Problém z notebookem
Ahoj mám tu velký problém když si zapnu film k tomu World a internet nebo jen video na internetu tak se mi sekné celý notebook (děla to někdy i několikrát denně) a vychazí z reproduktoru zvuk ve smyčce do pěti minut to přestané a celý notebook jede normalně. Druhý den jsem zjistil že mi kleknul slot kde se strkají paměťi tak jsem jen jen na jednu 2GB paměť v domnění že to je nedostatkem paměťi tak jsem šel koupit jednu 4GB paměť a po dvou dnech od koupí to děla znovu.
Acer Aspire 5732Z
Procesor: Intel Pentium(R) Dual-Core CPU T4300 @ 2,10 GHz
Grafická karta: Intel Graphics Media Accelerator 4500M (Mobile Intel(R) 4 Series Express Chipset Family)
Operační systém: Microsoft Windows 7 Home Premium 32-bit SP1
třeba se ten Aceří drek přehřívá.
Při hraní GTA:
Teploty
CPU 59 °C (138 °F)
1. CPU / 1. jádro 54 °C (129 °F)
1. CPU / 2. jádro 57 °C (135 °F)
Hitachi HTS545050B9A300 43 °C (109 °F)
Při Internetu + film + World:
Teploty
CPU 48 °C (118 °F)
1. CPU / 1. jádro 44 °C (111 °F)
1. CPU / 2. jádro 45 °C (113 °F)
Hitachi HTS545050B9A300 43 °C (109 °F)
A v klidu:
Teploty
CPU 45 °C (113 °F)
1. CPU / 1. jádro 42 °C (108 °F)
1. CPU / 2. jádro 41 °C (106 °F)
Hitachi HTS545050B9A300 43 °C (109 °F)
Měřeno v AIDA64 Extreme Edition
Teploty vyzerajú OK, možno SW chyba. Skús hodiť RSIT & DDS log.
----
• Stiahni RSIT:
32bit: RSIT.exe
64bit: http://images.malwareremoval.com/random/RSITx64.ex e
• Spusť ako správca,
• Klikni na Continue,
• Po chvíli vyskočí log, jeho obsah sem skopíruj.
----
• Stiahni DDS:
dds.exe
• Spusť ako správca,
• Nastavenie nechaj tak ako je,
• Klikni na Start,
• Po chvíli vyskočí log, jeho obsah sem skopíruj.
RSIT:
log-txt
DDS:
dds-txt
• Odporúčam zmeniť AVG antivírus na iný - napr. avast, Microsoft Security Essentials a pod. AVG robí veľkú záťaž na PC, má slabšie detekcie a pod. (napíš čí si presvedčený ho nechať alebo ho chceš zmeniť)
----
• Stiahni AdwCleaner:
http://general-changelog-team.fr/fr/downloads/fini sh/20-outils-de-xplode/2-adwcleaner
• Ulož na plochu,
• Ukonči všetky programy,
• Spusti a klikni na Delete,
• Po skončení činnosti programu a príp. reštartu PC vyskočí log, jeho obsah sem skopíruj.
I: Ak by log nevyskočil, nájdeš ho na C:\AdwCleaner[S?].txt.
OK změnim AVG na něco jiného
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\KUBEK~1\AppData\Local\Temp\Utils.dll
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Kubíček\AppData\Local\Conduit
Folder Deleted : C:\Users\Kubíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla
Folder Deleted : C:\Users\Kubíček\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kubíček\AppData\Roaming\OpenCandy
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-418 8-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D 2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688- 976E-A1BFF368CB96}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlge dgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokk eneeofpeefomkikfkiedl
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613 B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39 E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DB C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstalle r_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstalle r_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateMa nager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateMa nager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.97
File : C:\Users\Kubíček\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [2990 octets] - [26/02/2013 22:11:05]
########## EOF - C:\AdwCleaner[S1].txt - [3050 octets] ##########
Fajn, otestuj PC ako písal touchwood. Ak sa zistíš, že je chyba v HW tak vymeň HW.
----
Mimochodom touchwood, je to pravda ohľadom AVG.
nesmysl.
jinak snaha vyčistit OS dobrá, ale vytuhnutí do stavu kdy se opakuje zvuk je na 99% způsobeno HW závadou.
Tj.: otestovat RAM memtestem, otestovat HDD
A čím mám otestovat ten HDD?
nějakou SMART utilitou, např. Crystal Disk Info.
Nemužu se v tom vyznat
bez-nazvu-jpg
Cez úpravy -> kopírovať sem vlož log (lepšie sa to stade číta).
image hosting: www.2i.cz, www.imghosting.cz, ...
OS : Windows 7 Home Premium Edition SP1 [6.1 Build 7601] (x86)
Date : 2013/03/04 18:32:58
-- Controller Map -------------------------------------------------- --------
+ Intel(R) ICH9M/M-E Family 4 Port SATA AHCI Controller - 2929 [ATA]
+ ATA Channel 0 (0)
- Hitachi HTS545050B9A300 ATA Device
+ ATA Channel 1 (1)
- Optiarc DVD RW AD-7585H ATA Device
- ATA Channel 4 (4)
- ATA Channel 5 (5)
-- Disk List -------------------------------------------------- -------------
(1) Hitachi HTS545050B9A300 : 500,1 GB [0/0/0, pd1]
-------------------------------------------------- --------------------------
(1) Hitachi HTS545050B9A300
-------------------------------------------------- --------------------------
Model : Hitachi HTS545050B9A300
Firmware : PB4OC60F
Serial Number : 090928PBG406Q7J4T9YV
Disk Size : 500,1 GB (8,4/137,4/500,1)
Buffer Size : 7208 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : SATA/300
Power On Hours : 12100 hod.
Power On Count : 3313 krát
Temparature : 42 C (107 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 4080h [ON]
AAM Level : 80FEh [OFF]
-- S.M.A.R.T. -------------------------------------------------- ------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _62 000000000000 Počet chyb čtení
02 100 100 _40 000000000000 Průchodnost disku
03 138 138 _33 001600000002 Čas na roztočení ploten
04 _96 _96 __0 000000001A9F Počet spuštění/zastavení
05 100 100 __5 000000000000 Počet přemapovaných sektorů
07 100 100 _67 000000000000 Počet chybných hledání
08 100 100 _40 000000000000 Čas potřebný na vyhledání
09 _73 _73 __0 000000002F44 Hodin v činnosti
0A 100 100 _60 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _98 _98 __0 000000000CF1 Počet cyklů zapnutí zařízení
BF 100 100 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 000000000067 Počet vypnutí disku
C1 _91 _91 __0 00000001697D Počet cyklů načítání/vymazání
C2 130 130 __0 00380009002A Teplota
C4 100 100 __0 000000000007 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
DF 100 100 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
-- IDENTIFY_DEVICE -------------------------------------------------- -------
0 1 2 3 4 5 6 7 8 9
000: 045A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 3039 3039 3238 5042 4734 3036 5137 4A34 5439 5956
020: 0003 3850 0004 5042 344F 4336 3046 4869 7461 6368
030: 6920 4854 5335 3435 3035 3042 3941 3330 3020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 0F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0100
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 005E 0040
080: 01FC 0028 746B 7F69 6163 7469 BC49 6163 407F 004E
090: 004F 4080 FFFE 0000 80FE 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 0000 8848 5000 CCA5
110: 97DE 5BCA 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 000B
130: 0060 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 4001 0000
150: 8000 0000 344F 0000 0000 4554 7263 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003D 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101F 0021 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 02C7 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 54A5
-- SMART_READ_DATA -------------------------------------------------- -------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0B 00 64 64 00 00 00 00 00 00 00 02 05
010: 00 64 64 00 00 00 00 00 00 00 03 07 00 8A 8A 02
020: 00 00 00 16 00 00 04 12 00 60 60 9F 1A 00 00 00
030: 00 00 05 33 00 64 64 00 00 00 00 00 00 00 07 0B
040: 00 64 64 00 00 00 00 00 00 00 08 05 00 64 64 00
050: 00 00 00 00 00 00 09 12 00 49 49 44 2F 00 00 00
060: 00 00 0A 13 00 64 64 00 00 00 00 00 00 00 0C 32
070: 00 62 62 F1 0C 00 00 00 00 00 BF 0A 00 64 64 00
080: 00 00 00 00 00 00 C0 32 00 64 64 67 00 00 00 00
090: 00 00 C1 12 00 5B 5B 7D 69 01 00 00 00 00 C2 02
0A0: 00 82 82 2A 00 09 00 38 00 00 C4 32 00 64 64 07
0B0: 00 00 00 00 00 00 C5 22 00 64 64 00 00 00 00 00
0C0: 00 00 C6 08 00 64 64 00 00 00 00 00 00 00 C7 0A
0D0: 00 C8 C8 00 00 00 00 00 00 00 DF 0A 00 64 64 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 85 02 01 5B
170: 03 00 01 00 02 9E 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DD
-- SMART_READ_THRESHOLD -------------------------------------------------- --
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 3E 00 00 00 00 00 00 00 00 00 00 02 28
010: 00 00 00 00 00 00 00 00 00 00 03 21 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 05 00 00 00 00 00 00 00 00 00 00 07 43
040: 00 00 00 00 00 00 00 00 00 00 08 28 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 3C 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 BF 00 00 00 00 00
080: 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00
090: 00 00 C1 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0B0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0C0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
0D0: 00 00 00 00 00 00 00 00 00 00 DF 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 89
Disk vyzerá v poriadku. Skús ComboFix:
• Stiahni a ulož na plochu ComboFix (skr. CF):
http://download.bleepingcomputer.com/sUBs/ComboFix .exe
• Vypni všetky rezidentné bezpečnostne programy - firewally, antiviry, antispywary apod.
• Spusti ako správca,
• Po štarte sa zobrazia licenčné podmienky, klikni na Áno.
• Ak CF ponúkne inštaláciu konzoly pre zotavenie daj áno.
• Postupuj podľa pokynou, počas skenu nechaj PC v klude - nespúštaj žiadne aplikácie, a pod.
• Sken by mal trvať cca 10 minút.
• Po dokončení skenu a príp. reštartom CF vyskočí log, jeho obsah sem skopíruj.
V prípade, že by nevyskočil, nájdeš ho v C:\Combofix.txt.
log.txt
Poprosím o nový log z RSIT a DDS.
RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Kubíček at 2013-03-09 18:32:07
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 64 GB (14%) free of 465 GB
Total RAM: 3002 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:32:11, on 9.3.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kubíček\Desktop\RSIT.exe
C:\Program Files\trend micro\Kubíček.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = fwlink
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = fwlink
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = fwlink
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = fwlink
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fwlink
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/1 05
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://mapy.ovanet.cz/files/activex/AxisCamControl .cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazon aws.com/global/bin/srldetect_intel_4.5.13.0.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - driveragent.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5242 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1EA00BE1-6E54-4E2A-8099-680300BF23E1}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Run]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"AVG_UI"=C:\Program Files\AVG\AVG2013\avgui.exe [2012-12-11 3147384]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run]
""= []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate]
C:\Program Files\EgisTec IPS\PmmUpdate.exe 196609 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate]
C:\Program Files\EgisTec IPS\EgisUpdate.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Kubíček\AppData\Local\Google\Update\Googl eUpdate.exe [2012-07-12 116648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2009-09-02 167424]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7.6\ICQ.exe silent loginmode=4 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2009-09-02 135168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2012-12-21 1090040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2009-09-02 144384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Kubíček^AppD ata^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^uTorrent.exe]
C:\Users\Kubíček\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\uTorrent.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-02 217088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contr ol\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr ol\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servi ces\sharedaccess\parameters\firewallpolicy\standar dprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servi ces\sharedaccess\parameters\firewallpolicy\domainp rofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2013-03-09 18:09:55 ----D---- C:\rsit
2013-03-08 03:19:49 ----D---- C:\Program Files\Auran
2013-03-08 03:13:57 ----D---- C:\Nová složka
2013-03-08 02:15:21 ----HD---- C:\$AVG
2013-03-08 02:15:21 ----D---- C:\ProgramData\AVG2013
2013-03-08 02:14:30 ----D---- C:\Program Files\AVG
2013-03-06 17:47:34 ----D---- C:\Users\Kubíček\AppData\Roaming\AVG2013
2013-03-06 16:52:16 ----D---- C:\Windows\temp
2013-03-06 16:30:37 ----D---- C:\Windows\erdnt
2013-03-02 22:25:01 ----D---- C:\Users\Kubíček\AppData\Roaming\Unity
2013-02-27 14:58:49 ----A---- C:\Windows\system32\UIAnimation.dll
2013-02-27 14:58:37 ----A---- C:\Windows\system32\WMPhoto.dll
2013-02-27 14:58:36 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l 1-1-0.dll
2013-02-27 14:58:36 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32- l1-1-0.dll
2013-02-27 14:58:35 ----AH---- C:\Windows\system32\api-ms-win-downlevel-version-l 1-1-0.dll
2013-02-27 14:58:35 ----AH---- C:\Windows\system32\api-ms-win-downlevel-user32-l1 -1-0.dll
2013-02-27 14:58:35 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l 2-1-0.dll
2013-02-27 14:58:35 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shell32-l 1-1-0.dll
2013-02-27 14:58:35 ----AH---- C:\Windows\system32\api-ms-win-downlevel-ole32-l1- 1-0.dll
2013-02-27 14:58:35 ----AH---- C:\Windows\system32\api-ms-win-downlevel-normaliz- l1-1-0.dll
2013-02-27 14:58:35 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32- l2-1-0.dll
2013-02-27 14:58:35 ----A---- C:\Windows\system32\XpsGdiConverter.dll
mě to vypisovat nemusíš - já ti dával adresu na image hosting.
dds.txt
RSIT.txt
To sú aktuálne logy dúfam. A čo ten AVG? Trváš na ňom? Ak môžem doporučiť, tak si daj Avast alebo Microsoft Security Essentials.
----
• Presuň ComboFix na plochu,
• Otvor si poznámkový blok a skopíruj doňho:
• Ulož na plochu ako CFScript.txt,
• Potiahni CFScript nad ikonu ComboFixu.
• ComboFix vykoná príkazy zo skriptu, a pravdepodobne reštartuje PC.
• Následne vyskočí log, jeho obsah sem skopíruj.
----
• Stiahni OTL:
OTL.exe
• Spusti ako správca,
• Zaškrtni: Pre všetkých používateľov (For All Users alebo Scan All Users), LOP (LOP Check), Purity (Purity Check),
• Klikni na Prehľadať (Run Scan)
• Prebehne sken a vyskočia logy, oba sem skopíruj.