Modrá smrt (prosím o radu)

agassi · Příspěvekod **agassi** » 11 led 2009 18:40

Ahoj,

pred dvema dny mi behem vecera 5x skocila modra smrt (kdyz jsem byl na netu + na compu otevreny nejake programy a pracoval s nimi).
Zalozil jsem topic, ale nedal k dispozici zadne udaje. Proto jsem zalozil novy s vysledkami testu.
PC mam: XP sp2/ AMD Athlon XP 1600+ 1,40GHz/ 512RAM
Pouzivam: NOD32,Kerio a comp cistim Ccleaner, Ad-ware. MemTest3.8 chybu nenasel.
Prikladam logy: HJT, Malwarebytes, MWAW.

Prosim, poradte mi.
Diky moc
Aleš

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:11, on 10.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.qr.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translator\WebIE.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translator\WebIE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Restore 'layout1.sl'.lnk = C:\Program Files\PACT Save Layout\sl.exe
O4 - Global Startup: PC Alert III.lnk = C:\Program Files\MSI\PC Alert III\alert.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Načítať použitie &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {5F509E42-537E-482B-B66C-145BC170054C} (FotoStarUploader Control) - http://sberna.fotostar.cz/snadno-vlozit ... loader.dll
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE7E8F23-609B-4345-B418-E4FD10526D8B}: NameServer = 10.93.0.1,10.93.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

--
End of file - 8498 bytes

-----------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.32
Database version: 1638
Windows 5.1.2600 Service Pack 2

10.1.2009 23:17:08
mbam-log-2009-01-10 (23-16-58).txt

Scan type: Quick Scan
Objects scanned: 52493
Time elapsed: 10 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------------------------------------------------------------------------------------------------
Objekt "Parentis Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "Parentis Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "Parentis Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "Parentis Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "Parentis Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "Parentis Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "Parentis Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "Parentis Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "Parentis Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!

Objekt "Parentis Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "Parentis Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "NULLBYTE Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "SmitFraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "Cheat Monitor Commercial KeyLogger" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "Cheat Monitor Commercial KeyLogger" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "Cheat Monitor Commercial KeyLogger" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "PersonalAntispy Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Reklama

Příspěvekod **jaro3** » 11 led 2009 20:29

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log + nový log z HJT.
log MWAV bez nálezu.

agassi · Příspěvekod **agassi** » 11 led 2009 22:11

Tak proveden rychlý scan.
Výsledky:

Malwarebytes' Anti-Malware 1.32
Database version: 1638
Windows 5.1.2600 Service Pack 2

11.1.2009 21:41:59
mbam-log-2009-01-11 (21-41-59).txt

Scan type: Quick Scan
Objects scanned: 52398
Time elapsed: 11 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:46, on 11.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.qr.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translator\WebIE.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translator\WebIE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Restore 'layout1.sl'.lnk = C:\Program Files\PACT Save Layout\sl.exe
O4 - Global Startup: PC Alert III.lnk = C:\Program Files\MSI\PC Alert III\alert.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Načítať použitie &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {5F509E42-537E-482B-B66C-145BC170054C} (FotoStarUploader Control) - http://sberna.fotostar.cz/snadno-vlozit ... loader.dll
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE7E8F23-609B-4345-B418-E4FD10526D8B}: NameServer = 10.93.0.1,10.93.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

--
End of file - 8923 bytes
-----------------------------------------------------------------------------------------------------------------------------------------

/odstraněny citace. memphisto

Příspěvekod **jaro3** » 12 led 2009 07:35

Nemusíš mě citovat , když odpovídáš v dalším příspěvku.
Můžeš provést ještě test HDD utilitou od výrobce.
Nejprve ještě otestujem na viry:
Vypni rez. ochranu u ESS.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

agassi · Příspěvekod **agassi** » 12 led 2009 18:30

Tak jsem provedl test a výsledek je tady :

ComboFix 09-01-11.04 - Administrator 2009-01-12 18:13:03.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.511.278 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
FW: Kerio Personal Firewall *disabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-12 do 2009-01-12 )))))))))))))))))))))))))))))))
.

2009-01-11 23:09 . 2009-01-11 23:09 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2009-01-11 23:08 . 2009-01-11 23:08 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-11 23:08 . 2009-01-11 23:08 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-11 23:08 . 2009-01-11 23:08 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2009-01-11 19:47 . 2009-01-12 11:14 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-10 22:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 22:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-10 22:36 . 2009-01-10 22:37 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-10 22:36 . 2009-01-10 22:36 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-10 22:22 . 2009-01-10 22:22 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2009-01-10 21:25 . 2009-01-11 14:57 54 --a------ c:\windows\Lic.xxx
2009-01-10 21:24 . 2009-01-10 21:24 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-01-10 21:24 . 2009-01-10 21:24 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-01-10 21:24 . 2009-01-10 21:24 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-01-10 21:24 . 2004-09-11 13:00 147,968 --a------ c:\windows\R.COM
2009-01-10 21:24 . 2004-09-11 13:00 137,216 --a------ c:\windows\system32\T.COM
2009-01-10 21:24 . 2009-01-10 21:24 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-01-10 21:24 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-01-10 17:55 . 2009-01-10 17:55 <DIR> d-------- c:\program files\Trend Micro
2009-01-09 19:12 . 2009-01-09 19:19 <DIR> d-------- c:\program files\RegCleaner
2009-01-06 20:54 . 2009-01-06 20:54 <DIR> d-------- c:\program files\JockerSoft
2009-01-05 22:41 . 2009-01-11 22:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SweetIM
2008-12-30 21:46 . 2008-12-30 21:46 <DIR> d-------- c:\program files\Codec Pack - All In 1
2008-12-30 21:38 . 2008-12-30 21:38 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Media Player Classic
2008-12-30 21:09 . 2008-12-30 21:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DVD Shrink
2008-12-30 21:08 . 2008-12-30 21:09 <DIR> d-------- c:\program files\DVD Shrink
2008-12-29 21:01 . 2008-12-29 21:05 2,097,152 --a------ c:\documents and settings\Administrator\Data aplikací\AUTORUN.BIN
2008-12-29 20:56 . 2008-12-29 21:01 1,469,952 --a------ c:\documents and settings\Administrator\Data aplikací\tsdnwin.dll
2008-12-28 12:06 . 2008-12-29 21:18 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-21 22:49 . 2008-12-21 22:49 <DIR> d-------- c:\program files\AbleMP3
2008-12-13 18:21 . 2008-12-13 18:21 <DIR> d-------- c:\program files\Exec
2008-12-13 18:21 . 2008-12-13 18:21 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Exec

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 16:51 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Skype
2009-01-12 16:48 --------- d-----w c:\documents and settings\Administrator\Data aplikací\skypePM
2009-01-12 16:45 196 ----a-w c:\windows\system32\drivers\ALCICH.DAT
2009-01-12 10:16 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-11 21:28 --------- d-----w c:\program files\Ashampoo
2009-01-06 20:22 --------- d-----w c:\documents and settings\Administrator\Data aplikací\BSplayer Pro
2009-01-05 20:58 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 15:22 --------- d-----w c:\program files\Zoner
2009-01-04 15:13 --------- d-----w c:\program files\CCleaner
2009-01-04 14:35 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Zoner
2009-01-04 10:46 --------- d-----w c:\program files\Strong DC++
2008-12-30 20:43 737,280 ----a-w c:\windows\iun6002.exe
2008-12-30 20:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\DivX
2008-12-28 11:06 --------- d-----w c:\program files\MyPhoneExplorer
2008-12-04 20:28 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Happy Foto
2008-12-04 18:51 699 ----a-w c:\documents and settings\Administrator\Data aplikací\mdbu.bin
2008-12-02 20:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\TomTom
2008-11-24 18:52 --------- d-----w c:\program files\JetAudio
2008-11-24 18:52 --------- d-----w c:\documents and settings\Administrator\Data aplikací\COWON
2008-11-23 15:04 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Ashampoo
2008-08-24 20:22 9 ----a-w c:\documents and settings\Administrator\Data aplikací\mdb.bin
2008-06-03 20:04 1,084 ----a-w c:\program files\RootCERT_Qican.cer
2008-06-03 20:03 905 ----a-w c:\program files\RootCERT_NewSica.cer
2007-11-29 06:53 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2007-10-01 18:21 491,520 ----a-w c:\documents and settings\Administrator\Data aplikací\WebIE.dll
2007-10-01 18:21 45,056 ----a-w c:\documents and settings\Administrator\Data aplikací\TRNOEH.DLL
2007-10-01 18:21 352,256 ----a-w c:\documents and settings\Administrator\Data aplikací\TrnOutl.dll
2007-10-01 18:21 299,008 ----a-w c:\documents and settings\Administrator\Data aplikací\TrnWord.dll
2007-10-01 18:21 26,624 ----a-w c:\documents and settings\Administrator\Data aplikací\OETRN.EXE
2007-10-01 18:21 200,704 ----a-w c:\documents and settings\Administrator\Data aplikací\TRNOET.DLL
2007-04-15 14:51 81,920 ----a-w c:\documents and settings\Administrator\Data aplikací\ezpinst.exe
2007-04-15 14:51 47,360 ----a-w c:\documents and settings\Administrator\Data aplikací\pcouffin.sys
2004-02-28 23:29 263,168 ----a-w c:\program files\co bezi po startu xp oken.exe
2001-10-12 08:53 13,173,833 ----a-w c:\program files\6380(v2.1).pdf
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w c:\windows\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w c:\windows\system32\VistaUltm.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"SoundMan"="soundman.exe" [2001-05-29 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2005-04-01 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-11 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Restore 'layout1.sl'.lnk - c:\program files\PACT Save Layout\sl.exe [2005-08-25 43520]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PC Alert III.lnk - c:\program files\MSI\PC Alert III\alert.exe [2005-08-25 1774080]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1029
"Name of App"=c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe r
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-06-21 270336]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2005-05-30 53248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730pt.sys [2006-05-13 102976]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [2006-05-13 23376]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-09-11 69120]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 CFH6S17I;CFH6S17I;c:\windows\system32\drivers\HFNX8986.sys [2006-10-10 28224]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R4 RH9GH48R;RH9GH48R;c:\windows\system32\drivers\USU9J9LN.sys [2006-08-31 28288]
R4 RUI6J4PM;RUI6J4PM;c:\windows\system32\drivers\CG8T9586.sys [2006-10-22 28384]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2005-08-30 17408]
S3 LifeView_USBDVBT;LVUSB Service;c:\windows\system32\drivers\LVUSB_TX.sys [2006-06-13 24704]
S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\system32\drivers\ma730c.sys [2006-05-13 154624]
S3 OMCdrv;OMCdrv;\??\c:\windows\System32\Drivers\OMCdrv.sys --> c:\windows\System32\Drivers\OMCdrv.sys [?]
S3 rockusb;Driver for rockusb Device;c:\windows\system32\drivers\rockusb.sys [2006-03-22 73984]
S3 V0010bVd;Creative WebCam Vista #2;c:\windows\system32\drivers\V0010bVd.sys [2005-08-26 186551]
S4 LVEzLoader;LifeView EZ-USB FX2 FIRMWARE LOADER (LVEzLD06.sys);c:\windows\system32\drivers\LVEzLD06.sys [2006-06-13 15360]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCAlertDriver

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8626dda9-c0ac-11dd-b053-000102da6838}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-01-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []

2009-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.qr.cz/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.05\AMVConverter\grab.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.05\MediaManager\grab.html
IE: Načítať použitie &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translator\WebIE.dll
TCP: {BE7E8F23-609B-4345-B418-E4FD10526D8B} = 10.93.0.1,10.93.0.2

c:\windows\Downloaded Program Files\FotoStarPhotoUploader.dll - O16 -: {5F509E42-537E-482B-B66C-145BC170054C}
hxxp://sberna.fotostar.cz/snadno-vlozit ... loader.dll

c:\windows\Downloaded Program Files\axhost.dll - O16 -: {87056D28-9730-4A47-B9F9-7E890B62C58A}
hxxp://www.shockwave.com/content/tumblebugs/axhost.cab
c:\windows\Downloaded Program Files\axhost.inf
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\objn02yq.default\
FF - prefs.js: browser.search.selectedEngine - BS.Player Search
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 18:18:34
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ICQ = "c:\program files\ICQ6\ICQ.exe" silent?C

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:86,7f,9b,47,09,76,d2,71,c9,cd,ec,82,e1,43,ef,7b,6d,15,77,c3,4b,e8,10,
9f,7b,29,cc,52,00,2e,aa,31,56,83,6d,2a,ba,f9,a2,28,14,1b,31,91,d9,61,21,ec,\
"??"=hex:e4,0a,7c,ea,05,75,12,e4,20,42,8d,09,33,c8,fb,fa

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,a7,aa,ea,88,54,
65,14,8f,c8,28,51,af,b0,29,a3,98,cb,f0,16,ca,09,69,06,75,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,6f,58,0b,9c,ac,
50,6c,ee,71,3b,04,66,8b,46,0d,96,a3,9d,bc,ba,fb,2d,74,37,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,68,2c,65,86,b1,
ef,38,bc,25,da,ec,7e,55,20,c9,26,6e,bd,36,99,6a,e7,8b,78,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,cb,80,96,6f,f3,
33,a9,a1,3e,1e,9e,e0,57,5a,93,61,f6,6f,6c,56,58,96,40,0e,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,d7,ac,6a,a0,b0,
10,bd,6d,cd,44,cd,b9,a6,33,6c,cd,8b,fd,7e,36,6e,22,21,dd,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,8b,18,46,72,6b,
54,82,85,b0,18,ed,a7,3f,8d,37,a4,b0,da,2f,ea,23,14,af,8a,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,0c,ac,b5,8c,62,
37,3c,a0,31,77,e1,ba,b1,f8,68,02,26,b5,56,a2,e3,0b,d8,15,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,83,0b,dc,b3,d0,
f2,8f,b6,83,6c,56,8b,a0,85,96,ab,6e,4b,9d,37,b5,d1,f8,29,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,1f,75,e7,a0,46,
28,27,85,51,fa,6e,91,28,9e,14,cc,f4,f2,77,4d,24,7d,00,ec,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,4d,11,0e,7d,81,
ac,fb,a4,b1,cd,45,5a,a8,c4,f8,b9,3f,2a,5f,f9,d1,c1,2f,8d,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,1b,e8,79,0d,e6,
6f,db,d4,e3,0e,66,d5,eb,bc,2f,6b,67,e3,e0,dc,81,17,8c,b9,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,10,ae,74,c3,e5,
05,39,a4,fa,ea,66,7f,d4,3b,6b,70,21,48,70,55,77,95,b8,8d,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="BEED1FB7707199D138A831FC6241FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A6171C11EC38DE3DBA7FD869164D679459428C2816B7410F7DA423A64FF634CC09A2044059A542CAA3C878546AB07AE5B8F02D26D7B4A5CEF1BBC89A61A3E8B9D35C12478A2EF44B55ACA94A088940E09B9749F936FBD82038D0A2E1A540C162F85EBF0B36B7636552707B1F4263874DC80B094ED43D66FD7BFB0B1178D3CB3F30A4B5AF923B3D2C791589A3C74EBFFCE7F09840FCBEA0994E285D33DD77577C9281214BF949F3EB8E71711B6C6E9B7885C4A6E01AD9995427957B46F8D9F97B1E1835696B843D20382ED5BDA97B92F61154E5B4BF7BA9C65D58C9BA16BC8C4F37E127080A2414FB03C85FB61AC1E06ADFC2103421A4EDBC3058307922F62D41222B301C9C74B5645D1436287DA283F22A88DF4D976B4535BE509A5A2F733BCD0B160E0B8E5325F11BB50A25B891BF688CED14E02178D4E311D1FC2C722F5DA6FE958231ED3527F273278DB453979A54879272445C0985B08FBEC7B0C6BDFCAE71F4535CED21C7E902B6F7D37850E0F57EE940408F6E81B687CF779EA9C3467E37CE4A50E532D38A4784827279EA21403AB94B11238DBAC4A911069FBCFD2AE38C13B4C251965E3F24096CF4C8ADAED7E89EE0E825E0E35F8C6274D0C6385F5E0F8963E04D133D26E28BF9B1FEEF2099180557EC4475763EA8F5C8C4B0D55CA2C0C9AE489EFE8A10AB2BEE76D81E51133EB0843458EBAE4CDBD50B8288CBE119883FEC0C2AC4248211581983B439E106323844CD57790B2AE6DB470302276EDE322C7EB37C642C3704DA448B96D3B3E9B287F6BA6067CFA970B80F34EF0447C3E825C23A4371899B5E4B4437A817EEE9DDDB006E32140753016F75F8CD15764D4191A10E5391E5515997702233BFFD6239C84653B4EEFBE106D915A6BA21C93231B08392A1012F2D9581A25DA99D90E72C35B6C56EFEBDC6D12189877682D0E09311551F4A8F173A161FB9EB1D951A4084DB3F970DDC222398C673D9682761F9A5980A7F8B2015B5C15A18C5479F5066F1CA550DE1B541CF741E784F1A9094CF8B0097EF482A630FE4EFA45783C62F0809E56FDE60CAF5D8E1CE408D39D5C7ECC954F5A687B77E6E2EF14A01D0AC7687C1E20A3B23F0607C4455763096219B0E4CF5A44874692AAB3147F616D48529FBF94D25C1E59365AE5F7FCD432A31F5A1E098A3F05DF1EAD465291E60D6998DB06F04C2880AACAD18DBF37AC90D5880CD3946F930B5998CABA62536994244AF23C838EB191450A49249283539FC7B26EAECDB318894BA9DA5B41CB9722777DD850E732B6FAEA27A2E18E7B8FCDB179985760A55F0B4C3EDEC3145A70F39B5ACBFAA0E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2009-01-12 18:22:10
ComboFix-quarantined-files.txt 2009-01-12 17:22:06

Před spuštěním: Volných bajtů: 32 753 442 816
Po spuštění: Volných bajtů: 32,756,879,360

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

286

Příspěvekod **jaro3** » 12 led 2009 20:03

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\eEmpty.exe
c:\windows\Lic.xxx
c:\windows\R.COM
c:\windows\system32\T.COM

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\program files\Exec
c:\documents and settings\All Users\Data aplikací\Exec
c:\documents and settings\Administrator\Data aplikací\TRNOEH.DLL
c:\documents and settings\Administrator\Data aplikací\TRNOET.DLL
c:\windows\system32\Smab0.dll
c:\windows\system32\drivers\USU9J9LN.sys
c:\windows\system32\drivers\CG8T9586.sys
c:\windows\System32\Drivers\OMCdrv.sys
Vlož sem potom odkazy výsledků.

agassi · Příspěvekod **agassi** » 12 led 2009 22:13

ComboFix 09-01-11.04 - Administrator 2009-01-12 21:07:49.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.511.267 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
FW: Kerio Personal Firewall *disabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\Lic.xxx
c:\windows\R.COM
c:\windows\system32\eEmpty.exe
c:\windows\system32\T.COM
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Lic.xxx
c:\windows\R.COM
c:\windows\system32\eEmpty.exe
c:\windows\system32\T.COM

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-12 do 2009-01-12 )))))))))))))))))))))))))))))))
.

2009-01-11 23:09 . 2009-01-11 23:09 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2009-01-11 23:08 . 2009-01-11 23:08 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-11 23:08 . 2009-01-11 23:08 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-11 23:08 . 2009-01-11 23:08 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2009-01-11 19:47 . 2009-01-12 11:14 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-10 22:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 22:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-10 22:36 . 2009-01-10 22:37 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-10 22:36 . 2009-01-10 22:36 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-10 22:22 . 2009-01-10 22:22 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2009-01-10 21:24 . 2009-01-10 21:24 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-01-10 21:24 . 2009-01-10 21:24 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-01-10 21:24 . 2009-01-10 21:24 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-01-10 21:24 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-01-10 17:55 . 2009-01-10 17:55 <DIR> d-------- c:\program files\Trend Micro
2009-01-09 19:12 . 2009-01-09 19:19 <DIR> d-------- c:\program files\RegCleaner
2009-01-06 20:54 . 2009-01-06 20:54 <DIR> d-------- c:\program files\JockerSoft
2009-01-05 22:41 . 2009-01-11 22:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SweetIM
2008-12-30 21:46 . 2008-12-30 21:46 <DIR> d-------- c:\program files\Codec Pack - All In 1
2008-12-30 21:38 . 2008-12-30 21:38 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Media Player Classic
2008-12-30 21:09 . 2008-12-30 21:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DVD Shrink
2008-12-30 21:08 . 2008-12-30 21:09 <DIR> d-------- c:\program files\DVD Shrink
2008-12-29 21:01 . 2008-12-29 21:05 2,097,152 --a------ c:\documents and settings\Administrator\Data aplikací\AUTORUN.BIN
2008-12-29 20:56 . 2008-12-29 21:01 1,469,952 --a------ c:\documents and settings\Administrator\Data aplikací\tsdnwin.dll
2008-12-28 12:06 . 2008-12-29 21:18 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-21 22:49 . 2008-12-21 22:49 <DIR> d-------- c:\program files\AbleMP3
2008-12-13 18:21 . 2008-12-13 18:21 <DIR> d-------- c:\program files\Exec
2008-12-13 18:21 . 2008-12-13 18:21 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Exec

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 20:04 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Skype
2009-01-12 19:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\skypePM
2009-01-12 19:08 196 ----a-w c:\windows\system32\drivers\ALCICH.DAT
2009-01-12 10:16 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-11 21:28 --------- d-----w c:\program files\Ashampoo
2009-01-06 20:22 --------- d-----w c:\documents and settings\Administrator\Data aplikací\BSplayer Pro
2009-01-05 20:58 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 15:22 --------- d-----w c:\program files\Zoner
2009-01-04 15:13 --------- d-----w c:\program files\CCleaner
2009-01-04 14:35 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Zoner
2009-01-04 10:46 --------- d-----w c:\program files\Strong DC++
2008-12-30 20:43 737,280 ----a-w c:\windows\iun6002.exe
2008-12-30 20:43 --------- d-----w c:\documents and settings\Administrator\Data aplikací\DivX
2008-12-28 11:06 --------- d-----w c:\program files\MyPhoneExplorer
2008-12-04 20:28 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Happy Foto
2008-12-04 18:51 699 ----a-w c:\documents and settings\Administrator\Data aplikací\mdbu.bin
2008-12-02 20:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\TomTom
2008-11-24 18:52 --------- d-----w c:\program files\JetAudio
2008-11-24 18:52 --------- d-----w c:\documents and settings\Administrator\Data aplikací\COWON
2008-11-23 15:04 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Ashampoo
2008-08-24 20:22 9 ----a-w c:\documents and settings\Administrator\Data aplikací\mdb.bin
2008-06-03 20:04 1,084 ----a-w c:\program files\RootCERT_Qican.cer
2008-06-03 20:03 905 ----a-w c:\program files\RootCERT_NewSica.cer
2007-11-29 06:53 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2007-10-01 18:21 491,520 ----a-w c:\documents and settings\Administrator\Data aplikací\WebIE.dll
2007-10-01 18:21 45,056 ----a-w c:\documents and settings\Administrator\Data aplikací\TRNOEH.DLL
2007-10-01 18:21 352,256 ----a-w c:\documents and settings\Administrator\Data aplikací\TrnOutl.dll
2007-10-01 18:21 299,008 ----a-w c:\documents and settings\Administrator\Data aplikací\TrnWord.dll
2007-10-01 18:21 26,624 ----a-w c:\documents and settings\Administrator\Data aplikací\OETRN.EXE
2007-10-01 18:21 200,704 ----a-w c:\documents and settings\Administrator\Data aplikací\TRNOET.DLL
2007-04-15 14:51 81,920 ----a-w c:\documents and settings\Administrator\Data aplikací\ezpinst.exe
2007-04-15 14:51 47,360 ----a-w c:\documents and settings\Administrator\Data aplikací\pcouffin.sys
2004-02-28 23:29 263,168 ----a-w c:\program files\co bezi po startu xp oken.exe
2001-10-12 08:53 13,173,833 ----a-w c:\program files\6380(v2.1).pdf
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w c:\windows\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w c:\windows\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-12_18.19.45,04 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-12 16:51:08 73,416 ----a-w c:\windows\system32\perfc005.dat
+ 2009-01-12 19:13:34 73,416 ----a-w c:\windows\system32\perfc005.dat
- 2009-01-12 16:51:08 62,480 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-12 19:13:34 62,480 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-12 16:51:08 398,746 ----a-w c:\windows\system32\perfh005.dat
+ 2009-01-12 19:13:34 398,746 ----a-w c:\windows\system32\perfh005.dat
- 2009-01-12 16:51:08 401,200 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-12 19:13:34 401,200 ----a-w c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"SoundMan"="soundman.exe" [2001-05-29 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2005-04-01 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-11 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Restore 'layout1.sl'.lnk - c:\program files\PACT Save Layout\sl.exe [2005-08-25 43520]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PC Alert III.lnk - c:\program files\MSI\PC Alert III\alert.exe [2005-08-25 1774080]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1029
"Name of App"=c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe r
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-06-21 270336]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2005-05-30 53248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730pt.sys [2006-05-13 102976]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [2006-05-13 23376]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-09-11 69120]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 CFH6S17I;CFH6S17I;c:\windows\system32\drivers\HFNX8986.sys [2006-10-10 28224]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R4 RH9GH48R;RH9GH48R;c:\windows\system32\drivers\USU9J9LN.sys [2006-08-31 28288]
R4 RUI6J4PM;RUI6J4PM;c:\windows\system32\drivers\CG8T9586.sys [2006-10-22 28384]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2005-08-30 17408]
S3 LifeView_USBDVBT;LVUSB Service;c:\windows\system32\drivers\LVUSB_TX.sys [2006-06-13 24704]
S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\system32\drivers\ma730c.sys [2006-05-13 154624]
S3 OMCdrv;OMCdrv;\??\c:\windows\System32\Drivers\OMCdrv.sys --> c:\windows\System32\Drivers\OMCdrv.sys [?]
S3 rockusb;Driver for rockusb Device;c:\windows\system32\drivers\rockusb.sys [2006-03-22 73984]
S3 V0010bVd;Creative WebCam Vista #2;c:\windows\system32\drivers\V0010bVd.sys [2005-08-26 186551]
S4 LVEzLoader;LifeView EZ-USB FX2 FIRMWARE LOADER (LVEzLD06.sys);c:\windows\system32\drivers\LVEzLD06.sys [2006-06-13 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8626dda9-c0ac-11dd-b053-000102da6838}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-01-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []

2009-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.qr.cz/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.05\AMVConverter\grab.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.05\MediaManager\grab.html
IE: Načítať použitie &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translator\WebIE.dll
TCP: {BE7E8F23-609B-4345-B418-E4FD10526D8B} = 10.93.0.1,10.93.0.2

c:\windows\Downloaded Program Files\FotoStarPhotoUploader.dll - O16 -: {5F509E42-537E-482B-B66C-145BC170054C}
hxxp://sberna.fotostar.cz/snadno-vlozit ... loader.dll

c:\windows\Downloaded Program Files\axhost.dll - O16 -: {87056D28-9730-4A47-B9F9-7E890B62C58A}
hxxp://www.shockwave.com/content/tumblebugs/axhost.cab
c:\windows\Downloaded Program Files\axhost.inf
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\objn02yq.default\
FF - prefs.js: browser.search.selectedEngine - BS.Player Search
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 21:13:11
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ICQ = "c:\program files\ICQ6\ICQ.exe" silent?C

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:86,7f,9b,47,09,76,d2,71,c9,cd,ec,82,e1,43,ef,7b,6d,15,77,c3,4b,e8,10,
9f,7b,29,cc,52,00,2e,aa,31,56,83,6d,2a,ba,f9,a2,28,14,1b,31,91,d9,61,21,ec,\
"??"=hex:e4,0a,7c,ea,05,75,12,e4,20,42,8d,09,33,c8,fb,fa

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,a7,aa,ea,88,54,
65,14,8f,c8,28,51,af,b0,29,a3,98,cb,f0,16,ca,09,69,06,75,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,6f,58,0b,9c,ac,
50,6c,ee,71,3b,04,66,8b,46,0d,96,a3,9d,bc,ba,fb,2d,74,37,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,68,2c,65,86,b1,
ef,38,bc,25,da,ec,7e,55,20,c9,26,6e,bd,36,99,6a,e7,8b,78,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,cb,80,96,6f,f3,
33,a9,a1,3e,1e,9e,e0,57,5a,93,61,f6,6f,6c,56,58,96,40,0e,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,d7,ac,6a,a0,b0,
10,bd,6d,cd,44,cd,b9,a6,33,6c,cd,8b,fd,7e,36,6e,22,21,dd,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,8b,18,46,72,6b,
54,82,85,b0,18,ed,a7,3f,8d,37,a4,b0,da,2f,ea,23,14,af,8a,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,0c,ac,b5,8c,62,
37,3c,a0,31,77,e1,ba,b1,f8,68,02,26,b5,56,a2,e3,0b,d8,15,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,83,0b,dc,b3,d0,
f2,8f,b6,83,6c,56,8b,a0,85,96,ab,6e,4b,9d,37,b5,d1,f8,29,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,1f,75,e7,a0,46,
28,27,85,51,fa,6e,91,28,9e,14,cc,f4,f2,77,4d,24,7d,00,ec,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,4d,11,0e,7d,81,
ac,fb,a4,b1,cd,45,5a,a8,c4,f8,b9,3f,2a,5f,f9,d1,c1,2f,8d,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,1b,e8,79,0d,e6,
6f,db,d4,e3,0e,66,d5,eb,bc,2f,6b,67,e3,e0,dc,81,17,8c,b9,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,10,ae,74,c3,e5,
05,39,a4,fa,ea,66,7f,d4,3b,6b,70,21,48,70,55,77,95,b8,8d,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="BEED1FB7707199D138A831FC6241FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A6171C11EC38DE3DBA7FD869164D679459428C2816B7410F7DA423A64FF634CC09A2044059A542CAA3C878546AB07AE5B8F02D26D7B4A5CEF1BBC89A61A3E8B9D35C12478A2EF44B55ACA94A088940E09B9749F936FBD82038D0A2E1A540C162F85EBF0B36B7636552707B1F4263874DC80B094ED43D66FD7BFB0B1178D3CB3F30A4B5AF923B3D2C791589A3C74EBFFCE7F09840FCBEA0994E285D33DD77577C9281214BF949F3EB8E71711B6C6E9B7885C4A6E01AD9995427957B46F8D9F97B1E1835696B843D20382ED5BDA97B92F61154E5B4BF7BA9C65D58C9BA16BC8C4F37E127080A2414FB03C85FB61AC1E06ADFC2103421A4EDBC3058307922F62D41222B301C9C74B5645D1436287DA283F22A88DF4D976B4535BE509A5A2F733BCD0B160E0B8E5325F11BB50A25B891BF688CED14E02178D4E311D1FC2C722F5DA6FE958231ED3527F273278DB453979A54879272445C0985B08FBEC7B0C6BDFCAE71F4535CED21C7E902B6F7D37850E0F57EE940408F6E81B687CF779EA9C3467E37CE4A50E532D38A4784827279EA21403AB94B11238DBAC4A911069FBCFD2AE38C13B4C251965E3F24096CF4C8ADAED7E89EE0E825E0E35F8C6274D0C6385F5E0F8963E04D133D26E28BF9B1FEEF2099180557EC4475763EA8F5C8C4B0D55CA2C0C9AE489EFE8A10AB2BEE76D81E51133EB0843458EBAE4CDBD50B8288CBE119883FEC0C2AC4248211581983B439E106323844CD57790B2AE6DB470302276EDE322C7EB37C642C3704DA448B96D3B3E9B287F6BA6067CFA970B80F34EF0447C3E825C23A4371899B5E4B4437A817EEE9DDDB006E32140753016F75F8CD15764D4191A10E5391E5515997702233BFFD6239C84653B4EEFBE106D915A6BA21C93231B08392A1012F2D9581A25DA99D90E72C35B6C56EFEBDC6D12189877682D0E09311551F4A8F173A161FB9EB1D951A4084DB3F970DDC222398C673D9682761F9A5980A7F8B2015B5C15A18C5479F5066F1CA550DE1B541CF741E784F1A9094CF8B0097EF482A630FE4EFA45783C62F0809E56FDE60CAF5D8E1CE408D39D5C7ECC954F5A687B77E6E2EF14A01D0AC7687C1E20A3B23F0607C4455763096219B0E4CF5A44874692AAB3147F616D48529FBF94D25C1E59365AE5F7FCD432A31F5A1E098A3F05DF1EAD465291E60D6998DB06F04C2880AACAD18DBF37AC90D5880CD3946F930B5998CABA62536994244AF23C838EB191450A49249283539FC7B26EAECDB318894BA9DA5B41CB9722777DD850E732B6FAEA27A2E18E7B8FCDB179985760A55F0B4C3EDEC3145A70F39B5ACBFAA0E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2009-01-12 21:16:48
ComboFix-quarantined-files.txt 2009-01-12 20:16:43
ComboFix2.txt 2009-01-12 17:22:20

Před spuštěním: Volných bajtů: 32 748 589 056
Po spuštění: Volných bajtů: 32,742,662,144

298

-----------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:20, on 12.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.qr.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translator\WebIE.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translator\WebIE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Restore 'layout1.sl'.lnk = C:\Program Files\PACT Save Layout\sl.exe
O4 - Global Startup: PC Alert III.lnk = C:\Program Files\MSI\PC Alert III\alert.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Načítať použitie &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {5F509E42-537E-482B-B66C-145BC170054C} (FotoStarUploader Control) - http://sberna.fotostar.cz/snadno-vlozit ... loader.dll
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE7E8F23-609B-4345-B418-E4FD10526D8B}: NameServer = 10.93.0.1,10.93.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

--
End of file - 8656 bytes

-----------------------------------------------------------------------------------------------------------------------------------------
Testováno na Virustotal :

http://www.virustotal.com/vt/cs/recepcion?ce72e470765262daf7be59d48231111d
http://www.virustotal.com/vt/cs/recepcion?b5bddfd98f36d6de58729d8c5018db0b
http://www.virustotal.com/cs/analisis/533b2d5d437a435bac2884795676a4e3
http://www.virustotal.com/cs/analisis/87b3ff7a65b4391c05a28e9afbb40f1c
http://www.virustotal.com/cs/analisis/261a664bcfa1eaf0490dc376ba36e9bc
http://www.virustotal.com/cs/analisis/425af5cc7d6c8339ca1e18d586338750
http://www.virustotal.com/cs/analisis/81fb9f87c8719971f2cb86551f202e2a
http://www.virustotal.com/vt/cs/recepcion?fe98f2721c59f8ad18cfe27866c36ff7

Příspěvekod **jaro3** » 13 led 2009 08:27

Odkazy č.1,2 a 8 nefungují , jestli tam nic nebylo, jen napiš.

agassi · Příspěvekod **agassi** » 13 led 2009 08:54

U odkazů 1,2 a 8 mi to napsalo tu hlášku co jsem ti poslal.
1 a 2 odkaz patří k programu Heysmilestudio.

Příspěvekod **jaro3** » 13 led 2009 10:26

Tedy vše bez závad , ten eSafe to píše často..
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a RegCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Nainstaluj si javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Napiš zda pokračuje BSOD ( modrá smrt.)

agassi · Příspěvekod **agassi** » 13 led 2009 13:26

Ahoj,soubory fixnuty a tady ještě posílám výsledek HJT po opravě :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:56, on 13.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\soundman.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.qr.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translator\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translator\WebIE.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Restore 'layout1.sl'.lnk = C:\Program Files\PACT Save Layout\sl.exe
O4 - Global Startup: PC Alert III.lnk = C:\Program Files\MSI\PC Alert III\alert.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Načítať použitie &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {5F509E42-537E-482B-B66C-145BC170054C} (FotoStarUploader Control) - http://sberna.fotostar.cz/snadno-vlozit ... loader.dll
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE7E8F23-609B-4345-B418-E4FD10526D8B}: NameServer = 10.93.0.1,10.93.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

--
End of file - 7928 bytes

Ostatní udělám až večer....
Díky moc za všechno. :bigups:

Příspěvekod **jaro3** » 13 led 2009 13:45

Log O.K.
Takže pokud se BSOD ještě objevuje, bude to nejspíš kvůli HW , zkus teploty a napětí.
Ale nejdříve zkontroluj HDD utilitou od výrobce, případně zadej téma sekce problémy s HW.
může se jednat i o poškození win, dá se opravit, napiš.

Modrá smrt (prosím o radu) Vyřešeno

Modrá smrt (prosím o radu)

Re: Modrá smrt (prosím o radu)

Re: Modrá smrt (prosím o radu)

Re: Modrá smrt (prosím o radu)

Re: Modrá smrt (prosím o radu)

Re: Modrá smrt (prosím o radu)

Re: Modrá smrt (prosím o radu)

Re: Modrá smrt (prosím o radu)

Re: Modrá smrt (prosím o radu)

Re: Modrá smrt (prosím o radu)

Re: Modrá smrt (prosím o radu)

Re: Modrá smrt (prosím o radu)

Kdo je online