VIRY.CZ

Dobrý den, mám notebook po reinstalaci Windowsu. Mam SONY vaio takze jsem odinstalovaval hromadu programu prave od SOny. Pocitac mi ale nevim proc haze cas od casu Modrou smrt. Bohuzel se mi jeste nepodarilo udelat screen. Davam sem proto zatim jen LOG z HJT, díky za kontrolu.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:37:00, on 9.10.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Admin\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8792 bytes

Zdravím!
Otevřte adresář windows\minidump, jeho obsah zabalte do raru a přiložte k vašemu příštímu postu.

tady jsou

Měl jste nainstalován dříve antivir NOD?

Ano mel, ale uz jsem nainstaloval avast. Bylo to tím?

NOD jste odinstaloval asi jen zběžně standadrdní odinstalací a vy systému něco zbylo. Zkuste PS projet tímto: http://kb.eset.com/esetkb/index?page=co ... cale=cs_CZ .

Odinstaloval jsem jen ESS, NOD tam porad je...jeste z reinstalu byl u OS. Mam ho take odstranit??

>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[10/09/12 19:01:44] C:\Users\Admin\Desktop\ESETUninstaller.exe 4.0.15.5
[10/09/12 19:01:44] Input arguments:
[10/09/12 19:01:46] Online (PC booted from fixed disk) mode detected.

[10/09/12 19:01:46] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y


[10/09/12 19:01:50] Scanning available operating systems ...

[10/09/12 19:01:50] Available operating systems, which AV product can be removed from:

[10/09/12 19:01:50] [1]
[10/09/12 19:01:50] Product Name: Windows 7 Home Premium
[10/09/12 19:01:50] Current Version: 6.1.0.7600.WinNT.AMD64
[10/09/12 19:01:50] Volume: C:\
[10/09/12 19:01:50] System Root: C:\Windows
[10/09/12 19:01:50] Program Files: C:\Program Files
[10/09/12 19:01:50] Program Files (x86): C:\Program Files (x86)
[10/09/12 19:01:50] Common files: C:\Program Files\Common Files
[10/09/12 19:01:50] Common files (x86): C:\Program Files (x86)\Common Files
[10/09/12 19:01:50] Common application data folder: C:\ProgramData
[10/09/12 19:01:50] Common programs folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[10/09/12 19:01:50] Device path folder: C:\Windows\inf
[10/09/12 19:01:50] Drives mapping:
[10/09/12 19:01:50] Current Letter: C Native Letter: C
[10/09/12 19:01:50] Current Letter: D Native Letter: D

[10/09/12 19:01:50] Building cache: 64bit COM: AppID -> DllName ...
[10/09/12 19:01:50] Building cache: 64bit COM: Category -> ReferenceCounter ...
[10/09/12 19:01:50] Building cache: 32bit COM: AppID -> DllName ...
[10/09/12 19:01:50] Building cache: 32bit COM: Category -> ReferenceCounter ...
[10/09/12 19:01:50] Scanning installed AV products ...

[10/09/12 19:01:54] Installed AV products:
[10/09/12 19:01:54] 1. ESS/EAV/EMSX
[10/09/12 19:01:54] 2. NODv2

[10/09/12 19:01:54] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1

[10/09/12 19:02:20] Are you sure to uninstall ESS/EAV/EMSX from this OS? (y/n): y


[10/09/12 19:02:23] Product uninstallation: ESS/EAV/EMSX

[10/09/12 19:02:23] Uninstallation in progress, please wait ...

[10/09/12 19:02:23] Current control set ... ControlSet001

[10/09/12 19:02:23] Services: deleted: ControlSet001\Services\eamon
[10/09/12 19:02:23] Services: deleted: ControlSet001\Enum\Root\LEGACY_EPFWWFPR
[10/09/12 19:02:23] Services: deleted: ControlSet001\Enum\Root\LEGACY_EHDRV

[10/09/12 19:02:23] WSC: ESS/EAV unregistered of Windows Security Center

[10/09/12 19:02:23] WSC: ESS/EAV (WMI) unregistered of Windows Security Center


[10/09/12 19:02:23] ESET Smart Security - Context Menu Shell Extension (32-bit): deleted: Classes\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D}
[10/09/12 19:02:23] ShellEx (32-bit): deleted value in: Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ...
[10/09/12 19:02:23] deleted: {B089FE88-FB52-11D3-BDF1-0050DA34150D}

[10/09/12 19:02:23] Installer folders (64-bit): deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[10/09/12 19:02:23] deleted: C:\ProgramData\ESET\ESET NOD32 Antivirus\
[10/09/12 19:02:23] deleted: C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\
[10/09/12 19:02:23] deleted: C:\ProgramData\ESET\ESET NOD32 Antivirus\Stats\

[10/09/12 19:02:23] Delete of empty folders ...
[10/09/12 19:02:23] ESET folder: deleted: C:\Program Files (x86)\ESET\

[10/09/12 19:02:23] ESET Product (64-bit): deleted: ESET\Setup
[10/09/12 19:02:23] ESET Product (64-bit): deleted: ESET

[10/09/12 19:02:23] ESET Product (32-bit): deleted value in: ESET\NOD\CurrentVersion ...
[10/09/12 19:02:23] deleted: Amon_status
[10/09/12 19:02:23] ESET Product (32-bit): deleted: ESET\NOD\CurrentVersion
[10/09/12 19:02:23] ESET Product (32-bit): deleted: ESET\NOD
[10/09/12 19:02:23] ESET Product (32-bit): deleted: ESET


[10/09/12 19:02:23] Dmon (64-bit): deleted: Classes\AppId\DMON.DLL
[10/09/12 19:02:23] Dmon (64-bit): deleted: Classes\AppId\{6EB1806F-1E78-4EE0-BC56-CCB3A2784379}

[10/09/12 19:02:23] Email plugins (32-bit): deleted value in: Mozilla\Thunderbird\Extensions ...
[10/09/12 19:02:23] deleted: eplgTb@eset.com

[10/09/12 19:02:23] Email plugins (32-bit): deleted value in: Microsoft\Exchange\Client\Extensions ...
[10/09/12 19:02:23] deleted: ESET Outlook Plugin

[10/09/12 19:02:23] Uninstallation ESS/EAV/EMSX finished successfully.


[10/09/12 19:02:23] Installed AV products:
[10/09/12 19:02:23] 1. NODv2

[10/09/12 19:02:23] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): q
[10/09/12 19:02:38] Exit request!


[10/09/12 19:02:38] Log file location: "C:\Users\Admin\Desktop\~ESETUninstaller.log"

[10/09/12 19:02:38] Uninstallation finished successfully, please restart your PC now.

[10/09/12 19:02:38] Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>

Odstraňte ho tou utilitou, na kterou jsem vám dal odkaz.

Tak kdyz jsem ho zkousel tou utilitou tak to psalo ze tam uz zadny program od toho vyrobce neni...ani v nainstalovanych programech ho uz nevidim...takze asi zmizel tez Co ted??

Dejte vyhledat soubor eamonm.sys a zkuste ho smazat.

Nevite kde by to tak mohlo byt? asi nekde na C ze? ja v tech 7 moc neumim vyhledavat...delam to pres Disk C nahore a zatim to nic nenaslo...

měl by být v windows\system32\drivers .

Nenašel jsem ho tam ani po zapnuti zobrazovani skrytych souboru a chranenych souboru systemu WIN...

Zkuste, jeslti na něj není odkaz v registry. Startmenu>přík řádek>(napsat) regedit>Enter.

nic ani v registrech na vyhledavani slova eamonm ani na eamonm.sys