Samovolne BSoD, vypinani PC, nejdou aktualizace, ...

Všetko o antivírových programoch, firewalloch, víroch, spyware, ostatných aktuálnych hrozbách, názoroch a skúsenostiach, ako sa im vyvarovať...
POZOR: žiadny WAREZ
ShaiMagal

Samovolne BSoD, vypinani PC, nejdou aktualizace, ...

Príspevok od používateľa ShaiMagal »

Hi, neni tomu ani 2 tydny co jsem reinstalovat a opet problemy tentokrat ve vetsim poctu a vaznosti.

Pri pokusu o aplikovani windows aktualizaci(offline) -> BSoD
Pri pokusu o aplikovani windows aktualizaci(online) -> neuspech
Pri pokusu o cisteni registru(System Cleaner, TuneUp Utilities, SpeedUpMyPC) -> BSoD -> V nouzovem rezimu to jede v pohode.
Pri pokusu o aktualizace McAfee(porad) -> http://img225.imageshack.us/my.php?image=updatedj3.png
Pri pokusu o pripojeni do netu(obcas) ->http://img151.imageshack.us/my.php?image=connectlu7.png
Pri pokusu o spusteni GlobeTrotteru(obcas) ->http://img137.imageshack.us/my.php?image=bootcq9.png


Logfile of HijackThis v1.99.1
Scan saved at 14:54:01, on 24.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\dominik\Dokumenty\Software\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\dominik\Dokumenty\Software\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\dominik\DOKUME~1\Software\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [hkss] "C:\Program Files\Compaq\Hotkey Software\hkss.exe"
O4 - HKLM\..\Run: [kis] "C:\Documents and Settings\dominik\Dokumenty\Software\Stegnos Internet Security 2007\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://download.windowsupdate.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zam.pojcs.cz
O17 - HKLM\Software\..\Telephony: DomainName = zam.pojcs.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D91A019-DBB9-409E-92CB-ED2548178A4E}: NameServer = 192.168.4.28,192.168.4.29
O17 - HKLM\System\CCS\Services\Tcpip\..\{D01318C7-23C0-4937-8381-4027BFE2C321}: NameServer = 10.180.88.128,10.180.88.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{E66B008C-C286-493E-8660-670AA960CA3C}: NameServer = 10.180.88.128,10.180.88.129
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zam.pojcs.cz
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Steganos Internet Security 2007 (AVP) - Unknown owner - C:\Documents and Settings\dominik\Dokumenty\Software\Stegnos Internet Security 2007\avp.exe" -r (file missing)
O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Personal Firewall 4\kpf4ss.exe
O23 - Service: MAIF - Unknown owner - C:\DOCUME~1\dominik\LOCALS~1\Temp\MAIF.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: WEWATOGTN - Unknown owner - C:\DOCUME~1\dominik\LOCALS~1\Temp\WEWATOGTN.exe (file missing)
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

SmitFraudFix v2.112

Scan done at 14:55:18,71, p 24.11.2006
Run from C:\DOCUME~1\dominik\LOCALS~1\Temp\RarSFX0
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\dominik


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\dominik\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\dominik\OBLBEN~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Aktu ln¡ domovsk str nka"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"AClntUsr" = "C:\Program Files\Altiris\AClient\AClntUsr.EXE" [empty string]
"McAfeeUpdaterUI" = ""C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey" ["Network Associates, Inc."]
"ShStatEXE" = ""C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE" ["Network Associates, Inc."]
"hkss" = ""C:\Program Files\Compaq\Hotkey Software\hkss.exe"" ["Compaq Computer Corporation"]
"kis" = ""C:\Documents and Settings\dominik\Dokumenty\Software\Stegnos Internet Security 2007\avp.exe"" ["Steganos GmbH"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0000CC75-ACF3-4cac-A0A9-DD3868E06852}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DAPHelper Class"
\InProcServer32\(Default) = "C:\Program Files\DAP\dapbho.dll" ["Speedbit Ltd."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\DOCUME~1\dominik\DOKUME~1\Software\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozsiøeni ikony programu HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {HKLM...CLSID} = "Contact View"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {HKLM...CLSID} = "Message View"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{EB08BEF8-DA8F-4f4a-8955-54BBF14583B1}" = "DataShredder Shell Extension"
-> {HKLM...CLSID} = "DataShredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TRUSTP~1\bin\DWExt.dll" ["AEC, spol. s r.o."]
"{EB5A819A-C4E9-49B3-B3E8-5488ACD25EAA}" = "TrustPort Disk Protection Shell Extension DLL"
-> {HKLM...CLSID} = "TrustPort Disk Protection Shell Extension DLL"
\InProcServer32\(Default) = "C:\Program Files\TrustPort Disk Protection\bin\TDShell.dll" ["AEC, spol. s r.o."]
"{D9341527-6C0C-42D4-ABC6-320CB28AC6D4}" = "CAR / CPH Extension DLL"
-> {HKLM...CLSID} = "CAR / CPH Extension DLL"
\InProcServer32\(Default) = "C:\Program Files\TrustPort Archive Encryption\CARShell.dll" ["AEC, spol. s r.o."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" = "WipeExt"
-> {HKLM...CLSID} = "WipeExt"
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Ace Utilities\wipext.dll" [null data]
"{363E9C24-C4C3-4116-81A4-6D86B459CBE3}" = "Pointstone Shredder Context Menu Shell Extension"
-> {HKLM...CLSID} = "Pointstone Shredder Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\POINTS~1\Shredder\SDShlExt.dll" ["Pointstone Software, LLC"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozsiøeni ikon souborù aplikace Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}" = "Tauscan Menu"
-> {HKLM...CLSID} = "Tauscan Menu"
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Zaøizeni technologie UPnP"
-> {HKLM...CLSID} = "Zaøizeni technologie UPnP"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\
DisplayName = "XP_SP2"
0\ -> launches: "cw.bat" [file not found]
DisplayName = "XP_SP2"
1\ -> launches: "SetEnv.vbs" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<text> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
CARMenuHandler\(Default) = "{D9341527-6C0C-42D4-ABC6-320CB28AC6D4}"
-> {HKLM...CLSID} = "CAR / CPH Extension DLL"
\InProcServer32\(Default) = "C:\Program Files\TrustPort Archive Encryption\CARShell.dll" ["AEC, spol. s r.o."]
DAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
DataShredderShlExt\(Default) = "{EB08BEF8-DA8F-4f4a-8955-54BBF14583B1}"
-> {HKLM...CLSID} = "DataShredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TRUSTP~1\bin\DWExt.dll" ["AEC, spol. s r.o."]
DiskProtectionMenuHandler\(Default) = "{EB5A819A-C4E9-49B3-B3E8-5488ACD25EAA}"
-> {HKLM...CLSID} = "TrustPort Disk Protection Shell Extension DLL"
\InProcServer32\(Default) = "C:\Program Files\TrustPort Disk Protection\bin\TDShell.dll" ["AEC, spol. s r.o."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Stegnos Internet Security 2007\shellex.dll" ["Steganos GmbH"]
Pointstone Shredder\(Default) = "{363E9C24-C4C3-4116-81A4-6D86B459CBE3}"
-> {HKLM...CLSID} = "Pointstone Shredder Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\POINTS~1\Shredder\SDShlExt.dll" ["Pointstone Software, LLC"]
Tauscan Menu\(Default) = "{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}"
-> {HKLM...CLSID} = "Tauscan Menu"
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Network Associates\VirusScan\shext.dll" ["Network Associates, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}"
-> {HKLM...CLSID} = "WipeExt"
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Ace Utilities\wipext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CARMenuHandler\(Default) = "{D9341527-6C0C-42D4-ABC6-320CB28AC6D4}"
-> {HKLM...CLSID} = "CAR / CPH Extension DLL"
\InProcServer32\(Default) = "C:\Program Files\TrustPort Archive Encryption\CARShell.dll" ["AEC, spol. s r.o."]
DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
DataShredderShlExt\(Default) = "{EB08BEF8-DA8F-4f4a-8955-54BBF14583B1}"
-> {HKLM...CLSID} = "DataShredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TRUSTP~1\bin\DWExt.dll" ["AEC, spol. s r.o."]
Pointstone Shredder\(Default) = "{363E9C24-C4C3-4116-81A4-6D86B459CBE3}"
-> {HKLM...CLSID} = "Pointstone Shredder Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\POINTS~1\Shredder\SDShlExt.dll" ["Pointstone Software, LLC"]
Tauscan Menu\(Default) = "{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}"
-> {HKLM...CLSID} = "Tauscan Menu"
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Network Associates\VirusScan\shext.dll" ["Network Associates, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Stegnos Internet Security 2007\shellex.dll" ["Steganos GmbH"]
Tauscan Menu\(Default) = "{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}"
-> {HKLM...CLSID} = "Tauscan Menu"
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Network Associates\VirusScan\shext.dll" ["Network Associates, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}"
-> {HKLM...CLSID} = "WipeExt"
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Ace Utilities\wipext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoAddPrinter" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoDeletePrinter" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoInternetIcon" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoNetHood" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoRecentDocsNetHood" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoViewOnDrive" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoLogoff" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|Logon/Logoff|
Disable Logoff}

"NoActiveDesktop" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Disable Active Desktop}

"NoActiveDesktopChanges" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Prohibit changes}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoMSAppLogo5ChannelNotify" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoWelcomeScreen" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"NoDisplayLastUserName" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

"NoUpdateCheck" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoSplash" = (REG_DWORD) hex:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikaci\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\dominik\Local Settings\Data aplikaci\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 39
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Zdroje informaci"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dl ... ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Data aplikaci/TuneUp Software/Common/base.css" [file not found]
<<H>> "NoAdd-ons" = "res://ieframe.dll/noaddon.htm" [MS]
<<H>> "NoAdd-onsInfo" = "res://ieframe.dll/noaddoninfo.htm" [MS]
<<H>> "SecurityRisk" = "res://ieframe.dll/securityatrisk.htm" [MS]
<<H>> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [MS]


All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
---------------------------------------------------------------------------

.NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [MS]
Adapter vykonu sluzby WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]
Altiris Client Service, AClient, "C:\Program Files\Altiris\AClient\AClient.exe -service" ["Altiris, Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
cpqdmi, cpqdmi, "C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe" ["Compaq Computer Corporation"]
Hibernation, Hibernation, "C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe" [empty string]
Insight Local Alerter, CPQALERT, "C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe" ["Hewlett-Packard Company"]
Jednoduche sluzby TCP/IP, SimpTcp, "C:\WINDOWS\system32\tcpsvcs.exe" [MS]
Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Personal Firewall 4\kpf4ss.exe"" ["Kerio Technologies"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
MAIF, MAIF, "C:\DOCUME~1\dominik\LOCALS~1\Temp\MAIF.exe" [file not found]
McAfee Framework Service, McAfeeFramework, ""C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart" ["Network Associates, Inc."]
Naslouchani RIP, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [MS]}
Network Associates McShield, McShield, ""C:\Program Files\Network Associates\VirusScan\Mcshield.exe"" ["Network Associates, Inc."]
Network Associates Task Manager, McTaskManager, ""C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"" ["Network Associates, Inc."]
Office Source Engine, ose, ""C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"" [MS]
Ovìøovani v siti skupiny rovnocennych pocitacù, p2pgasvc, "C:\WINDOWS\system32\svchost.exe -k p2psvc" {"C:\WINDOWS\system32\p2pgasvc.dll" [MS]}
Podpora programu Windows Media Connect (WMC), WmcCdsLs, "C:\Program Files\Windows Media Connect\mswmcls.exe" [MS]
Pomocna sluzba protokolu IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
Protokol PNRP, PNRPSvc, "C:\WINDOWS\system32\svchost.exe -k p2psvc" {"C:\WINDOWS\system32\p2psvc.dll" [MS]}
Remote Diagnostics Enabling Agent, DfwWebAgent, "C:\WINDOWS\Cpqdiag\Cpqdfwag.exe" ["Hewlett-Packard"]
Remote Packet Capture Protocol v.0 (experimental), rpcapd, (null value) [file not found]
Sluzba HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Sluzba pro sitova ustanoveni, xmlprov, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]}
Sluzba spravy pro Spravce logickych diskù, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
Spravce identit sitì rovnocennych pocitacù, p2pimsvc, "C:\WINDOWS\system32\svchost.exe -k p2psvc" {"C:\WINDOWS\system32\p2psvc.dll" [MS]}
Stavova sluzba ASP.NET, aspnet_state, "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe" [MS]
Steganos Internet Security 2007, AVP, ""C:\Documents and Settings\dominik\Dokumenty\Software\Stegnos Internet Security 2007\avp.exe" -r" ["Steganos GmbH"]
Sit rovnocennych pocitacù, p2psvc, "C:\WINDOWS\system32\svchost.exe -k p2psvc" {"C:\WINDOWS\system32\p2psvc.dll" [MS]}
Tiskovy server TCP/IP, LPDSVC, "C:\WINDOWS\system32\tcpsvcs.exe" [MS]
WEWATOGTN, WEWATOGTN, "C:\DOCUME~1\dominik\LOCALS~1\Temp\WEWATOGTN.exe" [file not found]
Win32Sl, WIN32SL, "C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe" ["Intel"]
Windows CardSpace, idsvc, ""C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"" [MS]
Windows Media Connect (WMC), WmcCds, "c:\program files\windows media connect\mswmccds.exe" [MS]
Windows Presentation Foundation Font Cache 3.0.0.0, FontCache3.0.0.0, "c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Zachytavani pro sluzbu SNMP, SNMPTRAP, "C:\WINDOWS\System32\snmptrap.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]
LPR Port\Driver = "lprmon.dll" [MS]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 26 seconds.
---------- (total run time: 123 seconds)


Spybot
Nenasel nic.

Tauscan
Nenasel nic.

McAfee
Nenasel nic.

Steganos Internet Security 2007
Nenasel nic.
Používateľov profilový obrázok
AjsTi
Používateľ
Používateľ
Príspevky: 1075
Dátum registrácie: Št 31. Mar, 2005, 20:00
Bydlisko: Ba-To

Príspevok od používateľa AjsTi »

Mno dlhsi post snad ani neni na fore :o Ale k veci , ked uz instalujete system a viete ze budete na sieti , co spravit. Dat SP2 , Antivirus , Spybot. Osobne mam doma dve pc na sieti , inet a ziadny virus. Samozrejme antivirus nemyslim AVG a podobne.
8F. Nepocujes , nevidis , nevies. GUGL nieje iba vyhladavanie , je to ZIVOTNA FILOZOFIA. GUGL som JA.
ShaiMagal

Príspevok od používateľa ShaiMagal »

hm, nechci te urazit, ale ja jsem se neptal jak jedlouhy prispevek a ani jestli mam mit AV,FW nebo SP2.

Kdyby ses mrknul uplne na prvni log je tam videt, ze mam:

SP2
Antivirus - McAfee
Firewall - Kerio
AntiSpyware - SpyBot

tim tvym prispevkem jsi mi moc nepomohl...
Používateľov profilový obrázok
AjsTi
Používateľ
Používateľ
Príspevky: 1075
Dátum registrácie: Št 31. Mar, 2005, 20:00
Bydlisko: Ba-To

Príspevok od používateľa AjsTi »

To bude jazykova bariera. Takze este raz skus to oskenovat antivirom , trebars NOD je sice trial , ale na oskenovanie pc viac ako staci. Skus este adaware , tiez trial na oskenovanie staci a este by som sa pozrel po microsoft po nieco ako microsoft defender. Ak samozrejme neodstranis chybu a system bude stale rovnako , hladal by som ci neni chyba v HW. Ci neodchadza sietovka alebo nieco ine. Pripada mi to ako virus , ktory brani sietovej komunikacii.
8F. Nepocujes , nevidis , nevies. GUGL nieje iba vyhladavanie , je to ZIVOTNA FILOZOFIA. GUGL som JA.
Používateľov profilový obrázok
killswitch
VIP
VIP
Príspevky: 4594
Dátum registrácie: Pi 21. Jan, 2005, 20:00
Bydlisko: BA-Okolie

Príspevok od používateľa killswitch »

osobne odporucam dat skontrolovat logy sem: http://forum.pctuning.cz/viewforum.php? ... ed97ede976
maju tam na to sikovneho clovicka :wink:
huh

Re

Príspevok od používateľa huh »

Zkusil bych odinstalovat TrustPort Archive Encryption. Uz jsem to na jednom pocitaci videl. Jak se kliklo na vlastnosti ikony na plose tak BSOD. Delala to jeho knihovna memlock.sys.

Návrat na "Bezpečnost a zabezpečenie PC"