Prosím o kontrolu logu Vyřešeno

[Damned]

Start--> > Spustit a do řádku vlož celý tento řádek:

Kód: Vybrat vše

regedit /e "c:\regla.txt" "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netlogon"

Klikni na OK.
V "C:\" se ti objeví texťák "regla.txt", zkopíruj mi ho sem.

[Reklama]

[Plot]

tak hotovo posílám


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netlogon]
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6c,\
00,73,00,61,00,73,00,73,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netlogon\parameters]
"disablepasswordchange"=dword:00000000
"maximumpasswordage"=dword:0000001e
"requiresignorseal"=dword:00000001
"requirestrongkey"=dword:00000000
"sealsecurechannel"=dword:00000001
"signsecurechannel"=dword:00000001

[Damned]

Nějaký krátký, to bylo doopravdy vše? Chybí mi tam podklíče. Je možné, že to budou dělat ty klíče, co smazal MbAm, pravděpodobně byly nějak poškozeny.

Stáhni si:
Registry Search Tady: Registry Search

Rozbal si soubor do složky a potom poklepej na regsearch.exe ke startu programu.
Do volné linky(linek) nad Enter search string case independent zkopíruj a vlož:

Kód: Vybrat vše

 Podporuje předávací

A klikni na OK.Po skenu se otevře notepad s textem a celý text z něho sem vlož.

[Plot]

Jo jo tamto bylo takhle krátké.
Tak jsem to udělal akorát sem to zkopíroval pod ten text(Enter search string case independent). Nad tímhle textem nebyli žádný volný linky.Byl totiž úplně nahoře. Tak snad je to správně.

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 29.9.2009 16:34:28 for strings:
; 'podporuje předávací'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

[Damned]

Postupně naexportujeme registry a pak uvidíme.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netlogon]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6c,\
00,73,00,61,00,73,00,73,00,2e,00,65,00,78,00,65,00,00,00
"DisplayName"="Přihlašování k síti"
"Group"="RemoteValidation"
"DependOnService"=hex(7):4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,\
6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Podporuje předávací ověření přihlašovacích událostí účtů počítačů v doméně."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netlogon\Parameters]
"DisablePasswordChange"=dword:00000000
"maximumpasswordage"=dword:0000001e
"requiresignorseal"=dword:00000001
"requirestrongkey"=dword:00000000
"sealsecurechannel"=dword:00000001
"signsecurechannel"=dword:00000001
"Update"="no"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netlogon\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00



Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory , najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání hodnoty do registru. Schval.
*****************************************************************************************************************************************
Start--> > Spustit a do řádku vlož celý tento řádek:

Kód: Vybrat vše

regedit /e "c:\reglb.txt" "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netlogon"

Klikni na OK.
V "C:\" se ti objeví texťák "reglb.txt", zkopíruj mi ho sem.

[Plot]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netlogon]
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6c,\
00,73,00,61,00,73,00,73,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netlogon\parameters]
"disablepasswordchange"=dword:00000000
"maximumpasswordage"=dword:0000001e
"requiresignorseal"=dword:00000001
"requirestrongkey"=dword:00000000
"sealsecurechannel"=dword:00000001
"signsecurechannel"=dword:00000001

[Damned]

Asi to bude u všech stejný. Napíšu všechny exporty podle toho co odstranil MbAM a dám je sem v archívu. Bude to celkem 20 souborů *.reg v jednom rar archívu. Chvíli to potrvá.

[Plot]

dobře, díky

[Damned]

MbaM smazal i zápisy Eventlog a původní z Pro verze asi nikde nenajdu.
*****************************************************************************************************************************************
Start--> > Spustit a do řádku vlož celý tento řádek:

Kód: Vybrat vše

regedit /e "c:\reglc.txt" "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eventlog"

Klikni na OK.
V "C:\" se ti objeví texťák "reglc.txt", zkopíruj mi ho sem.
*****************************************************************************************************************************************
Start--> > Spustit a do řádku vlož celý tento řádek:

Kód: Vybrat vše

regedit /e "c:\regld.txt" "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eventlog"

Klikni na OK.
V "C:\" se ti objeví texťák "regld.txt", zkopíruj mi ho sem.
*****************************************************************************************************************************************
Start--> > Spustit a do řádku vlož celý tento řádek:

Kód: Vybrat vše

regedit /e "c:\reglc.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog"

Klikni na OK.
V "C:\" se ti objeví texťák "reglc.txt", zkopíruj mi ho sem.

[Plot]

Tak , snad jsem to nepopletl.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eventlog]
"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eventlog\Application]
"MaxSize"=dword:00080000
"Retention"=dword:00093a80
"RestrictGuestAccess"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eventlog\Application\ESENT]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,\
53,00,45,00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
"CategoryMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,\
57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,\
00,53,00,45,00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
"CategoryCount"=dword:00000010
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eventlog\Application\LightScribeService]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,69,00,67,00,68,\
00,74,00,53,00,63,00,72,00,69,00,62,00,65,00,5c,00,4c,00,53,00,53,00,4d,00,\
73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eventlog\System]
"MaxSize"=dword:00080000
"Retention"=dword:00093a80
"RestrictGuestAccess"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eventlog\System\Print]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,70,00,6c,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,78,00,70,\
00,73,00,70,00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eventlog\System\Schannel]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eventlog\System\TCPMon]
"TypesSupported"=dword:00000007
"EventMessageFile"="%SystemRoot%\\System32\\tcpmon.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eventlog\System\Windows Update Agent]
"CategoryCount"=dword:00000009
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,75,00,61,00,75,00,63,00,70,00,6c,00,2e,00,63,00,70,00,6c,00,00,\
00
"CategoryMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,77,00,75,00,61,00,75,00,63,00,70,00,6c,00,2e,00,63,00,70,00,6c,00,\
00,00








Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eventlog]
"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eventlog\Application]
"MaxSize"=dword:00080000
"Retention"=dword:00093a80
"RestrictGuestAccess"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eventlog\Application\ESENT]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,\
53,00,45,00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
"CategoryMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,\
57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,\
00,53,00,45,00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
"CategoryCount"=dword:00000010
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eventlog\Application\LightScribeService]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,69,00,67,00,68,\
00,74,00,53,00,63,00,72,00,69,00,62,00,65,00,5c,00,4c,00,53,00,53,00,4d,00,\
73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eventlog\System]
"MaxSize"=dword:00080000
"Retention"=dword:00093a80
"RestrictGuestAccess"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eventlog\System\Print]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,70,00,6c,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,78,00,70,\
00,73,00,70,00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eventlog\System\Schannel]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eventlog\System\TCPMon]
"TypesSupported"=dword:00000007
"EventMessageFile"="%SystemRoot%\\System32\\tcpmon.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eventlog\System\Windows Update Agent]
"CategoryCount"=dword:00000009
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,75,00,61,00,75,00,63,00,70,00,6c,00,2e,00,63,00,70,00,6c,00,00,\
00
"CategoryMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,77,00,75,00,61,00,75,00,63,00,70,00,6c,00,2e,00,63,00,70,00,6c,00,\
00,00





Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog]
"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application]
"MaxSize"=dword:00080000
"Retention"=dword:00093a80
"RestrictGuestAccess"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\ESENT]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,\
53,00,45,00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
"CategoryMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,\
57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,\
00,53,00,45,00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
"CategoryCount"=dword:00000010
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\LightScribeService]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,69,00,67,00,68,\
00,74,00,53,00,63,00,72,00,69,00,62,00,65,00,5c,00,4c,00,53,00,53,00,4d,00,\
73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System]
"MaxSize"=dword:00080000
"Retention"=dword:00093a80
"RestrictGuestAccess"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Print]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,70,00,6c,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,78,00,70,\
00,73,00,70,00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Schannel]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\TCPMon]
"TypesSupported"=dword:00000007
"EventMessageFile"="%SystemRoot%\\System32\\tcpmon.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Windows Update Agent]
"CategoryCount"=dword:00000009
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,75,00,61,00,75,00,63,00,70,00,6c,00,2e,00,63,00,70,00,6c,00,00,\
00
"CategoryMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,77,00,75,00,61,00,75,00,63,00,70,00,6c,00,2e,00,63,00,70,00,6c,00,\
00,00

[Damned]

Ten Eventlog vypadá, že je OK.

V archívu je 17 *.reg souborů, naexportuj je do registru, restartuj a napiš, zda se objeví něco ve Správci zařízení a ve složce Nástroje pro správu.

[Plot]

A jak je naexportuju do registru?