avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="d:\avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Michal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
.
R1 aswFW;avast! TDI Firewall driver; [x]
R2 AntiVirMailService;Avira AntiVir MailGuard;d:\avira\Avira\AntiVir Desktop\avmailc.exe [x]
R2 AntiVirWebService;Avira AntiVir WebGuard;d:\avira\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-08-02 403624]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [x]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [x]
R3 CFcatchme;CFcatchme;c:\users\Michal\AppData\Local\Temp\CFcatchme.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\nová složka (2)\Garena Plus\Room\safedrv.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 RTCore32;RTCore32;d:\rccu\RTCore32.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-17 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-05-23 216832]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: d:\avira\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 10.21.5.19
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
d:\avast\AvastSvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2012-02-15 20:36:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-15 19:36
ComboFix2.txt 2012-02-14 22:45
ComboFix3.txt 2011-04-17 22:07
ComboFix4.txt 2011-01-28 21:42
.
Před spuštěním: 2 397 368 320
Po spuštění: 2 323 030 016
.
- - End Of File - - 7BA028EFF5E4C858F67A825CEA29CA6C

Re: Vypínání NB po lupnutí v obrazovce a další..

Napsal: 15 úno 2012 22:02
od vyosek
Tak jeste jeden skript pro CF - postup je stejny

Kód: Vybrat vše

KillAll::

Driver::
AntiVirMailService
AntiVirWebService
Lavasoft Kernexplorer

Folder::
d:\avira
c:\program files\Lavasoft\Ad-Aware

ClearJavaCache::

Reboot::

Re: Vypínání NB po lupnutí v obrazovce a další..

Napsal: 16 úno 2012 14:42
od sc0pe
Tak po poslednim prikazu mi nejde internet.Zkousel jsem obnovu nic.Zkousel jsem vse mozne nastavit a nic.Co mam delat ted?Zitra bych nutne potreboval pristup k internetu.Davam sem log y toho mayani aviry,treba tam neco najdete.. Jinak v googlu mi pise ze se nepodarilo navazat spojeni s DNS..



ComboFix 12-02-15.01 - Administrator 15.02.2012 23:09:48.10.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1407.917 [GMT 1:00]
Spuštìný z: c:\users\Administrator\Desktop\ComboFix.exe
Použité ovládací pøepínaèe :: c:\users\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\avira
d:\avira\Avira\AntiVir Desktop\avsda.dll
d:\avira\Avira\AntiVir Desktop\avsda64.dll
d:\avira\Avira\AntiVir Desktop\avshadow.exe
d:\avira\Avira\AntiVir Desktop\avsmtp.dll
d:\avira\Avira\AntiVir Desktop\avupgsvc.exe
d:\avira\Avira\AntiVir Desktop\avwebgrc.dll
d:\avira\Avira\AntiVir Desktop\avwebgrd.exe
d:\avira\Avira\AntiVir Desktop\avwebloader.exe
d:\avira\Avira\AntiVir Desktop\avwin.chm
d:\avira\Avira\AntiVir Desktop\avwinll.dll
d:\avira\Avira\AntiVir Desktop\avwmi.dll
d:\avira\Avira\AntiVir Desktop\avwsc.exe
d:\avira\Avira\AntiVir Desktop\build.dat
d:\avira\Avira\AntiVir Desktop\ccavscanex.dll
d:\avira\Avira\AntiVir Desktop\ccavscanexrc.dll
d:\avira\Avira\AntiVir Desktop\ccev.dll
d:\avira\Avira\AntiVir Desktop\ccevrc.dll
d:\avira\Avira\AntiVir Desktop\ccevw.dll
d:\avira\Avira\AntiVir Desktop\ccgen.dll
d:\avira\Avira\AntiVir Desktop\ccgenrc.dll
d:\avira\Avira\AntiVir Desktop\ccgenw.dll
d:\avira\Avira\AntiVir Desktop\ccgrdrc.dll
d:\avira\Avira\AntiVir Desktop\ccgrdw.dll
d:\avira\Avira\AntiVir Desktop\ccguard.dll
d:\avira\Avira\AntiVir Desktop\cclic.dll
d:\avira\Avira\AntiVir Desktop\cclicrc.dll
d:\avira\Avira\AntiVir Desktop\cclicw.dll
d:\avira\Avira\AntiVir Desktop\ccmainrc.dll
d:\avira\Avira\AntiVir Desktop\ccmgrdrc.dll
d:\avira\Avira\AntiVir Desktop\ccmguard.dll
d:\avira\Avira\AntiVir Desktop\ccmsg.dll
d:\avira\Avira\AntiVir Desktop\ccmsgrc.dll
d:\avira\Avira\AntiVir Desktop\ccplg.xml
d:\avira\Avira\AntiVir Desktop\ccprofil.dll
d:\avira\Avira\AntiVir Desktop\ccquamgr.dll
d:\avira\Avira\AntiVir Desktop\ccquarc.dll
d:\avira\Avira\AntiVir Desktop\ccquaw.dll
d:\avira\Avira\AntiVir Desktop\ccreporc.dll
d:\avira\Avira\AntiVir Desktop\ccreport.dll
d:\avira\Avira\AntiVir Desktop\ccrepow.dll
d:\avira\Avira\AntiVir Desktop\ccscanrc.dll
d:\avira\Avira\AntiVir Desktop\ccscanw.dll
d:\avira\Avira\AntiVir Desktop\ccsched.dll
d:\avira\Avira\AntiVir Desktop\ccschedw.dll
d:\avira\Avira\AntiVir Desktop\ccscherc.dll
d:\avira\Avira\AntiVir Desktop\cctpc.dll
d:\avira\Avira\AntiVir Desktop\ccupdate.dll
d:\avira\Avira\AntiVir Desktop\ccupdrc.dll
d:\avira\Avira\AntiVir Desktop\ccupdw.dll
d:\avira\Avira\AntiVir Desktop\ccwgrd.dll
d:\avira\Avira\AntiVir Desktop\ccwgrdrc.dll
d:\avira\Avira\AntiVir Desktop\ccwgrdw.dll
d:\avira\Avira\AntiVir Desktop\ccwkrlib.dll
d:\avira\Avira\AntiVir Desktop\cfglib.dll
d:\avira\Avira\AntiVir Desktop\cfgprofile.dll
d:\avira\Avira\AntiVir Desktop\cchips.dll
d:\avira\Avira\AntiVir Desktop\cchipsrc.dll
d:\avira\Avira\AntiVir Desktop\default.wav
d:\avira\Avira\AntiVir Desktop\defaults.ini
d:\avira\Avira\AntiVir Desktop\eula.txt
d:\avira\Avira\AntiVir Desktop\extdlgfw.dll
d:\avira\Avira\AntiVir Desktop\fact.exe
d:\avira\Avira\AntiVir Desktop\factrc.dll
d:\avira\Avira\AntiVir Desktop\gavid.xsl
d:\avira\Avira\AntiVir Desktop\guardgui.exe
d:\avira\Avira\AntiVir Desktop\guardhlp.exe
d:\avira\Avira\AntiVir Desktop\guardmsg.dll
d:\avira\Avira\AntiVir Desktop\hbedv.key
d:\avira\Avira\AntiVir Desktop\checkt.exe
d:\avira\Avira\AntiVir Desktop\inetset.bin
d:\avira\Avira\AntiVir Desktop\libdb44.dll
d:\avira\Avira\AntiVir Desktop\licmgr.dll
d:\avira\Avira\AntiVir Desktop\licmgr.exe
d:\avira\Avira\AntiVir Desktop\luke.dll
d:\avira\Avira\AntiVir Desktop\lukeres.dll
d:\avira\Avira\AntiVir Desktop\mgrs.dll
d:\avira\Avira\AntiVir Desktop\msgclient.dll
d:\avira\Avira\AntiVir Desktop\mydocs.avp
d:\avira\Avira\AntiVir Desktop\netnt.dll
d:\avira\Avira\AntiVir Desktop\onlcfg.dll
d:\avira\Avira\AntiVir Desktop\prefix_msg.avr
d:\avira\Avira\AntiVir Desktop\process.avp
d:\avira\Avira\AntiVir Desktop\prodinfo.dat
d:\avira\Avira\AntiVir Desktop\quicksysscan.avp
d:\avira\Avira\AntiVir Desktop\rcimage.dll
d:\avira\Avira\AntiVir Desktop\rcnwload_de.dll
d:\avira\Avira\AntiVir Desktop\rcnwload_en.dll
d:\avira\Avira\AntiVir Desktop\rcnwload_es.dll
d:\avira\Avira\AntiVir Desktop\rcnwload_fr.dll
d:\avira\Avira\AntiVir Desktop\rcnwload_it.dll
d:\avira\Avira\AntiVir Desktop\rcnwload_jp.dll
d:\avira\Avira\AntiVir Desktop\rcnwload_ko.dll
d:\avira\Avira\AntiVir Desktop\rcnwload_pt.dll
d:\avira\Avira\AntiVir Desktop\rcnwload_ru.dll
d:\avira\Avira\AntiVir Desktop\rcnwload_zhcn.dll
d:\avira\Avira\AntiVir Desktop\rcnwload_zhtw.dll
d:\avira\Avira\AntiVir Desktop\rctext.dll
d:\avira\Avira\AntiVir Desktop\readme.txt
d:\avira\Avira\AntiVir Desktop\redist.dll
d:\avira\Avira\AntiVir Desktop\rchelp.dll
d:\avira\Avira\AntiVir Desktop\rmdiscs.avp
d:\avira\Avira\AntiVir Desktop\rscdwld.exe
d:\avira\Avira\AntiVir Desktop\rscdwrc.dll
d:\avira\Avira\AntiVir Desktop\scewxmlw.dll
d:\avira\Avira\AntiVir Desktop\setup.dll
d:\avira\Avira\AntiVir Desktop\setup.exe
d:\avira\Avira\AntiVir Desktop\setupprf.dat
d:\avira\Avira\AntiVir Desktop\shlext.dll
d:\avira\Avira\AntiVir Desktop\sched.exe
d:\avira\Avira\AntiVir Desktop\schedr.dll
d:\avira\Avira\AntiVir Desktop\sqlite3.dll
d:\avira\Avira\AntiVir Desktop\ssmdrv.inf
d:\avira\Avira\AntiVir Desktop\sweb.zip
d:\avira\Avira\AntiVir Desktop\sysdir.avp
d:\avira\Avira\AntiVir Desktop\sysscan.avp
d:\avira\Avira\AntiVir Desktop\unacev2.dll
d:\avira\Avira\AntiVir Desktop\update.dll
d:\avira\Avira\AntiVir Desktop\update.exe
d:\avira\Avira\AntiVir Desktop\updaterc.dll
d:\avira\Avira\AntiVir Desktop\updgui.dll
d:\avira\Avira\AntiVir Desktop\updguirc.dll
d:\avira\Avira\AntiVir Desktop\vbase000.vdf
d:\avira\Avira\AntiVir Desktop\vbase001.vdf
d:\avira\Avira\AntiVir Desktop\vbase002.vdf
d:\avira\Avira\AntiVir Desktop\vbase003.vdf
d:\avira\Avira\AntiVir Desktop\vbase004.vdf
d:\avira\Avira\AntiVir Desktop\vbase005.vdf
d:\avira\Avira\AntiVir Desktop\vbase006.vdf
d:\avira\Avira\AntiVir Desktop\vbase007.vdf
d:\avira\Avira\AntiVir Desktop\vbase008.vdf
d:\avira\Avira\AntiVir Desktop\vbase009.vdf
d:\avira\Avira\AntiVir Desktop\vbase010.vdf
d:\avira\Avira\AntiVir Desktop\vbase011.vdf
d:\avira\Avira\AntiVir Desktop\vbase012.vdf
d:\avira\Avira\AntiVir Desktop\vbase013.vdf
d:\avira\Avira\AntiVir Desktop\vbase014.vdf
d:\avira\Avira\AntiVir Desktop\vbase015.vdf
d:\avira\Avira\AntiVir Desktop\vbase016.vdf
d:\avira\Avira\AntiVir Desktop\vbase017.vdf
d:\avira\Avira\AntiVir Desktop\vbase018.vdf
d:\avira\Avira\AntiVir Desktop\vbase019.vdf
d:\avira\Avira\AntiVir Desktop\vbase020.vdf
d:\avira\Avira\AntiVir Desktop\vbase021.vdf
d:\avira\Avira\AntiVir Desktop\vbase022.vdf
d:\avira\Avira\AntiVir Desktop\vbase023.vdf
d:\avira\Avira\AntiVir Desktop\vbase024.vdf
d:\avira\Avira\AntiVir Desktop\vbase025.vdf
d:\avira\Avira\AntiVir Desktop\vbase026.vdf
d:\avira\Avira\AntiVir Desktop\vbase027.vdf
d:\avira\Avira\AntiVir Desktop\vbase028.vdf
d:\avira\Avira\AntiVir Desktop\vbase029.vdf
d:\avira\Avira\AntiVir Desktop\vbase030.vdf
d:\avira\Avira\AntiVir Desktop\vbase031.vdf
d:\avira\Avira\AntiVir Desktop\webcat.dll
d:\avira\Avira\AntiVir Desktop\webcat0.dat
d:\avira\Avira\AntiVir Desktop\webcat1.dat
d:\avira\Avira\AntiVir Desktop\webcat2.dat
d:\avira\Avira\AntiVir Desktop\webcat3.dat
d:\avira\Avira\AntiVir Desktop\webcat4.dat
d:\avira\Avira\AntiVir Desktop\weblink.url
d:\avira\Avira\AntiVir Desktop\wksstats.dll
d:\avira\Avira\AntiVir Desktop\wsctool.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladaèe/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Service_AntiVirMailService
-------\Service_AntiVirWebService
-------\Service_Lavasoft Kernexplorer
.
.
((((((((((((((((((((((((( Soubory vytvoøené od 2012-01-15 do 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-15 22:20 . 2012-02-15 22:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-15 22:20 . 2012-02-15 22:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-15 22:20 . 2012-02-15 22:24 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-15 16:29 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-15 16:29 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-15 16:29 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-15 16:29 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-15 16:29 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-15 16:29 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-15 16:29 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-15 16:29 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-15 16:29 . 2012-02-15 16:29 -------- d-----w- c:\programdata\AVAST Software
2012-02-13 10:23 . 2012-02-13 10:27 -------- d-----w- c:\users\Administrator\AppData\Roaming\Media Finder
2012-02-13 10:22 . 2012-02-13 10:22 237 ----a-w- C:\user.js
2012-02-13 10:22 . 2012-02-13 10:22 -------- d-----w- c:\users\Administrator\AppData\Local\Babylon
2012-02-13 10:22 . 2012-02-13 10:22 -------- d-----w- c:\users\Administrator\AppData\Roaming\Babylon
2012-02-03 17:18 . 2012-02-04 14:41 -------- d-----w- c:\users\Administrator\AppData\Roaming\BSplayer
2012-02-02 13:48 . 2012-02-02 13:48 -------- d-----w- c:\program files\Update Services 3.0 API Samples and Tools
2012-01-28 20:44 . 2012-02-15 16:46 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps
2012-01-28 19:29 . 2012-01-28 19:29 -------- d-----w- C:\Rbackup
2012-01-26 12:00 . 2012-02-14 21:28 -------- d-----w- c:\program files\trend micro
2012-01-25 23:40 . 2012-01-25 23:40 -------- d-----w- c:\users\Administrator\AppData\Roaming\driveridentifier
2012-01-25 21:19 . 2012-01-25 21:19 -------- d-----w- c:\users\Administrator\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-15 00:07 . 2012-01-15 00:05 249856 ------w- c:\windows\Setup1.exe
2012-01-15 00:07 . 2012-01-15 00:05 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-11-21 10:47 . 2011-12-17 20:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BC1C471-3B6B-41EE-8762-04098954FC93}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštìcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- d:\avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="d:\avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výøezy obrazovky a spuštìní aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Michal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výøezy obrazovky a spuštìní aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výøezy obrazovky a spuštìní aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
.
R1 aswFW;avast! TDI Firewall driver; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [x]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [x]
R3 CFcatchme;CFcatchme;c:\users\Michal\AppData\Local\Temp\CFcatchme.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\nová složka (2)\Garena Plus\Room\safedrv.sys [x]
R3 RTCore32;RTCore32;d:\rccu\RTCore32.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-17 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-05-23 216832]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Doplòkový sken -------
.
uInternet Settings,ProxyOverride = local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáøe Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: d:\avira\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 10.21.5.19
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
d:\avast\AvastSvc.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový èas: 2012-02-15 23:31:39 - poèítaè byl restartován
ComboFix-quarantined-files.txt 2012-02-15 22:31
ComboFix2.txt 2012-02-15 19:36
ComboFix3.txt 2012-02-14 22:45
ComboFix4.txt 2011-04-17 22:07
ComboFix5.txt 2012-02-15 22:08
.
Pøed spuštìním: 2 406 535 168
Po spuštìní: 2 224 492 544
.
- - End Of File - - 896A1A0F12C9F453225E6349912B1028

Re: Vypínání NB po lupnutí v obrazovce a další..

Napsal: 16 úno 2012 14:56
od vyosek
Zkuste WinSockFix http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22
Pokud mate parametry pripojeni rucne, pak je nastavte
Eithne píše: Klepněte na Start -> Ovládací Panely -> Sítová připojení -> Připojení k místní síti a pravým tlačítkem na Vlastnosti. Vyhledejte položku Protokol sítě Internet (TCP/IP) a poklepejte na ni. Tady musíte po zaškrtnutí políček Použít následující adresu IP a Použít následující adresy serverů DNS vyplnit dva údaje, a to, IP adresu a adresu DNS serveru.
Pripadne kontaktujte poskytovatele, ci je u nej vse OK

Re: Vypínání NB po lupnutí v obrazovce a další..

Napsal: 16 úno 2012 15:28
od sc0pe
Na win7 by jste nemel navod?Jinak ten odkaz je nefunkcni nejspise.."Vámi požadovaná adresa neexistuje. Zkontrolujte prosím, zda jste ji zadali skutečně správně."

Re: Vypínání NB po lupnutí v obrazovce a další..

Napsal: 16 úno 2012 15:30
od vyosek
Aha, tam je jeste chybka s presuny na ftp co probehly, omlouvam se :?:

na W7 takto http://www.dozimont.cz/index.php/rady-a ... ows-7.html
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz