Modrá smrť

[petergabor]

Zdravím Vás,
píšem po dlhšej dobe (našťastie všetko šlapalo ako hodinky) až doteraz:
PC chodí bez problémov, akurát v poslednej dobe vyhadzuje modrú smrť,
niekedy 2-krát za deň a niekedy 3 dni nič (PC sa používa každý deň od
rána do večera - autoservis). Kým pristúpim ku zisťovaniu chýb hardvéru
chcem poprosiť o kontrolu logu s RSITu:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Patrik Mihalik at 2010-08-05 14:40:11
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 138 GB (92%) free of 150 GB
Total RAM: 1791 MB (77% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-08-14 18702336]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
""= []
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-07-31 139264]

C:\Documents and Settings\Patrik Mihalik\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"
"C:\Program Files\Nero\Nero Sipps\Phone.exe"="C:\Program Files\Nero\Nero Sipps\Phone.exe:*:Enabled:Phone"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-05 14:40:11 ----D---- C:\rsit
2010-08-05 14:40:11 ----D---- C:\Program Files\trend micro
2010-08-05 14:38:37 ----ASH---- C:\pagefile.sys
2010-08-05 13:49:26 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-29 15:55:15 ----A---- C:\WINDOWS\CD_Start.INI

======List of files/folders modified in the last 1 months======

2010-08-05 14:40:11 ----RD---- C:\Program Files
2010-08-05 14:38:50 ----D---- C:\WINDOWS\Temp
2010-08-05 14:38:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-05 13:49:26 ----D---- C:\WINDOWS
2010-08-05 12:30:04 ----A---- C:\WINDOWS\win.ini
2010-08-05 10:58:19 ----D---- C:\WINDOWS\Prefetch
2010-08-05 10:23:48 ----D---- C:\ADCDA2
2010-08-04 16:52:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-03 11:49:17 ----D---- C:\Program Files\USB Oscilloscope
2010-08-03 10:50:54 ----D---- C:\WINDOWS\system32\drivers
2010-08-03 09:49:13 ----D---- C:\WINDOWS\system32
2010-08-03 09:49:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-30 19:10:43 ----SHD---- C:\System Volume Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2007-08-09 102400]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-08-20 691696]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-08-18 5884416]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-07-01 66688]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-07-01 13824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SNTNLUSB;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2009-09-17 38376]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 aa0ywr0f;aa0ywr0f; C:\WINDOWS\system32\drivers\aa0ywr0f.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 HSUsbOsc;USB HSAScope driver; C:\WINDOWS\System32\Drivers\HSUsbOsc.sys [2009-01-12 11158]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 autod;autod; C:\WINDOWS\system32\Autoserv.exe [2007-10-09 436736]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-07-31 720896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]

-----------------EOF-----------------




Antivír tu nie je...PC nie je pripojené k internetu.
Vopred dík za odpoveď..

[Rudy]

Antivír tu nie je...PC nie je pripojené k internetu.

Vážně? Vidím tam ale šmejda, kterého jste jinde než na internetu chytit nemohl. S BSOD může i nemusí souviset. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[petergabor]

NJN, som zabudol...pri prvom štarte som dal všetko aktualizovať, tak bol chvílu pripojený:L
Dneska to už nestihnem, ale zajtra to hneď urobím a pošlem log
Zatiaľ díky moc za váš čas

[Rudy]

Zatím nemáte zač!

[petergabor]

Zdravím,
tak spustil som Combofix a asi na 40.-45 stage hodilo BSOD.
Skúšal som vymeniť RAM-ku (funkčnú od kamaráta), ale bez výsledkov...to isté-BSOD.
Vedeli by ste mi ešte niečo poradiť??

A ešte niečo...keď začalo vyhadzovať modrú smrť, dal som skontrolovať HDD
pomocou CHKDSK a našlo nejakú chybu tá sa opravila..potom bez chýb.
Overil som to aj programom "Ariolic Disk Scanner 1.2".

Po Combofixu som skúšal aj preinštalovať Windows, no pri začatí samotnej inštalácie
hodilo modrú smrť -> typujem to na hardvér.

Za každú radu vopred ďakujem.

[Rudy]

Zkuste CF spustit v nouz. režimu.