KERNEL_DATA_INPAGE_ERROR

[Osud]

Dobrý den.
Předem chci říci že jsem prošel vaše fórum a zároveň hledal na webu několik hodin ale přes všechnu moji snahu a rady se mi problém nepodařilo vyřešit.
Pc mam asi 6 let staré. Win XP prof. Pc se mi vypínalo a nemohl jsem příjit na to proč. Po otevření bedny jsem vyčistil vše nakonec byl problém v zaseknutém větráčku u grafické karty vyčistil a funguje. nainstaloval jsem nové win XP se SP3. + zakládní drivery a hned se objevil problém se samovolným restartem PC. Pročetl fora zakázal restart a objevila se tato hláška KERNEL_DATA_INPAGE_ERROR.
Přehodil jsem stránkovácí soubor na jinou jednotku(prázdnou). Vyčistil bednu, updatoval všechny ovladače, stahl aktualizace Win. Nic nepomohlo. Máte pro mě nějakou radu co by se dalo udělat?
KERNEL_DATA_INPAGE_ERROR
0x0000007A (0xC0712E30,0xC000009C,0xE25C6724,0x4EE518C0)

Rovnou přikládám log z HJT. Děkuji za případné rady.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:55:31, on 24.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
E:\Program\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Program\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
E:\Program\AVG\AVG10\avgwdsvc.exe
E:\Program\AVG\AVG10\avgtray.exe
E:\Program\MSI\Live Update 5\LU5.exe
E:\Program\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Program\VIA\RAID\vialogsv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
E:\Program\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Documents and Settings\Mario\Local Settings\Apps\2.0\MCCX541A.E2A\A96ALKA4.Q9Y\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
E:\Program\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
E:\Program\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
E:\Program\AVG\AVG10\avgnsx.exe
E:\Program\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Program\Mozilla Firefox\plugin-container.exe
E:\Program\AVG\AVG10\avgrsx.exe
E:\Program\AVG\AVG10\avgcsrvx.exe
E:\Program\Secunia\PSI\PSI_TRAY.exe
E:\Program\Secunia\PSI\PSIA.exe
C:\Documents and Settings\Mario\Dokumenty\Stažené soubory\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program\AVG\AVG10\avgssie.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [StartCCC] "E:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_TRAY] E:\Program\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Live Update 5] E:\Program\MSI\Live Update 5\LU5.exe /reminder
O4 - HKLM\..\Run: [EvtMgr6] E:\Program\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Logitech . Registrace produktu.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Secunia PSI Tray.lnk = E:\Program\Secunia\PSI\psi_tray.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: RailNotification - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - E:\Program\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - E:\Program\AVG\AVG10\avgwdsvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Secunia PSI Agent - Secunia - E:\Program\Secunia\PSI\PSIA.exe
O23 - Service: VRAID Log Service - Unknown owner - E:\Program\VIA\RAID\vialogsv.exe

--
End of file - 6097 bytes


Zkusil jsem Secunia. žadný problém nedetekovala.

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim

na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle

toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte

spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri

prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho

rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu

pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Pro práci s ComboFix budete muset dočasně odinstalovat AVG.

[Osud]

nedaří se mi odinstalovat AVG

[Osud]

tady je ten log z Combofix

ComboFix 11-05-24.01 - Mario 24.05.2011 23:36:43.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1278.937 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mario\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-24 do 2011-05-24 )))))))))))))))))))))))))))))))
.
.
2011-05-24 19:47 . 2011-05-24 19:47 -------- d-----w- e:\program\Secunia
2011-05-24 18:58 . 2011-05-24 18:58 -------- d-----w- e:\program\Realtek AC97
2011-05-24 18:45 . 2011-05-24 18:45 -------- d-----w- e:\program\VIA
2011-05-24 18:43 . 2011-05-24 18:43 -------- d-----w- e:\program\Realtek
2011-05-24 18:40 . 2011-05-24 18:40 -------- d-----w- e:\program\Logitech
2011-05-24 18:39 . 2011-05-24 18:39 -------- d-----w- e:\program\AMD
2011-05-24 18:39 . 2011-05-24 18:43 -------- d--h--w- e:\program\InstallShield Installation Information
2011-05-24 18:31 . 2011-05-24 18:31 -------- d-----w- e:\program\Driver-Soft
2011-05-24 18:20 . 2011-05-24 18:20 -------- d-----w- e:\program\Microsoft Windows 7 Upgrade Advisor
2011-05-24 09:58 . 2011-05-24 09:58 -------- d-----w- e:\program\Microsoft Silverlight
2011-05-24 09:23 . 2011-05-24 09:23 -------- d-----w- e:\program\CPUID
2011-05-24 09:23 . 2011-05-24 09:23 -------- d-----w- e:\program\Ask.com
2011-05-24 09:01 . 2011-05-24 09:01 -------- d-----w- e:\program\Alcohol Soft
2011-05-23 18:47 . 2011-05-23 18:48 -------- d-----w- e:\program\K-Lite Codec Pack
2011-05-23 11:32 . 2011-05-23 11:32 -------- d-----w- e:\program\AMD APP
2011-05-23 11:31 . 2011-05-23 11:32 -------- d-----w- e:\program\ATI Technologies
2011-05-23 11:31 . 2011-05-23 11:31 -------- d-----w- e:\program\ATI
2011-05-23 11:30 . 2011-05-23 11:30 -------- d-----w- C:\ATI
2011-05-23 11:24 . 2011-05-23 11:24 -------- d-----w- e:\program\MSI
2011-05-19 20:28 . 2011-05-24 21:22 -------- d-----w- e:\program\AVG
2011-05-19 20:17 . 2011-05-19 20:18 -------- d-----w- e:\program\Winamp
2011-05-19 20:07 . 2011-05-19 20:07 -------- d-----w- C:\paragon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 02:41 . 2008-01-10 05:40 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:02 . 2008-01-10 03:06 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2008-01-10 02:46 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:45 . 2008-01-10 02:35 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44 . 2008-01-10 02:58 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44 . 2008-01-10 02:57 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2008-01-10 02:57 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44 . 2008-01-10 02:57 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43 . 2008-01-10 02:57 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42 . 2008-01-10 02:56 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41 . 2008-01-10 02:55 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:36 . 2008-01-10 02:20 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:33 . 2008-01-10 02:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30 . 2008-01-10 02:15 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28 . 2008-01-10 02:12 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27 . 2008-01-10 02:24 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26 . 2008-01-10 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 20:10 . 2011-04-19 20:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-03-03 13:52 . 2011-02-12 09:06 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-05-15 12:58 . 2011-05-19 20:12 142296 ----a-w- e:\program\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2011-02-12 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- e:\program\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "e:\program\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-03-13 39264]
"StartCCC"="e:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
"Live Update 5"="e:\program\MSI\Live Update 5\LU5.exe" [2011-02-24 1277952]
"EvtMgr6"="e:\program\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"KB976002-v5"="advpack.dll" [2011-02-12 128512]
.
c:\documents and settings\Mario\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2011-5-21 0]
Logitech . Registrace produktu.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI Tray.lnk - e:\program\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2011-5-19 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-02-12 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"j:\\World of Warcraft\\Launcher.exe"=
"j:\\Zaloha aplikaci\\Vuze\\Azureus.exe"=
"j:\\World of Warcraft\\BackgroundDownloader.exe"=
"e:\\Program\\MSI\\Live Update 5\\LU5.exe"=
"c:\\Documents and Settings\\Mario\\Local Settings\\Apps\\2.0\\MCCX541A.E2A\\A96ALKA4.Q9Y\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=
.
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [19.5.2011 21:21 30808]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [12.2.2011 12:02 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [12.2.2011 12:02 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [12.2.2011 12:02 13616]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [24.5.2011 11:23 21992]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [24.5.2011 20:40 10448]
R2 Secunia PSI Agent;Secunia PSI Agent;e:\program\Secunia\PSI\PSIA.exe --start-service --> e:\program\Secunia\PSI\PSIA.exe --start-service [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 10:30 15544]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [12.2.2011 11:09 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [19.5.2011 19:41 130384]
S2 VRAID Log Service;VRAID Log Service;e:\program\VIA\RAID\vialogsv.exe [24.5.2011 20:45 52888]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Mario\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Mario\LOCALS~1\Temp\ALSysIO.sys [?]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;e:\program\MSI\Live Update 5\msibios32_100507.sys [23.5.2011 13:24 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;e:\program\MSI\Live Update 5\NTIOLib.sys [23.5.2011 13:24 7680]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [12.2.2011 11:06 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [19.5.2011 19:41 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- e:\program\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-TaskTray - (no file)
Notify-RailNotification - (no file)
AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-24 23:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Celkový čas: 2011-05-24 23:44:04
ComboFix-quarantined-files.txt 2011-05-24 21:44
.
Před spuštěním: Volných bajtů: 15 014 273 024
Po spuštění: Volných bajtů: 15 068 348 416
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EC03A4909CDB4612F16F831600EC4CCB

[Osud]

bohužel jsem ted v práci takže nemám přístup ke svému PC případné logy či rady můžu zkoušet až po 23hod.

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Folder::
e:\program\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Osud]

script jsem použil a tady je log.o vikendu už nejsem v praci takže se tomu můžu víc věnovat. děkuju za ochotu a trpělivost.


ComboFix 11-05-26.01 - Mario 27.05.2011 2:17.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1278.934 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mario\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mario\Plocha\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\program\Ask.com
e:\program\Ask.com\cobrand.ico
e:\program\Ask.com\config.xml
e:\program\Ask.com\favicon.ico
e:\program\Ask.com\fv_45.ico
e:\program\Ask.com\GenericAskToolbar.dll
e:\program\Ask.com\mupcfg.xml
e:\program\Ask.com\SaUpdate.exe
e:\program\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-27 do 2011-05-27 )))))))))))))))))))))))))))))))
.
.
2011-05-24 19:47 . 2011-05-24 19:47 -------- d-----w- e:\program\Secunia
2011-05-24 18:58 . 2011-05-24 18:58 -------- d-----w- e:\program\Realtek AC97
2011-05-24 18:45 . 2011-05-24 18:45 -------- d-----w- e:\program\VIA
2011-05-24 18:43 . 2011-05-24 18:43 -------- d-----w- e:\program\Realtek
2011-05-24 18:40 . 2011-05-24 18:40 -------- d-----w- e:\program\Logitech
2011-05-24 18:39 . 2011-05-24 18:39 -------- d-----w- e:\program\AMD
2011-05-24 18:39 . 2011-05-24 18:43 -------- d--h--w- e:\program\InstallShield Installation Information
2011-05-24 18:31 . 2011-05-24 18:31 -------- d-----w- e:\program\Driver-Soft
2011-05-24 18:20 . 2011-05-24 18:20 -------- d-----w- e:\program\Microsoft Windows 7 Upgrade Advisor
2011-05-24 09:58 . 2011-05-24 09:58 -------- d-----w- e:\program\Microsoft Silverlight
2011-05-24 09:23 . 2011-05-24 09:23 -------- d-----w- e:\program\CPUID
2011-05-24 09:01 . 2011-05-24 09:01 -------- d-----w- e:\program\Alcohol Soft
2011-05-23 18:47 . 2011-05-23 18:48 -------- d-----w- e:\program\K-Lite Codec Pack
2011-05-23 11:32 . 2011-05-23 11:32 -------- d-----w- e:\program\AMD APP
2011-05-23 11:31 . 2011-05-23 11:32 -------- d-----w- e:\program\ATI Technologies
2011-05-23 11:31 . 2011-05-23 11:31 -------- d-----w- e:\program\ATI
2011-05-23 11:30 . 2011-05-23 11:30 -------- d-----w- C:\ATI
2011-05-23 11:24 . 2011-05-23 11:24 -------- d-----w- e:\program\MSI
2011-05-19 20:28 . 2011-05-24 21:22 -------- d-----w- e:\program\AVG
2011-05-19 20:17 . 2011-05-19 20:18 -------- d-----w- e:\program\Winamp
2011-05-19 20:07 . 2011-05-19 20:07 -------- d-----w- C:\paragon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 02:41 . 2008-01-10 05:40 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:02 . 2008-01-10 03:06 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2008-01-10 02:46 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:45 . 2008-01-10 02:35 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44 . 2008-01-10 02:58 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44 . 2008-01-10 02:57 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2008-01-10 02:57 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44 . 2008-01-10 02:57 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43 . 2008-01-10 02:57 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42 . 2008-01-10 02:56 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41 . 2008-01-10 02:55 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:36 . 2008-01-10 02:20 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:33 . 2008-01-10 02:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30 . 2008-01-10 02:15 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28 . 2008-01-10 02:12 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27 . 2008-01-10 02:24 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26 . 2008-01-10 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 20:10 . 2011-04-19 20:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-03-03 13:52 . 2011-02-12 09:06 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-05-15 12:58 . 2011-05-19 20:12 142296 ----a-w- e:\program\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-02-12 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-05-24_21.42.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-24 22:01 . 2011-05-24 22:01 3484160 c:\windows\Installer\17168c.msi
+ 2011-05-24 21:58 . 2011-05-24 21:58 1611776 c:\windows\Installer\171688.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-03-13 39264]
"StartCCC"="e:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
"Live Update 5"="e:\program\MSI\Live Update 5\LU5.exe" [2011-02-24 1277952]
"EvtMgr6"="e:\program\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"KB976002-v5"="advpack.dll" [2011-02-12 128512]
.
c:\documents and settings\Mario\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2011-5-21 0]
Logitech . Registrace produktu.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI Tray.lnk - e:\program\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2011-5-19 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-02-12 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"j:\\World of Warcraft\\Launcher.exe"=
"j:\\Zaloha aplikaci\\Vuze\\Azureus.exe"=
"j:\\World of Warcraft\\BackgroundDownloader.exe"=
"e:\\Program\\MSI\\Live Update 5\\LU5.exe"=
"c:\\Documents and Settings\\Mario\\Local Settings\\Apps\\2.0\\MCCX541A.E2A\\A96ALKA4.Q9Y\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=
.
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [19.5.2011 21:21 30808]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [12.2.2011 12:02 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [12.2.2011 12:02 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [12.2.2011 12:02 13616]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [24.5.2011 11:23 21992]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [24.5.2011 20:40 10448]
R2 Secunia PSI Agent;Secunia PSI Agent;e:\program\Secunia\PSI\PSIA.exe --start-service --> e:\program\Secunia\PSI\PSIA.exe --start-service [?]
R2 Secunia Update Agent;Secunia Update Agent;e:\program\Secunia\PSI\sua.exe --start-service --> e:\program\Secunia\PSI\sua.exe --start-service [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 10:30 15544]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [12.2.2011 11:09 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [19.5.2011 19:41 130384]
S2 VRAID Log Service;VRAID Log Service;e:\program\VIA\RAID\vialogsv.exe [24.5.2011 20:45 52888]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Mario\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Mario\LOCALS~1\Temp\ALSysIO.sys [?]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;e:\program\MSI\Live Update 5\msibios32_100507.sys [23.5.2011 13:24 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;e:\program\MSI\Live Update 5\NTIOLib.sys [23.5.2011 13:24 7680]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [12.2.2011 11:06 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [19.5.2011 19:41 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-27 02:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Celkový čas: 2011-05-27 02:24:40
ComboFix-quarantined-files.txt 2011-05-27 00:24
ComboFix2.txt 2011-05-24 21:44
.
Před spuštěním: Volných bajtů: 14 884 421 632
Po spuštění: Volných bajtů: 14 892 605 440
.
- - End Of File - - 50866FA7B0CBA4F3805F700AE12CFEBA

[Rudy]

Smazáno, log již vypadá čistý. Nastala nějaká změna?

[Osud]

Prozatím vypadá vše OK. ještě to vyzkouším při hře. Každopádně moc děkuji Rudy za pomoc.

[Rudy]

Není zač!

[Osud]

tak po 30 minutách došlo k vypnutí s hláškou.
KERNEL_DATA_INPAGE_ERROR

0x0000007A(0x07111C0,0xC000009C,0xE223800C,0x410898C0)

[Rudy]

Zkuste provést kontrolu disku pomocí Checkdisku. Start>spustit>(napsat) Chkdsk /f /r>OK. Odsouhlaste a restartujte PC Checkdisk bude proveden při restartu PC.

[Osud]

ok zkusím to

[Osud]

ten příkaz jsem jak přepsal tak zkopíroval ale ke kontrole disku nedošlo vždy nabootoval rovnou OS.

[Rudy]

OK. Tento počítač>pravým myšítkem na ikonu příslušného disku>vlastnosti>nástroje>kontrola chyb. Zvolte možnost s aut. opravou chyb a spusťte.