PC-HELP.CZ

Pořád dokola mi MSE hlásí hrozbu a vyčistit počítač. Potom restartovat. Ale už jem to udělal 5x a hlásí to pořád.
Launch ani mwav mi nic nenašly.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:20:34, on 16.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\DOCUME~1\BOHOU~1\LOCALS~1\Temp\Rar$EX00.937\HotkeyP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=108604&ba ... 1a4d686711
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - Default URLSearchHook is missing
O2 - BHO: FastestTube BHO - {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - C:\Program Files\FastestTube\1.3.7\WombatBHO.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: Corsair Add-on - {B4FBA8C3-2083-4ED8-A35B-148478739826} - C:\Program Files\Corsair Addon\corsair.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [HotkeyP] C:\DOCUME~1\BOHOU~1\LOCALS~1\Temp\Rar$EX00.937\HotkeyP.exe 0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6534B3DB-B03C-461C-B72C-B24005265543}: NameServer = 77.237.128.2,77.237.128.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FsUsbExService - Unknown owner - C:\WINDOWS\system32\FsUsbExService.Exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/BOHOU~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 7648 bytes

Co konkrétně za hrozbu hlásí?

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=108604&ba ... 1a4d686711
R3 - Default URLSearchHook is missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Hlásí to ohrožení PC vyčistit Pc a to pořád dokola.. V protokolu je:
Trojan:Win64/Siefef.D
Trojan:Win64/Siefef.E
Trojan:Win64/Siefef.S
Trojan:Win32/Nebuler.Q
Hack Tool/Patch.G
Virus:Win32/Patchload.O

A

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=108604&ba ... 1a4d686711
tam není.

Malwarebytes' Anti-Malware
http://www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16.11.2011 22:19:56
mbam-log-2011-11-16 (22-19-46).txt

Typ: Rychlá kontrola
Kontrolované objekty: 174845
Uplynulý čas: 10 minut, 51 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\bohouš\local settings\temp\Rar$EX00.765\incredimail.v6.10.4625-patch.exe (PUP.Hacktool.Patcher) -> No action taken.
c:\documents and settings\bohouš\local settings\temp\filehunter-win32.exe (Adware.Dropper) -> No action taken.

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

+
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

ComboFix 11-11-16.01 - bohouš 16.11.2011 23:30:48.11.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1596 [GMT 1:00]
Spuštěný z: c:\documents and settings\bohouš\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\bohouš\Local Settings\Data aplikací\4702877c\U\80000000.@
c:\documents and settings\bohouš\Local Settings\Data aplikací\4702877c\U\800000cb.@
c:\documents and settings\bohouš\Local Settings\Data aplikací\4702877c\U\800000cf.@
c:\documents and settings\bohouš\Local Settings\Data aplikací\4702877c\X
c:\program files\20050816162816765_Image_Editor.exe
c:\program files\Corsair Addon
c:\program files\Corsair Addon\corsair.dll
c:\program files\Corsair Addon\uninstall.exe
c:\windows\$NtUninstallKB16257$
c:\windows\$NtUninstallKB16257$\1191348092\@
c:\windows\$NtUninstallKB16257$\1191348092\L\intnzvpi
c:\windows\$NtUninstallKB16257$\1191348092\loader.tlb
c:\windows\$NtUninstallKB16257$\1191348092\U\@00000001
c:\windows\$NtUninstallKB16257$\1191348092\U\@000000c0
c:\windows\$NtUninstallKB16257$\1191348092\U\@000000cb
c:\windows\$NtUninstallKB16257$\1191348092\U\@000000cf
c:\windows\$NtUninstallKB16257$\1191348092\U\@80000000
c:\windows\$NtUninstallKB16257$\1191348092\U\@800000c0
c:\windows\$NtUninstallKB16257$\1191348092\U\@800000cb
c:\windows\$NtUninstallKB16257$\1191348092\U\@800000cf
c:\windows\$NtUninstallKB16257$\3687335648
c:\windows\CSC\d6
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regedit.com
c:\windows\system32\
c:\windows\system32\c_70171.nls
c:\windows\system32\taskmgr.com
.
Nakažená kopie c:\windows\system32\drivers\netbt.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it :)
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-16 do 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-16 22:42 . 2011-11-16 22:42 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EFC6DC1C-016C-44F5-8AD8-BF0428E41AC7}\offreg.dll
2011-11-16 22:27 . 2008-04-13 23:51 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2011-11-16 22:27 . 2008-04-13 23:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-16 21:07 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-16 14:08 . 2011-11-16 22:39 -------- d-sh--w- c:\documents and settings\bohouš\Local Settings\Data aplikací\4702877c
2011-11-16 10:33 . 2011-11-16 21:27 -------- d-----w- c:\program files\Passcape
2011-11-16 08:52 . 2003-07-06 13:10 65536 ----a-w- c:\windows\system32\Vbalicom6.dll
2011-11-16 08:52 . 2003-04-01 06:36 94208 ----a-w- c:\windows\system32\Vbaliml6.ocx
2011-11-16 08:52 . 2000-03-18 11:08 61440 ----a-w- c:\windows\system32\Vbaltab6.ocx
2011-11-16 08:44 . 2011-11-16 08:44 -------- d-----w- c:\program files\Sean Software
2011-11-16 08:29 . 2011-11-16 08:29 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-11-16 08:29 . 2011-11-16 08:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tarma Installer
2011-11-16 08:07 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EFC6DC1C-016C-44F5-8AD8-BF0428E41AC7}\mpengine.dll
2011-11-12 08:57 . 2011-11-12 08:57 -------- d-----w- c:\program files\MSXML 4.0
2011-11-08 17:07 . 2011-11-08 17:07 -------- d-----w- c:\program files\Common Files\PCSuite
2011-10-29 10:10 . 2011-10-29 10:10 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ
2011-10-29 10:09 . 2011-10-29 10:09 -------- d-----w- c:\documents and settings\bohoua
2011-10-29 10:00 . 2011-10-29 10:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NokiaInstallerCache
2011-10-29 09:39 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-10-29 09:39 . 2011-10-29 10:05 -------- d-----w- c:\program files\PC Connectivity Solution
2011-10-29 09:39 . 2011-05-18 08:09 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2011-10-29 09:39 . 2011-05-18 08:09 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2011-10-29 09:39 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-10-29 09:38 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2011-10-29 09:38 . 2011-05-18 08:12 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-10-29 09:38 . 2011-05-18 08:13 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-10-29 09:38 . 2011-05-18 08:13 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-10-29 09:38 . 2011-05-18 08:12 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-10-29 09:38 . 2011-05-18 08:09 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-10-18 08:56 . 2011-10-18 08:56 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-10-18 08:56 . 2011-10-18 08:56 -------- d-----w- c:\program files\Windows Live
2011-10-18 08:55 . 2011-10-18 08:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-10-18 08:51 . 2011-10-18 08:51 -------- d-----w- c:\program files\Common Files\Windows Live
2011-10-18 08:42 . 2011-10-18 08:42 -------- d-----w- c:\program files\Recuva
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 16:59 . 2010-11-29 08:48 60968 ----a-w- c:\windows\system32\wpfb_ati2dvag.dll
2011-10-10 14:22 . 2007-02-22 17:38 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2010-02-20 11:48 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2004-08-17 15:49 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-09-17 12:20 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-09-17 12:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-21 13:39 . 2011-09-21 13:39 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-09-21 13:39 . 2011-09-21 13:39 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-09-21 13:39 . 2011-09-21 13:39 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-09-06 14:10 . 2004-08-17 15:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 13:20 . 2011-06-12 08:03 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-08-22 23:41 . 2004-08-17 15:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2004-08-17 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:41 . 2004-08-17 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2004-08-17 15:44 385024 ----a-w- c:\windows\system32\html.iec
2011-02-28 09:55 . 2011-02-28 09:54 15103144 ----a-w- c:\program files\kmp.exe
2010-02-15 13:48 . 2010-02-15 13:43 26665984 ----a-w- c:\program files\AdbeRdr930_cs_CZ.exe
2010-02-15 13:41 . 2010-02-15 13:41 1697792 ----a-w- c:\program files\AdbeRdrUpd913_all_incr.msp
2010-01-18 13:54 . 2010-01-18 13:51 77003400 ----a-w- c:\program files\BusinessCardsMX-setup.exe
2010-01-13 12:38 . 2010-01-13 12:38 2204483 ----a-w- c:\program files\CaptiveBrowserSetup.exe
2009-08-28 20:17 . 2009-08-28 20:17 1410632 ----a-w- c:\program files\setup_dm_paradies_foto_2.exe
2008-08-05 13:37 . 2008-08-05 13:30 6104632 ----a-w- c:\program files\picasaweb-current-setup.exe
2007-04-02 08:35 . 2007-04-02 08:32 25284600 ----a-w- c:\program files\MahjongTalesAncientWisdomSetup.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-30 17:27 194848 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-11-16 366024]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1313672]
"PivotSoftware"="c:\program files\WinPortrait\wpctrl.exe" [2005-01-26 698104]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\bohouš\Nabídka Start\Programy\Po spuštění\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2010-3-16 1512448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 07:52 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeMouse ]
2004-06-27 13:38 503808 ----a-w- c:\program files\Mouse Driver\MouseDrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 13:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKey]
2004-03-15 12:27 45056 ----a-w- c:\progra~1\MEDIAK~1\MagicKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\FoxitReaderPortable\\App\\FoxitReader\\Foxit Reader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [12.6.2011 8:48 45288]
S1 MpKsl2f7ed23a;MpKsl2f7ed23a;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EFC6DC1C-016C-44F5-8AD8-BF0428E41AC7}\MpKsl2f7ed23a.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EFC6DC1C-016C-44F5-8AD8-BF0428E41AC7}\MpKsl2f7ed23a.sys [?]
S1 MpKsla8cfa9a9;MpKsla8cfa9a9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A7C5D08B-521D-4824-A478-32D59E7B761B}\MpKsla8cfa9a9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A7C5D08B-521D-4824-A478-32D59E7B761B}\MpKsla8cfa9a9.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe --> c:\windows\system32\FsUsbExService.Exe [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5.10.2011 9:48 130248]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3.1.2011 10:22 36608]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5.10.2011 9:48 130248]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\MTK.SYS [28.3.2007 9:33 15670]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [29.10.2011 10:39 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [29.10.2011 10:39 8576]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [26.4.2010 8:40 32377]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [17.8.2004 16:49 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-05 08:47]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-05 08:47]
.
2011-06-12 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 13:56]
.
2011-10-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2011-08-01 13:57]
.
2011-11-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-11-16 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://mystart.incredimail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6534B3DB-B03C-461C-B72C-B24005265543}: NameServer = 77.237.128.2,77.237.128.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{B4FBA8C3-2083-4ED8-A35B-148478739826} - c:\program files\Corsair Addon\corsair.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Corsair Addon - c:\program files\Corsair Addon\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-16 23:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
PivotSoftware = "c:\program files\WinPortrait\wpctrl.exe"??????????????w????2/??????????????????L??|???????|????????[d???????"??????????????????????????( ??????Service Pack 3?????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\]*‘|đÁ]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="????"
"DeviceInstanceIds"=multi:"\0c\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\]*‘|xć]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="????"
"DeviceInstanceIds"=multi:"\0c\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="831FD2BA74BED7515319D005B16CF02B9EA742E997C8CF4CA467D8C721205F11F34E445F31544F5B0C4F4DE55C8A9B76D006532DFADEEC7947778B4B1BA843C6A75D95E7AFD6F094BE8A640721CF69079BD0EBEF216D5F5D94882C9D53FD2DA8119882C3C6DF9198B2174CDCBE27BE553DF661D0CACF38EADCCB5026B00A7A41B48E7A44A00D7A2B418574C243FCF17B822B3C548E667A3384B3BCB16E3E7DBCAC15211DBEFBEBB058ABFC7715434D384F62BCE154111EF005F6ECEF9A8BF86BA5C3CD68F4D495B4FBA2389CECEF11EE1C5751445C39107E68100FF518EC294360768CA56ABD9EE3C047B03957FB6E26F2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452C038D530D6EB3452FEBC9E127BECC74CBC313EC0B2BD5CE4686776EF5BF52F53E875B0D4C0AB6D94C6C71D740DB2C6BA69B972D146D054A0B7B780B3F6CD7ED5C63854BBE5535961957866CFD914AE506319655572CCF99882FB7D368E8B8BC652FD443AC1D3B180B27727325902F0551E13ECEAF610D15CBFF34CFBB41BB6A9222309DA58C6CC89F45DAC4922E2FE94D220C285996C868D2593AEDC7DDA8395113A0FFA3137A62976F82E984A8D6B70FBEA046F2329E563B2044C07041D9737BD09A4CB56255F9F184EC1756D51F1DE5BD33241DEFE61A6A8A22E7A642A3F4C09877C545586BC40FA92650DAB6E6DE6F4ECB2EC9E1C11380BFE438CC1BBE62899E4306CC141A374073079DB2998DF298FFECE36B5A3AB07A45E5FE54002A4B3DA0239C232B1A238694642B58CFA6E543904B4B27E2A919B02B736820B9FAD68787477D94229671C8EA766C18231E0AE40AD7451543AC210F339E3B44FABDCD6E506AD078E6A4744AA59747A394DA4113A5E054F18D267119043E69F3E30B121593305F2BB2D39E735175CAD65D34969FDACBDC1AF644763AFE8A0BC8E2D4EFECD2E089DEE9FDA55E8CF7200BFBC863829665E8F82D5D0DA6F74D8D8781679BC7F5DA657D35F6AEA4525EE66817633149B8906F57D811763306238943A511FB772D8B2C518814C1E0C6EEEAC6BE14E24F7493C0490B4CE7B98E04F65953ACDE4EAEF64636F8E887647B471F14153F5A7A88E699CB1B1523390D60F13509FB7CAF42257FC9080CA10BFB85B274B1570EDD7F3D978582E1FB3455C4EBAB344B4045E268BB535CAE21C05EAF516546226DE7648412382D4D735A7BD47CD0EDEBFC138E4E2829C4E45DFEA736C562C6DA571B810B3FB2FC341866E7B1810B01CF6C5587CA52D0964093187ABCFD826DB9D351783AA38E40DC78A90C9C31BF0991E67DB3E80D3C159EA7CB62215DF1BC4E449CC0D835D2BB4F5B74D11305B29E99A921D2F01E710EB4A44981A1401E537F1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(380)
c:\program files\RocketDock\RocketDock.dll
c:\program files\WinPortrait\WinpHook.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\WinPortrait\floater.exe
c:\program files\IncrediMail\Bin\ImApp.exe
.
**************************************************************************
.
Celkový čas: 2011-11-16 23:52:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-16 22:52
.
Před spuštěním: 7 212 060 672
Po spuštění: 7 450 341 376
.
- - End Of File - - AE2D6CC35002822E0161E73253816DCD

Malwarebytes' Anti-Malware
www.malwarebytes.org

Database version:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16.11.2011 23:14:59
mbam-log-2011-11-16 (23-14-59).txt

Scan type: Quick scan
Objects scanned: 174898
Time elapsed: 8 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\bohouš\local settings\temp\Rar$EX00.765\incredimail.v6.10.4625-patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
c:\documents and settings\bohouš\local settings\temp\filehunter-win32.exe (Adware.Dropper) -> Quarantined and deleted successfully.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

DirLook::
c:\documents and settings\bohouš\Local Settings\Data aplikací\4702877c
c:\documents and settings\bohoua

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\drivers\netbt.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Složku:
c:\documents and settings\bohoua--znáš?

C:\Documents and Settings\bohoua
Tento soubor obsahuje nějaký ptákoviny, který se tam uložily, když jsem něco stahoval do mobilu.

ComboFix 11-11-16.02 - bohouš 17.11.2011 9:27.12.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1468 [GMT 1:00]
Spuštěný z: c:\documents and settings\bohouš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\bohouš\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-17 do 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 07:34 . 2011-11-17 07:34 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A29747A6-D428-4651-847A-477D0443E440}\MpKsl25129b69.sys
2011-11-17 07:34 . 2011-11-17 07:34 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A29747A6-D428-4651-847A-477D0443E440}\offreg.dll
2011-11-17 07:34 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A29747A6-D428-4651-847A-477D0443E440}\mpengine.dll
2011-11-16 22:27 . 2008-04-13 23:51 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2011-11-16 22:27 . 2008-04-13 23:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-16 21:07 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-16 14:08 . 2011-11-16 22:39 -------- d-sh--w- c:\documents and settings\bohouš\Local Settings\Data aplikací\4702877c
2011-11-16 10:33 . 2011-11-16 21:27 -------- d-----w- c:\program files\Passcape
2011-11-16 08:52 . 2003-07-06 13:10 65536 ----a-w- c:\windows\system32\Vbalicom6.dll
2011-11-16 08:52 . 2003-04-01 06:36 94208 ----a-w- c:\windows\system32\Vbaliml6.ocx
2011-11-16 08:52 . 2000-03-18 11:08 61440 ----a-w- c:\windows\system32\Vbaltab6.ocx
2011-11-16 08:44 . 2011-11-16 08:44 -------- d-----w- c:\program files\Sean Software
2011-11-16 08:29 . 2011-11-16 08:29 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-11-16 08:29 . 2011-11-16 08:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tarma Installer
2011-11-12 08:57 . 2011-11-12 08:57 -------- d-----w- c:\program files\MSXML 4.0
2011-11-08 17:07 . 2011-11-08 17:07 -------- d-----w- c:\program files\Common Files\PCSuite
2011-10-29 10:10 . 2011-10-29 10:10 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ
2011-10-29 10:09 . 2011-10-29 10:09 -------- d-----w- c:\documents and settings\bohoua
2011-10-29 10:00 . 2011-10-29 10:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NokiaInstallerCache
2011-10-29 09:39 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-10-29 09:39 . 2011-10-29 10:05 -------- d-----w- c:\program files\PC Connectivity Solution
2011-10-29 09:39 . 2011-05-18 08:09 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2011-10-29 09:39 . 2011-05-18 08:09 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2011-10-29 09:39 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-10-29 09:38 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2011-10-29 09:38 . 2011-05-18 08:12 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-10-29 09:38 . 2011-05-18 08:13 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-10-29 09:38 . 2011-05-18 08:13 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-10-29 09:38 . 2011-05-18 08:12 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-10-29 09:38 . 2011-05-18 08:09 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-10-18 08:56 . 2011-10-18 08:56 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-10-18 08:56 . 2011-10-18 08:56 -------- d-----w- c:\program files\Windows Live
2011-10-18 08:55 . 2011-10-18 08:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-10-18 08:51 . 2011-10-18 08:51 -------- d-----w- c:\program files\Common Files\Windows Live
2011-10-18 08:42 . 2011-10-18 08:42 -------- d-----w- c:\program files\Recuva
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 16:59 . 2010-11-29 08:48 60968 ----a-w- c:\windows\system32\wpfb_ati2dvag.dll
2011-10-10 14:22 . 2007-02-22 17:38 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2010-02-20 11:48 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2004-08-17 15:49 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-09-17 12:20 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-09-17 12:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-21 13:39 . 2011-09-21 13:39 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-09-21 13:39 . 2011-09-21 13:39 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-09-21 13:39 . 2011-09-21 13:39 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-09-06 14:10 . 2004-08-17 15:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 13:20 . 2011-06-12 08:03 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-08-22 23:41 . 2004-08-17 15:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2004-08-17 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:41 . 2004-08-17 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2004-08-17 15:44 385024 ----a-w- c:\windows\system32\html.iec
2011-02-28 09:55 . 2011-02-28 09:54 15103144 ----a-w- c:\program files\kmp.exe
2010-02-15 13:48 . 2010-02-15 13:43 26665984 ----a-w- c:\program files\AdbeRdr930_cs_CZ.exe
2010-02-15 13:41 . 2010-02-15 13:41 1697792 ----a-w- c:\program files\AdbeRdrUpd913_all_incr.msp
2010-01-18 13:54 . 2010-01-18 13:51 77003400 ----a-w- c:\program files\BusinessCardsMX-setup.exe
2010-01-13 12:38 . 2010-01-13 12:38 2204483 ----a-w- c:\program files\CaptiveBrowserSetup.exe
2009-08-28 20:17 . 2009-08-28 20:17 1410632 ----a-w- c:\program files\setup_dm_paradies_foto_2.exe
2008-08-05 13:37 . 2008-08-05 13:30 6104632 ----a-w- c:\program files\picasaweb-current-setup.exe
2007-04-02 08:35 . 2007-04-02 08:32 25284600 ----a-w- c:\program files\MahjongTalesAncientWisdomSetup.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\bohoua ----
.
2011-10-29 10:16 . 2011-10-29 10:16 632 ----a-w- c:\documents and settings\bohoua\Local Settings\Data aplikací\NokiaAccount\secfile.flst
2011-10-29 10:16 . 2011-10-29 10:16 1028 ----a-w- c:\documents and settings\bohoua\Local Settings\Data aplikací\NokiaAccount\metadata.minf
.
---- Directory of c:\documents and settings\bohouš\Local Settings\Data aplikací\4702877c ----
.
2011-11-16 22:29 . 2011-11-16 22:29 2632 --sha-w- c:\documents and settings\bohouš\Local Settings\Data aplikací\4702877c\loader.tlb
2011-11-16 22:17 . 2011-11-16 22:17 0 ----a-w- c:\documents and settings\bohouš\Local Settings\Data aplikací\4702877c\U\800000cf.$
2011-11-16 22:17 . 2011-11-16 22:17 0 ----a-w- c:\documents and settings\bohouš\Local Settings\Data aplikací\4702877c\U\800000cb.$
2011-11-16 22:17 . 2011-11-16 22:17 0 ----a-w- c:\documents and settings\bohouš\Local Settings\Data aplikací\4702877c\U\80000000.$
2011-11-16 14:08 . 2011-11-16 14:08 2048 --sha-w- c:\documents and settings\bohouš\Local Settings\Data aplikací\4702877c\@
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-16_22.43.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-07 14:39 . 2011-01-07 14:39 51024 c:\windows\system32\vcomp100.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 51024 c:\windows\system32\vcomp100.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 80720 c:\windows\system32\mfcm100u.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 80720 c:\windows\system32\mfcm100u.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 80208 c:\windows\system32\mfcm100.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 80208 c:\windows\system32\mfcm100.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 60752 c:\windows\system32\mfc100rus.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 60752 c:\windows\system32\mfc100rus.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 43344 c:\windows\system32\mfc100kor.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 43344 c:\windows\system32\mfc100kor.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 43856 c:\windows\system32\mfc100jpn.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 62288 c:\windows\system32\mfc100ita.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 62288 c:\windows\system32\mfc100ita.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 36176 c:\windows\system32\mfc100cht.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 36176 c:\windows\system32\mfc100cht.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 36176 c:\windows\system32\mfc100chs.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 36176 c:\windows\system32\mfc100chs.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 64336 c:\windows\system32\mfc100fra.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 64336 c:\windows\system32\mfc100fra.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 63824 c:\windows\system32\mfc100esn.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 63824 c:\windows\system32\mfc100esn.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 55120 c:\windows\system32\mfc100enu.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 55120 c:\windows\system32\mfc100enu.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 64336 c:\windows\system32\mfc100deu.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 64336 c:\windows\system32\mfc100deu.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 768848 c:\windows\system32\msvcr100.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 421200 c:\windows\system32\msvcp100.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 421200 c:\windows\system32\msvcp100.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 137544 c:\windows\system32\atl100.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 4368720 c:\windows\system32\mfc100u.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 4368720 c:\windows\system32\mfc100u.dll
+ 2011-01-07 14:39 . 2011-01-07 14:39 4342600 c:\windows\system32\mfc100.dll
+ 2011-01-07 19:10 . 2011-01-07 19:10 3991040 c:\windows\Installer\24e835.msp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-30 17:27 194848 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-11-16 366024]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1313672]
"PivotSoftware"="c:\program files\WinPortrait\wpctrl.exe" [2005-01-26 698104]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\bohouš\Nabídka Start\Programy\Po spuštění\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2010-3-16 1512448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 07:52 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeMouse ]
2004-06-27 13:38 503808 ----a-w- c:\program files\Mouse Driver\MouseDrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 13:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKey]
2004-03-15 12:27 45056 ----a-w- c:\progra~1\MEDIAK~1\MagicKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\FoxitReaderPortable\\App\\FoxitReader\\Foxit Reader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 MpKsl25129b69;MpKsl25129b69;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A29747A6-D428-4651-847A-477D0443E440}\MpKsl25129b69.sys [17.11.2011 8:34 28752]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [12.6.2011 8:48 45288]
S1 MpKsl2f7ed23a;MpKsl2f7ed23a;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EFC6DC1C-016C-44F5-8AD8-BF0428E41AC7}\MpKsl2f7ed23a.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EFC6DC1C-016C-44F5-8AD8-BF0428E41AC7}\MpKsl2f7ed23a.sys [?]
S1 MpKsla8cfa9a9;MpKsla8cfa9a9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A7C5D08B-521D-4824-A478-32D59E7B761B}\MpKsla8cfa9a9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A7C5D08B-521D-4824-A478-32D59E7B761B}\MpKsla8cfa9a9.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe --> c:\windows\system32\FsUsbExService.Exe [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5.10.2011 9:48 130248]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3.1.2011 10:22 36608]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5.10.2011 9:48 130248]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\MTK.SYS [28.3.2007 9:33 15670]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [29.10.2011 10:39 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [29.10.2011 10:39 8576]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [26.4.2010 8:40 32377]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [17.8.2004 16:49 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL25129B69
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-05 08:47]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-05 08:47]
.
2011-06-12 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 13:56]
.
2011-10-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2011-08-01 13:57]
.
2011-11-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-11-17 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://mystart.incredimail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6534B3DB-B03C-461C-B72C-B24005265543}: NameServer = 77.237.128.2,77.237.128.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-17 09:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
PivotSoftware = "c:\program files\WinPortrait\wpctrl.exe"??????????????w????2/??????????????????L??|???????|????????[d???????"??????????????????????????( ??????Service Pack 3?????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\]*‘|đÁ]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="????"
"DeviceInstanceIds"=multi:"\0c\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\]*‘|xć]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="????"
"DeviceInstanceIds"=multi:"\0c\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="831FD2BA74BED7515319D005B16CF02B9EA742E997C8CF4CA467D8C721205F11F34E445F31544F5B0C4F4DE55C8A9B76D006532DFADEEC7947778B4B1BA843C6A75D95E7AFD6F094BE8A640721CF69079BD0EBEF216D5F5D94882C9D53FD2DA8119882C3C6DF9198B2174CDCBE27BE553DF661D0CACF38EADCCB5026B00A7A41B48E7A44A00D7A2B418574C243FCF17B822B3C548E667A3384B3BCB16E3E7DBCAC15211DBEFBEBB058ABFC7715434D384F62BCE154111EF005F6ECEF9A8BF86BA5C3CD68F4D495B4FBA2389CECEF11EE1C5751445C39107E68100FF518EC294360768CA56ABD9EE3C047B03957FB6E26F2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452C038D530D6EB3452FEBC9E127BECC74CBC313EC0B2BD5CE4686776EF5BF52F53E875B0D4C0AB6D94C6C71D740DB2C6BA69B972D146D054A0B7B780B3F6CD7ED5C63854BBE5535961957866CFD914AE506319655572CCF99882FB7D368E8B8BC652FD443AC1D3B180B27727325902F0551E13ECEAF610D15CBFF34CFBB41BB6A9222309DA58C6CC89F45DAC4922E2FE94D220C285996C868D2593AEDC7DDA8395113A0FFA3137A62976F82E984A8D6B70FBEA046F2329E563B2044C07041D9737BD09A4CB56255F9F184EC1756D51F1DE5BD33241DEFE61A6A8A22E7A642A3F4C09877C545586BC40FA92650DAB6E6DE6F4ECB2EC9E1C11380BFE438CC1BBE62899E4306CC141A374073079DB2998DF298FFECE36B5A3AB07A45E5FE54002A4B3DA0239C232B1A238694642B58CFA6E543904B4B27E2A919B02B736820B9FAD68787477D94229671C8EA766C18231E0AE40AD7451543AC210F339E3B44FABDCD6E506AD078E6A4744AA59747A394DA4113A5E054F18D267119043E69F3E30B121593305F2BB2D39E735175CAD65D34969FDACBDC1AF644763AFE8A0BC8E2D4EFECD2E089DEE9FDA55E8CF7200BFBC863829665E8F82D5D0DA6F74D8D8781679BC7F5DA657D35F6AEA4525EE66817633149B8906F57D811763306238943A511FB772D8B2C518814C1E0C6EEEAC6BE14E24F7493C0490B4CE7B98E04F65953ACDE4EAEF64636F8E887647B471F14153F5A7A88E699CB1B1523390D60F13509FB7CAF42257FC9080CA10BFB85B274B1570EDD7F3D978582E1FB3455C4EBAB344B4045E268BB535CAE21C05EAF516546226DE7648412382D4D735A7BD47CD0EDEBFC138E4E2829C4E45DFEA736C562C6DA571B810B3FB2FC341866E7B1810B01CF6C5587CA52D0964093187ABCFD826DB9D351783AA38E40DC78A90C9C31BF0991E67DB3E80D3C159EA7CB62215DF1BC4E449CC0D835D2BB4F5B74D11305B29E99A921D2F01E710EB4A44981A1401E537F1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\msls31.dll
c:\program files\WinPortrait\WinpHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-11-17 09:38:48
ComboFix-quarantined-files.txt 2011-11-17 08:38
ComboFix2.txt 2011-11-16 22:52
.
Před spuštěním: 7 375 376 384
Po spuštění: 7 349 186 560
.
- - End Of File - - 10BB77CF8EE5FA4DB6882EEE6CA37FBD

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:42:37, on 17.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: FastestTube BHO - {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - C:\Program Files\FastestTube\1.3.7\WombatBHO.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6534B3DB-B03C-461C-B72C-B24005265543}: NameServer = 77.237.128.2,77.237.128.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FsUsbExService - Unknown owner - C:\WINDOWS\system32\FsUsbExService.Exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/BOHOU~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 6787 bytes

http://www.virustotal.com/file-scan/rep ... 1321519356

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
http://www.edisk.cz/stahni/29485/T-Clea ... 8.5KB.html
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.

Jak to vypadá nyní , MSE něco hlásí?

MSE zatím nehlásí nic, V jeho historii je toto:

Nalezená položka úroveň výstrahy datum provedená akce
Trojaj:Win32/Sirefef.S – závažná - 7.11. 10:22 povoleno

Kategorie: Trojský kůň

Popis: Tento program je nebezpečný. Provádí příkazy zadané útočníkem.

Doporučená akce: Ihned tento software odeberte.

Program Security Essentials nalezl programy, které mohou vystavit nebezpečí vaše osobní údaje nebo poškodit počítač. Stále však můžete přistupovat k souborům, které tyto programy používají, aniž by je bylo nutné odebrat (nedoporučuje se). Chcete-li přistupovat k těmto souborům, zvolte akci Povolit a klikněte na tlačítko Provést akce. Není-li tato volba k dispozici, přihlaste se jako správce nebo požádejte o pomoc správce zabezpečení.

Položky:
file:C:\Documents and Settings\bohouš\Local Settings\Data aplikací\4702877c\U\800000cf.@

Další informace o této položce online.

A když se spustil po restartu PC tak tam hlásil toto:

Činnost systému byla obnovena po závažné chybě.

BCCode : 100000ce BCP1 : BA37AFB6 BCP2 : 00000008 BCP3 : BA37AFB6
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1
C:\DOCUME~1\BOHOU~1\LOCALS~1\Temp\WERe5e1.dir00\Mini111711-01.dmp
C:\DOCUME~1\BOHOU~1\LOCALS~1\Temp\WERe5e1.dir00\sysdata.xml

Stáhni si program OTM (by OldTimer)
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
C:\WINDOWS\System32\*.tmp 
C:\WINDOWS\*.tmp 
C:\WINDOWS\system32\*.tmp.dll 
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp 
c:\windows\Tasks\*.job 
C:\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Documents and Settings\bohouš\Local Settings\Data aplikací\4702877c\U\800000cf.@

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Stáhni si a nainstaluj WhoCrashed

otevři ho a klikni na Analyze.
Program vytvoří zprávu , zkopíruj celou a vlož prosím sem.

Omlouvám se za přerušení spolupráce ale byl jsem celý víkend v práci. OTM jsem stáhnul, zrestartovalo mi tzo PC a vyskákaly mi na plochu nějaký ikony od fotek s Picasa. WhoCrashed jsem stáhnul , na ploše programu je nějaký povídání s mnoha odkazy na stránky programu a když dám analyze tak mi to píše že mám rolovat dolů a něco potvrdit. Ale bohužel tam není co potvrdit. Tak nevím.Tedy pokud není ta zpráva toto:

--------------------------------------------------------------------------------
Welcome to WhoCrashed (HOME EDITION) v 3.03
--------------------------------------------------------------------------------

This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. If will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.

To obtain technical support visit www.resplendence.com/support

Click here to check if you have the latest version or if an update is available.

Just click the Analyze button for a comprehensible report ...

--------------------------------------------------------------------------------
Home Edition Notice
--------------------------------------------------------------------------------

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which also allows analysis of crashdumps on remote drives and computers on the network and offers a range of additional features.

Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.

--------------------------------------------------------------------------------
System Information (local)
--------------------------------------------------------------------------------

computer name: BOHOU-040C629BC
windows version: Windows XP Service Pack 3, 5.1, build: 2600
windows dir: C:\WINDOWS
CPU: GenuineIntel Intel(R) Pentium(R) 4 CPU 3.06GHz Intel586, level: 15
2 logical processors, active mask: 3
RAM: 2146938880 total
VM: 2147352576, free: 2048856064

--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

No valid crash dumps have been found on your computer

--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled but no valid crash dumps have been found. It may be that there are problems which prevent crash dumps from being written out. Check out the following article for possible causes: If crash dumps are not written out.

In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

Check out the following articles for more information: Troubleshooting sudden resets and shut downs.

Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

Log z OTM nemáš?
Koukni se do složky OTM:
C:\_OTM

Koukni se do :
C:\windows\minidump , zda je tam nějaký soubor.

PC-HELP.CZ

Prosím okontrolu logu

Prosím okontrolu logu

Re: Prosím okontrolu logu

Re: Prosím okontrolu logu

Re: Prosím okontrolu logu

Re: Prosím okontrolu logu

Re: Prosím okontrolu logu

Re: Prosím okontrolu logu

Re: Prosím okontrolu logu

Re: Prosím okontrolu logu

Re: Prosím okontrolu logu

Re: Prosím okontrolu logu

Re: Prosím okontrolu logu