Cierna obrazovka a mrznutie

[drkovcim]

Ahojte, mam nasledujuci problem. Po spusteni PC sa mi objavy len dolna lista s logom windowsu a plocha je cela cierna bez ikon. Cez skratku ctrl+shift+esc idu spustat niektore programy ale niektore sa donekonecna nacitavaju alebo sa nespustia vobec. Ak PC spustim v nudzovom rezime, spusti sa normalne aj s plochou. Problem je ale ten isty ako pri normalnom spusteni. Niektore aplikacie sa donekonecna nacitavaju alebo sa neotvoria vobec, niektore priecinky sa otvoria a niektore donekonecna nacitavaju. CCleaner sa sekne pri cisteni cache exploleru, RSIT sa sekne pri "Running HijackThis", obnova systemu sa donekonecna nacitava.

Samotny HijackThis mi nastastie ide spustit a aj sa dokonci proces tak pridavam aspon log z neho.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:22:39, on 5.3.2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dwwin.exe
D:\hijackthis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TMCC] "C:\Program Files\T-Mobile Communication Center\TMCC.exe" -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Administrator\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (file missing) (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DCService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: IBUpdaterService - Unknown owner - C:\WINDOWS\system32\dmwu.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: S3LoadSv - S3 Graphics Co., Inc. - C:\WINDOWS\system32\S3LoadSv.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 4838 bytes

[drkovcim]

Pri pokuse o spustenie "MSDART Live CD" (chcel som skusit spustit obnovu systemu z daneho programu) z botovacieho USB sa objavila "modra smrt" viz. priloha. Skusal som spustit aj prikaz CHKDSK /F ale nepomohlo to.


EDIT: podarilo sa mi este nainstalovat a spustit nod, prvy krat nasiel 8 virusov, po druhe uz 0. Bohuzial to ale nepomohlo.

[motji]

Hezký večer
nepamatujete si, kde NOD viry, v jakých souborech našel?

Obnova systému v nouzovém režimu také nejde?

[drkovcim]

Nejde v nudzovom rezime ani v nudzovom len s prikazovym riadkom. Chcel som to skusit pomocou "MSDART Live CD" ale to mi zas padla modra obrazovka (to iste aj pri pokuse nabootovat win).

Tu su nejake udaje co sa mi podarilo vytiahnut z Nodu:
Protokol o kontrole
Verzia vírusovej databázy: 8944 (20131021)
Dátum: 4.3.2014 Čas: 21:51:09
Testované disky, adresáre a súbory: Pamäť;C:\Boot sektor;E:\Boot sektor;C:\;E:\
Operačná pamäť » C:\WINDOWS\system32\dmwu.exe - Win32/Toolbar.Perion.G potenciálne nechcená aplikácia - výber akcie bol odložený na koniec scanovania
C:\Documents and Settings\Administrator\87568789978007896\winsvc.exe - Win32/Phorpiex.A červ - vyliečený zmazaním - uložený do karantény [1]
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{901E5450-2AC6-4336-89C4-4FD1F4BA4D94}\Microsoft\Outlook Express\Doručená pošta.dbx » DBX - je v poriadku (neprehliadané vnútorne)
C:\Documents and Settings\Administrator\My Documents\Downloads\WoT_internet_install_eu.exe » INNO » {app}\WOTLauncher.exe - je v poriadku
C:\Program Files\EA Games\Need for Speed(TM) Most Wanted\RegFix.exe » AUTOIT - je v poriadku
C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll - variant infiltrácie Win32/SweetIM.F potenciálne nechcená aplikácia - výber akcie bol odložený na koniec scanovania
C:\WINDOWS\system32\ARFC\wrtc.exe - Win32/Toolbar.Perion.G potenciálne nechcená aplikácia - výber akcie bol odložený na koniec scanovania
C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll - variant infiltrácie Win32/SweetIM.F potenciálne nechcená aplikácia - zmazaný - uložený do karantény
C:\WINDOWS\system32\ARFC\wrtc.exe - Win32/Toolbar.Perion.G potenciálne nechcená aplikácia - zmazaný - uložený do karantény
Počet diagnostikovaných objektov: 191005
Počet nájdených vírusov: 9
Počet vyliečených objektov: 8
Čas ukončenia: 6:04:29 Celkový čas diagnostiky: 29600 sek (08:13:20)

Poznámky:
[1] Objekt bol zmazaný, obsahoval len vírusové telo.
[4] Objekt nemožno otvoriť na čítanie. Je používaný inou aplikáciou (alebo operačným systémom), ktorá ho otvorila výhradne pre seba.
----------------------
C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll - variant infiltrácie Win32/SweetIM.F potenciálne nechcená aplikácia - výber akcie bol odložený na koniec scanovania
C:\System Volume Information\_restore{20F2AA35-38FB-4483-BD90-B7909B2A9A6E}\RP110\A0490523.exe - Win32/Phorpiex.A červ - vyliečený zmazaním - uložený do karantény [1]
C:\System Volume Information\_restore{20F2AA35-38FB-4483-BD90-B7909B2A9A6E}\RP110\A0490524.exe » NSIS » MiNODLogin.exe - Win32/RiskWare.HackAV.DD aplikácia
C:\System Volume Information\_restore{20F2AA35-38FB-4483-BD90-B7909B2A9A6E}\RP110\A0490524.exe » NSIS » MiNODLoginLib.dll - Win32/RiskWare.HackAV.GI aplikácia
C:\System Volume Information\_restore{20F2AA35-38FB-4483-BD90-B7909B2A9A6E}\RP110\A0490525.exe - Win32/RiskWare.HackAV.DM aplikácia - vyliečený zmazaním - uložený do karantény [1]
C:\System Volume Information\_restore{20F2AA35-38FB-4483-BD90-B7909B2A9A6E}\RP110\A0490526.exe - variant infiltrácie Win32/RiskWare.HackAV.II aplikácia - vyliečený zmazaním - uložený do karantény [1]
C:\System Volume Information\_restore{20F2AA35-38FB-4483-BD90-B7909B2A9A6E}\RP110\A0490527.exe - Win32/Toolbar.Perion.G potenciálne nechcená aplikácia - výber akcie bol odložený na koniec scanovania
C:\WINDOWS\system32\ARFC\wrtc.exe - Win32/Toolbar.Perion.G potenciálne nechcená aplikácia - výber akcie bol odložený na koniec scanovania
C:\System Volume Information\_restore{20F2AA35-38FB-4483-BD90-B7909B2A9A6E}\RP110\A0490527.exe - Win32/Toolbar.Perion.G potenciálne nechcená aplikácia - zmazaný - uložený do karantény
--------------------------
4.3.2014 21:55:33 Kontrola pri štarte súbor Operačná pamäť » C:\WINDOWS\system32\dmwu.exe Win32/Toolbar.Perion.G potenciálne nechcená aplikácia vyliečený zmazaním
4.3.2014 21:55:31 Kontrola pri štarte súbor Operačná pamäť » C:\WINDOWS\system32\dmwu.exe Win32/Toolbar.Perion.G potenciálne nechcená aplikácia vyliečený zmazaním - uložený do karantény -A535D3E\Administrator

Podarilo sa mi este spustit ComboFix. Ak to pomoze, tu su udaje:
ComboFix 14-03-04.03 - Administrator 05.03.2014 18:45:48.2.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.894.731 [GMT 1:00]
Running from: D:\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\MUI\041b\tourstart.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DCSERVICE.EXE
-------\Service_DCService.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-02-05 to 2014-03-05 )))))))))))))))))))))))))))))))
.
.
2014-03-05 17:23 . 2014-03-05 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2014-03-05 09:07 . 2014-03-05 09:08 -------- d-----w- c:\program files\Microsoft Diagnostics and Recovery Toolset
2014-03-05 05:47 . 2014-03-05 05:47 -------- d-----w- c:\program files\trend micro
2014-03-05 05:47 . 2014-03-05 05:47 -------- d-----w- C:\rsit
2014-03-04 20:55 . 2014-03-04 20:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2014-03-04 20:52 . 2014-03-04 20:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2014-03-04 20:48 . 2014-03-04 20:48 -------- d-----w- c:\program files\ESET
2014-03-04 20:48 . 2014-03-04 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2014-03-04 20:23 . 2014-03-05 17:43 -------- d-----w- c:\windows\system32\CatRoot2
2014-03-04 18:44 . 2014-03-05 05:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-03-04 18:44 . 2014-03-04 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2014-03-04 18:41 . 2014-03-04 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2014-03-04 18:41 . 2014-03-04 18:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2014-03-04 18:31 . 2014-03-04 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TMCC"="c:\program files\T-Mobile Communication Center\TMCC.exe" [2012-01-04 843776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2012-11-04 2097152]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
2008-04-11 13:16 77672 ----a-w- c:\windows\system32\accelerometerST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2013-04-30 10:57 1721480 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 00:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-04-15 07:57 181816 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
2008-07-08 17:48 204800 ----a-w- c:\windows\system32\S3Trayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-05-03 07:40 17355912 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2012-10-04 14:34 115032 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-04-23 09:57 1434920 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 10:14 24064]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4.11.2012 12:06 242240]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [10.10.2013 23:54 120088]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [26.12.2012 16:27 70656]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.1.2013 17:38 691696]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [17.9.2013 15:17 134248]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [17.9.2013 15:17 118768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.9.2013 12:06 1337752]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe --> c:\windows\system32\dmwu.exe [?]
S2 S3LoadSv;S3LoadSv;c:\windows\system32\s3loadsv.exe [20.1.2009 16:22 69632]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [4.11.2012 11:43 239160]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [26.12.2012 16:27 101504]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [23.4.2013 19:56 7936]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [20.9.2013 19:12 17672]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [23.4.2013 19:56 134144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-20 16:10 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-05 c:\windows\Tasks\ExpressBurnReminder.job
- c:\program files\NCH Software\ExpressBurn\expressburn.exe [2013-05-20 15:39]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Microsoft Windows Update - c:\documents and settings\Administrator\87568789978007896\winsvc.exe
MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
MSConfigStartUp-VTTimer - VTTimer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-05 18:55
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(248)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2014-03-05 18:58:13
ComboFix-quarantined-files.txt 2014-03-05 17:58
.
Pre-Run: 3 866 263 552 bytes free
Post-Run: 3 840 430 080 voľných bajtov
.
- - End Of File - - FC55F4A069FC22BB1A71343386C76BF4
8F558EB6672622401DA993E1E865C861


Skusal som aj programy ako spybot, SUPERAntiSpyware atd.. ale nejdu spustit alebo ani nainstalovat..

[motji]

Spybot je k ničemu. Po použití combofixu se to zlepšilo?
Píše to něco, když nejdou programy nainstalovat?

[drkovcim]

V normalnom rezime stale nejde plocha a spustat ci instalovat niektore programy nejdu stale. V normalnom rezime nejde otvorit ani tento pocitac, dokumenty ci akykolvek priecinok. Ziadna chyba ani nic podobne len to donekonecna nacita. Kedze mi nejde ani nabootovat windows tak ho nemozem pri najhorsom ani preinstalovat (aj ked by som to radsej nejak spojazdnil).

[motji]

Přijde mi to jako nabořený systém. Přes správce uloh nemůžete plochu vyvolat?
Ještě bychom mohli kouknout, zda není vadný disk.

stáhněte
http://www.slunecnice.cz/sw/crystaldiskinfo/
- spusťte ho a v nabídce zvolte Kopírovat.
-Data ze schránky sem pak vložte pomocí Ctrl+V

[drkovcim]

----------------------------------------------------------------------------
CrystalDiskInfo 6.1.8 (C) 2008-2014 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Professional SP2 [5.1 Build 2600] (x86)
Date : 2014/03/05 19:34:18

-- Controller Map ----------------------------------------------------------
+ Standard Dual Channel PCI IDE Controller [ATA]
+ Primary IDE Channel (0)
- ST9120817AS
- Secondary IDE Channel (1)

-- Disk List ---------------------------------------------------------------
(1) ST9120817AS : 120,0 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST9120817AS
----------------------------------------------------------------------------
Model : ST9120817AS
Firmware : 3.AHC
Serial Number : 5RE25X7M
Disk Size : 120,0 GB (8,4/120,0/120,0/120,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 234441648
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : ---- | SATA/300
Power On Hours : 3529 hours
Power On Count : 1966 count
Temperature : 46 C (114 F)
Health Status : Caution
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 253 __6 000000000000 Read Error Rate
03 _99 _99 __0 000000000000 Spin-Up Time
04 _99 _99 _20 0000000007C5 Start/Stop Count
05 100 100 _36 000000000000 Reallocated Sectors Count
07 _78 _60 _30 000004CFF581 Seek Error Rate
09 _96 _96 __0 000000000DC9 Power-On Hours
0A 100 100 _34 000000000000 Spin Retry Count
0C _99 _99 _20 0000000007AE Power Cycle Count
B8 100 253 _97 000000000000 End-to-End Error
BB __1 __1 __0 00000000040C Reported Uncorrectable Errors
BC 100 _99 __0 000000000001 Command Timeout
BD 100 100 __0 000000000000 High Fly Writes
BE _54 _37 _40 00023F0B002E Airflow Temperature
BF 100 100 __0 000000000006 G-Sense Error Rate
C0 100 100 __0 0000000006F9 Power-off Retract Count
C1 _62 _62 __0 000000012D54 Load/Unload Cycle Count
C2 _46 _63 __0 000B0000002E Temperature
C3 _88 _67 __0 00000BFB3556 Hardware ECC recovered
C5 100 100 __0 000000000001 Current Pending Sector Count
C6 100 100 __0 000000000000 Uncorrectable Sector Count
C7 200 200 __0 00000000002F UltraDMA CRC Error Count

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 3552 4532 3558 374D 2020 2020 2020 2020 2020 2020
020: 0000 4000 0004 332E 4148 4320 2020 5354 3931 3230
030: 3831 3741 5320 2020 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: 4BB0 0DF9 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0D06 0000 0048 0000
080: 01F8 0029 306B 7C09 6123 3069 BC09 6123 203F 0016
090: 0016 8080 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 4BB0 0DF9 0000 0000 0000 0000 4000 0000 5000 C500
110: 11A3 0286 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 4BB0
130: 0DF9 4BB0 0DF9 2020 0002 82B6 0002 0000 3C06 3C06
140: FFFF 07C6 0100 0000 100F 1800 0002 0080 0000 0000
150: 6080 0000 0000 0000 0000 0000 0000 0000 1E00 000B
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0035 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 1010 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 FBA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 64 FD 00 00 00 00 00 00 00 03 02
010: 00 63 63 00 00 00 00 00 00 00 04 33 00 63 63 C5
020: 07 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 4E 3C 81 F5 CF 04 00 00 00 09 32
040: 00 60 60 C9 0D 00 00 00 00 00 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 33 00 63 63 AE 07 00 00 00
060: 00 00 B8 33 00 64 FD 00 00 00 00 00 00 00 BB 3A
070: 00 01 01 0C 04 00 00 00 00 00 BC 32 00 64 63 01
080: 00 00 00 00 00 00 BD 32 00 64 64 00 00 00 00 00
090: 00 00 BE 32 00 36 25 2E 00 0B 3F 02 00 00 BF 32
0A0: 00 64 64 06 00 00 00 00 00 00 C0 3A 00 64 64 F9
0B0: 06 00 00 00 00 00 C1 12 00 3E 3E 54 2D 01 00 00
0C0: 00 00 C2 3A 00 2E 3F 2E 00 00 00 0B 00 00 C3 3E
0D0: 00 58 43 56 35 FB 0B 00 00 00 C5 32 00 64 64 01
0E0: 00 00 00 00 00 00 C6 3E 00 64 64 00 00 00 00 00
0F0: 00 00 C7 3E 00 C8 C8 2F 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 82 00 AA 01 00 53
170: 03 00 01 00 02 2D 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 01 01 01 01 01 01 01 01 00
190: 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00
1A0: 00 00 48 A1 8D 7A 82 01 00 00 01 00 00 00 06 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 02 00 01 00 00 00 2F 00 00 00 5F 9E 14 90 00 00
1D0: 00 00 23 56 04 00 00 00 00 00 40 03 00 00 00 00
1E0: C7 04 00 00 01 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0E

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 22 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B8 61 00 00 00 00 00 00 00 00 00 00 BB 00
070: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
080: 00 00 00 00 00 00 BD 00 00 00 00 00 00 00 00 00
090: 00 00 BE 28 00 00 00 00 00 00 00 00 00 00 BF 00
0A0: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
0B0: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
0C0: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C3 00
0D0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0E0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0F0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E7

[motji]

Problém u disku vidím, je možné že je špatný datový kabel, máte možnost vyzkoušet jiný?

[motji]

Ještě k té modré obrazovce. Může to být i vir v boot sektoru, ale já bych první vyzkoušela, zda není problém právě v disku.

Máte možnost disk zapojit do jiného pc jako slave?

Mrkněte sem
http://support.microsoft.com/kb/324103/cs

[drkovcim]

jedna sa o laptop a na tomto videu je vidno ze sa nejedna a klasicky sata kabel takze skusit jeho vymenu pre mna asi nebude mozne

http://www.youtube.com/watch?v=n0qtB0lCzuA

[motji]

Já sem zkusím poslat kolegu přes HW, zda to nebude tím diskem, a můžeme zkusit jeslti v tom nebude vir.
Ale především si okamžitě zazálohujte důležitá data

Nicméně podle těch příznaků bych řekla, že je buď poškozený systém, nebo disk.
Odkdy máte tyto problémy, nestahoval jste nějaký neznámý soubor?


Stahněte HD tune http://www.slunecnice.cz/sw/hd-tune/
-zvolete poslední záložku Error scan
-dejte skenovat, trvá to kolem hodiny.
-pak napište jestli jste měl nějaká políčka červená

[drkovcim]

Vo vysledku bola 1 cervena kocka. Bohuzial neviem presne povedat kedy to nastalo, PC patri mojmu bratrancovi a ten vravel ze to odrazu prestalo fungovat. Ale nebral by som to so 100% istotou.

[motji]

Každopádně ten disk v pořádku není. Sice zatím je poškození malé, ale může to být zrovna v místě, kde jsou nějaké důležité systémové soubory. Pak to vypadá na vadnou elektroniku disku.

Zkusila bych disk zformátovat a nainstalovat nový systém. A uvažujte o výměně disku.

[drkovcim]

Vyskusal som este Hiren's Boot CD a podarilo sa mi ho nabootovat. Je tam nieco co by som mal skusit?