Potreboval som zohnat konvertor pdf to dxf (kedze linuxovy nekonvertuje podla mojich predstav).
Nabootoval som Win7 a zacal vyhladavat. Stiahol som toho celkom dost a je mozne, ze niektore programy obsahovali aj cracky a podobne blbosti, ktore sa mi zrejme nainstalovali do PC.
Problem spocival v tom, ze po reboote PC zacal bootovat win. Win aj bootoval a tesne pred zobrazenim plochy vyskocilo okno, ktore oznamovalo ze "pruzkumnik windows prestal pracovat".
Moznosti tam boli, vyriesit online, restartovat pruzkumnika, alebo ho ukoncit.
Samozrejme nefungovala ani jedna moznost. Po klinuti na jednu z moznosti sa stale zobrazilo spominane okno ze "pruzkumnik windows prestal pracovat".
Na ploche bola len spodna lista s hodinkamy a ponukou start (ktora samozrejme nepracovala).
Po restarte sa nic nezmenilo.
Ak som nabootoval do nudzoveho rezimu, tak tam to fungovalo normalne. Cize som povypinal (cez msconfig) vsetky sluzby, ktore nepatrili MicroSoftu a v cmd.exe som nechal preskenovat systemovee subory ci nie su poskodene Sfc /scannow.
Sken prebehol bez chyb, cize systemove subory su OK.
Este som v nainstalovanych programoch pozrel ci sa nenainstalovala nejaka aplikacia, ktoru som neinstaloval ja a samozrejme, bola tam aplikacia (neviem nazov, lebo bola napisana cinskymi znakmy). Cize som ju odinstaloval a s program files vymazal.
Znova som nabootoval normalny win7 a stale ta ista chyba.
Cize skusil som dalsiu moznost a to task man. (ctrl+alt+esc). Toto nastastie fungovalo a zacal som hladat ci tam neni nejaka blbost.
Nasiel som nieco co sa mi nepozdavalo (vid obrazok vir0) btw, tam je aj to okno s pruzkumnikem.
Ta aplikacia co sa mi nezdala, bola setup.exe (remote desktop connection). Cize som ju hned dal ukoncit a vtedy islo vypnut aj okno ktore oznamovalo, ze "pruzkumnik windows prestal pracovat".
Vo windowse sa potom dalo normalne robit.
Ak sa pozrete na obr. vir1 tak tam je vidiet este po spusteni sa spusti nejaky setup.exe-start. Neviem co to je a mam pocit ze to ostalo z toho cinskeho balastu. Dalej som vypol SohuVA, pretoze ties mam pocit ze to ma docinenia s cinou.
Na obr. vir2 su zobrazene beziace sluzby a ja pouzivam antivirus avast. Sluzby avastu boli vypnute a ani nesli zapnut. Tak isto mam pocit, ze to blokoval ten cinsky balast.
Antivirus som preinstaloval a teraz je v pohode (sluzba uz bezi).
Ono sa to teraz tvari, ze vsetko je v pohode. Win7 nabieva normalne, sice tam je ta setup.exe-start, ktoru neviem ci vypnut alebo ju nechat tak.
Urcite sa to uz niekomu stalo a otazka znie, co robit!
1. Da sa to nejak spolahlivo opravit (pretoze moj pc je teraz napadnuty)
2. Alebo radsej preinstalovat win (mam asi rok staru zalohu) a samozrejme pomenit hesla, pretoze v mozille su ulozene (sice na disku su sifrovane, ale v mozille sa daju zistit).
Pre istotu sem este dam hijackthis.log ak by niekto chcel pomoct.
Aj ked win bootujem mozno len rat za mesiac, ale aj tak nech to je bezpecne
- Kód: Vybrat vše
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:15:06, on 26. 8. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
FIREFOX: 40.0.2 (x86 sk)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\Explorer.EXE
C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Lingea Shared\luc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Comodo\COMODO Internet Security\cis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://codec.kiev.ua/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SohuBHO - {452ADB5B-00BE-469D-A65F-3046146B2ED5} - C:\Program Files\????\SoHuAutoDetector.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: WinToFlash Suggestor - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ALTDVB_Manager] C:\ALTDVB StarEdition III\\ALTDVB Manager.exe
O4 - HKLM\..\Run: [setup.exe -start] C:\Users\jany\AppData\Local\Temp\setup.exe -start
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2794752810-2991985031-1716452858-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2794752810-2991985031-1716452858-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: ALTDVB Manager.lnk = ?
O4 - Startup: Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe
O9 - Extra button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll
O9 - Extra 'Tools' menuitem: WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Vzdálené plochy Chrome (chromoting) - Google Inc. - C:\Program Files\Google\Chrome Remote Desktop\45.0.2454.17\remoting_host.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: DraftSight API Service - Dassault Systemes - C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 6903 bytes