Zamrzani pocitace

[bertoslaf]

Dobry vecer....tak pocitac se pry porad seka...napr. po skouknuti filmu nelze vypnout, zamrzne...take sem si vsim, ze jen tak z niceho nic, i kdyz je pocitac v uplnem klidu zacne silene tocit vetracek, jako kdyby pc pracovalo....

defragmentovano, CCleaner je cisten minimalne jednou tydne, chkdisk nehlasil nic spatneho....nevim, jde mi z toho hlava kolem...

[bertoslaf]

mizeji napriklad ikony z plochy...po skouknuti filmu a vypnuti prehravace /JetAudio/ nejsou zadne ikony...ani lista...

[Rudy]

Dejte ještě log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[bertoslaf]

ComboFix 10-12-18.02 - x 19.12.2010 23:44:02.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2690 [GMT 1:00]
Spuštěný z: c:\documents and settings\x\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\box.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-19 do 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-17 12:38 . 2010-12-17 12:38 -------- d-----w- c:\documents and settings\x\Local Settings\Data aplikací\ESET
2010-12-17 12:38 . 2010-12-17 12:38 -------- d-----w- c:\documents and settings\x\Data aplikací\ESET
2010-12-17 12:37 . 2010-12-17 12:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2010-12-17 12:36 . 2010-12-17 12:36 -------- d-----w- c:\program files\ESET
2010-12-17 12:36 . 2010-12-17 12:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2010-12-17 12:24 . 2010-12-17 12:24 -------- d-----w- c:\program files\HD Tune
2010-12-17 11:56 . 2010-12-17 11:56 -------- d-----w- c:\documents and settings\x\Data aplikací\Kecal
2010-12-17 11:55 . 2010-12-17 12:17 -------- d-----w- c:\program files\Kecal
2010-12-16 22:49 . 2010-12-16 22:49 -------- d-----w- c:\documents and settings\x\Data aplikací\TeamViewer
2010-12-16 22:48 . 2010-12-16 22:48 -------- d-----w- c:\program files\TeamViewer
2010-12-16 03:04 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 03:03 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-14 12:48 . 2010-12-14 12:48 -------- d-----w- c:\documents and settings\x\Data aplikací\Zoner
2010-12-14 12:48 . 2010-12-14 12:48 -------- d-----w- c:\documents and settings\x\Local Settings\Data aplikací\Zoner
2010-12-14 12:47 . 2010-12-14 12:47 -------- d-----w- c:\program files\Zoner
2010-12-13 22:12 . 2010-12-13 22:12 -------- d-----w- c:\program files\Google
2010-12-10 10:03 . 2010-12-16 11:32 -------- d-----w- c:\program files\trend micro
2010-12-10 10:03 . 2010-12-10 10:04 -------- d-----w- C:\rsit
2010-12-10 10:02 . 2010-12-10 10:02 -------- d-----w- c:\documents and settings\x\Data aplikací\Malwarebytes
2010-12-10 10:02 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-10 10:02 . 2010-12-10 10:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-10 10:02 . 2010-12-10 10:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-10 10:02 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 14:08 . 2010-12-06 14:08 -------- d-----w- c:\program files\MSECache
2010-12-04 21:49 . 2010-12-04 21:49 -------- d-----w- c:\documents and settings\x\Data aplikací\FlashGet
2010-12-04 21:49 . 2010-12-05 01:25 -------- d-----w- c:\documents and settings\x\Data aplikací\BITS
2010-12-04 21:49 . 2010-12-04 21:49 -------- d-----w- c:\program files\FlashGet Network
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-12-01 08:52 . 2010-12-01 08:52 -------- d-----w- c:\program files\BurnAware Free
2010-11-30 18:46 . 2010-11-30 18:46 -------- d-----w- c:\documents and settings\x\Local Settings\Data aplikací\Western Digital
2010-11-28 23:42 . 2010-11-28 23:42 -------- d-----w- c:\program files\Common Files\Skype
2010-11-28 23:42 . 2010-11-28 23:42 -------- d-----r- c:\program files\Skype
2010-11-28 23:42 . 2010-11-28 23:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2010-11-28 18:07 . 2010-11-28 18:07 -------- d-----w- c:\program files\epson
2010-11-28 18:07 . 2007-07-12 23:00 71680 ----a-w- c:\windows\system32\escwiad.dll
2010-11-28 18:03 . 2007-12-07 01:08 86528 ----a-w- c:\windows\system32\E_FLBCLE.DLL
2010-11-28 18:03 . 2007-12-07 01:01 78848 ----a-w- c:\windows\system32\E_FD4BCLE.DLL
2010-11-28 18:03 . 2004-09-10 19:12 49152 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-11-28 17:57 . 2010-11-28 18:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EPSON
2010-11-28 17:39 . 2008-04-13 23:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-11-28 17:39 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-11-28 17:33 . 2006-10-30 23:10 71840 ----a-w- c:\windows\system32\EPPicMgr.dll
2010-11-28 17:33 . 2006-10-30 23:10 120992 ----a-w- c:\windows\system32\EpPicPrt.dll
2010-11-28 17:33 . 2006-10-19 23:10 80024 ----a-w- c:\windows\system32\PICSDK.dll
2010-11-28 17:33 . 2006-10-19 23:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2010-11-28 17:33 . 2006-10-19 23:10 108704 ----a-w- c:\windows\system32\PICEntry.dll
2010-11-27 12:12 . 2010-12-17 15:49 -------- d-----w- c:\windows\system32\LogFiles
2010-11-24 07:53 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-11-24 07:53 . 2008-04-14 07:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-11-24 07:53 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-11-24 07:53 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-11-22 12:05 . 2010-12-08 13:34 -------- d-----w- c:\documents and settings\x\Data aplikací\Imagenomic
2010-11-22 11:17 . 2010-11-22 11:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\regid.1986-12.com.adobe
2010-11-22 11:17 . 2010-12-08 13:31 -------- d-----w- c:\program files\Imagenomic
2010-11-22 10:51 . 2010-11-22 10:51 -------- d-----w- c:\program files\Adobe Media Player
2010-11-22 10:49 . 2010-11-22 10:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-22 10:49 . 2010-11-22 10:49 -------- d-----w- C:\$AVG
2010-11-22 09:22 . 2010-11-22 09:22 -------- d-----w- c:\documents and settings\x\Data aplikací\AVG10
2010-11-22 09:21 . 2010-11-22 09:21 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2010-11-22 09:20 . 2010-12-17 12:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2010-11-22 09:19 . 2010-11-22 09:19 -------- d-----w- c:\program files\AVG
2010-11-22 09:02 . 2010-11-22 09:02 -------- d-----w- c:\program files\CCleaner
2010-11-21 16:50 . 2010-11-22 10:57 -------- d-----w- c:\documents and settings\x\Local Settings\Data aplikací\Adobe
2010-11-21 16:29 . 2010-11-21 16:30 -------- d-----w- c:\documents and settings\x\kbpki
2010-11-21 16:28 . 2010-11-21 16:28 -------- d-----w- c:\program files\Common Files\Java
2010-11-21 16:28 . 2010-11-21 16:28 -------- d-----w- c:\windows\Sun
2010-11-21 16:28 . 2010-09-15 03:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-21 16:21 . 2010-09-15 01:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-21 16:21 . 2010-11-21 16:28 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:15 . 2010-11-10 10:55 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-17 10:13 . 2010-11-17 10:13 737280 ----a-w- c:\windows\iun6002.exe
2010-11-06 00:23 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:23 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-10-25 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2004-08-17 13:44 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 20:51 . 2010-11-10 14:39 222080 ------w- c:\windows\system32\MpSigStub.exe
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\x\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-11-18 136176]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-27 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-09-27 86016]
"nwiz"="nwiz.exe" [2006-09-27 1617920]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"O2CZ"="c:\program files\O2\O2CZ\EMMSN.exe" [2009-11-30 4050632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-11-22 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 10:51 19200]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.8.2010 14:16 810144]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [19.11.2010 0:22 24448]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [19.11.2010 0:22 100736]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [17.11.2010 10:46 193840]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 USB200M;Linksys USB 2.0 Network Adapter ver.2;c:\windows\system32\drivers\USB200M2.sys [26.5.2010 11:05 18048]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-XXX-x.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-22 10:43]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by FlashGet3 - c:\documents and settings\x\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\x\Data aplikací\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ????3?? - c:\documents and settings\x\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\x\Data aplikací\FlashGetBHO\GetAllUrl.htm
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-ImagenomicRealGrainPlugin - c:\program files\Adobe\Adobe Photoshop CS5\Plug-ins\Imagenomic\RealGrain Plug-in\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 23:49
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHW2120BH rev.8916 -> Harddisk0\DR0 -> \Device\00000076

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
c:\docume~1\x\LOCALS~1\Temp\catchme.sys
c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A434AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000075[0x8A4991E8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000074[0x8A433030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-515967899-308236825-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\x\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-515967899-308236825-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\x\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000405
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{539F9408-904B-4302-A975-F1C781D7D076}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.2.64.12"
"UniqueId"="004658BA4D0B5970"
"ScannerBuild"=dword:00001dd3
"ScannerVersionId"=dword:000014f0
"ScannerVersion"="Locked/open ESET for status."
"ei2"=hex(b):75,dd,97,98,11,0c,df,a7
"ei1"=hex(b):00,1a,73,33,a4,be,00,00
"ei3"=hex(b):94,5a,0b,4d,00,00,00,00
"ei4"=dword:00000000
.
Celkový čas: 2010-12-19 23:50:54
ComboFix-quarantined-files.txt 2010-12-19 22:50

Před spuštěním: 9 984 479 232
Po spuštění: 9 954 045 952

- - End Of File - - C622A1628B439DB283C6A96F979B9794

[Rudy]

1 položka smazána. Ještě bych poprosil o sken MBR: http://www2.gmer.net/mbr/mbr.exe a log z něho.

[bertoslaf]

zde je log z mbr:


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHW2120BH rev.8916 -> Harddisk0\DR0 -> \Device\00000076

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!

[Rudy]

Stáhněte TDSS killer: http://support.kaspersky.com/downloads/ ... killer.exe a uložte ho na plochu. Dále postupujte podle kolegova návodu:

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresári (zvyčajne C:\ zložka) vo forme "TDSSKiller. _log.txt". Prosím, skopírujte a vložte obsah súboru tu.

[bertoslaf]

Zde je log...nic nenasel:


2010/12/20 20:29:54.0953 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/20 20:29:54.0953 ================================================================================
2010/12/20 20:29:54.0953 SystemInfo:
2010/12/20 20:29:54.0953
2010/12/20 20:29:54.0953 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/20 20:29:54.0953 Product type: Workstation
2010/12/20 20:29:54.0953 ComputerName: XXX
2010/12/20 20:29:54.0953 UserName: x
2010/12/20 20:29:54.0953 Windows directory: C:\WINDOWS
2010/12/20 20:29:54.0953 System windows directory: C:\WINDOWS
2010/12/20 20:29:54.0953 Processor architecture: Intel x86
2010/12/20 20:29:54.0953 Number of processors: 2
2010/12/20 20:29:54.0953 Page size: 0x1000
2010/12/20 20:29:54.0953 Boot type: Normal boot
2010/12/20 20:29:54.0953 ================================================================================
2010/12/20 20:29:58.0031 Initialize success
2010/12/20 20:30:19.0390 ================================================================================
2010/12/20 20:30:19.0390 Scan started
2010/12/20 20:30:19.0390 Mode: Manual;
2010/12/20 20:30:19.0390 ================================================================================
2010/12/20 20:30:20.0562 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/20 20:30:20.0609 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/20 20:30:20.0687 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/20 20:30:20.0781 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/20 20:30:21.0109 AmdK8 (fcffa85cfd4bf7a4711012847048dca3) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/12/20 20:30:21.0140 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2010/12/20 20:30:21.0250 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/20 20:30:21.0468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/20 20:30:21.0515 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/20 20:30:21.0578 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/20 20:30:21.0640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/20 20:30:21.0765 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/12/20 20:30:21.0812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/20 20:30:21.0937 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/12/20 20:30:22.0187 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/12/20 20:30:22.0406 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/20 20:30:22.0453 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/20 20:30:22.0515 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/20 20:30:22.0546 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/20 20:30:22.0578 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/20 20:30:22.0687 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/20 20:30:22.0828 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/20 20:30:22.0968 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/20 20:30:23.0093 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/20 20:30:23.0171 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/20 20:30:23.0187 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/20 20:30:23.0265 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/20 20:30:23.0406 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/20 20:30:23.0484 eamon (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys
2010/12/20 20:30:23.0531 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/12/20 20:30:23.0593 epfw (15bfe00f030ea20955117bb0677e9668) C:\WINDOWS\system32\DRIVERS\epfw.sys
2010/12/20 20:30:23.0687 Epfwndis (52310e0e603d7da79ecca7d764937a91) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2010/12/20 20:30:23.0734 epfwtdi (bdde7dd8fcdb1de7e879bb320b0605c0) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2010/12/20 20:30:23.0843 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/20 20:30:23.0890 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/20 20:30:23.0937 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/20 20:30:23.0953 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/20 20:30:23.0984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/20 20:30:24.0031 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/20 20:30:24.0062 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/20 20:30:24.0125 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/20 20:30:24.0312 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2010/12/20 20:30:24.0421 HdAudAddService (4905d28aa09f63e6a2f4e93ed6dd7d19) C:\WINDOWS\system32\drivers\CHDAud.sys
2010/12/20 20:30:24.0515 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/20 20:30:24.0625 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/20 20:30:24.0687 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2010/12/20 20:30:24.0734 HSFHWAZL (0aaef566e6782957252fa79f566fbc0b) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/12/20 20:30:24.0796 HSF_DPV (e472e0cb4e716cc34c0e045f2c196221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/12/20 20:30:24.0859 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/20 20:30:24.0937 Huawei (4183be439981bbc77ef2c1d66629f124) C:\WINDOWS\system32\DRIVERS\ewdcsc.sys
2010/12/20 20:30:25.0000 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/12/20 20:30:25.0078 hwusbdev (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
2010/12/20 20:30:25.0390 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/20 20:30:25.0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/20 20:30:25.0671 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/20 20:30:25.0734 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/20 20:30:25.0828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/20 20:30:25.0843 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/20 20:30:25.0937 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/20 20:30:25.0968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/20 20:30:26.0046 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/20 20:30:26.0109 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/20 20:30:26.0171 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/20 20:30:26.0296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/20 20:30:26.0453 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/20 20:30:26.0703 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/20 20:30:26.0781 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/20 20:30:26.0875 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/20 20:30:26.0937 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/20 20:30:27.0046 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/20 20:30:27.0187 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/20 20:30:27.0515 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/20 20:30:27.0687 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/20 20:30:27.0781 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/20 20:30:27.0906 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/20 20:30:28.0000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/20 20:30:28.0046 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/20 20:30:28.0093 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/20 20:30:28.0140 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/20 20:30:28.0187 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/20 20:30:28.0234 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/20 20:30:28.0281 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/20 20:30:28.0484 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/20 20:30:28.0640 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/20 20:30:28.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/20 20:30:28.0843 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/20 20:30:28.0906 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/20 20:30:28.0937 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/20 20:30:28.0968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/20 20:30:29.0078 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/20 20:30:29.0140 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/20 20:30:29.0187 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/20 20:30:29.0515 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/20 20:30:29.0828 nv (c493bec0b489551bfe60de6c76e6f4ec) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/20 20:30:29.0937 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/12/20 20:30:29.0968 nvatabus (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
2010/12/20 20:30:30.0015 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/12/20 20:30:30.0078 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/12/20 20:30:30.0140 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2010/12/20 20:30:30.0218 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/20 20:30:30.0265 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/20 20:30:30.0468 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/20 20:30:30.0562 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/20 20:30:30.0578 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/20 20:30:30.0656 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/20 20:30:30.0718 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/20 20:30:30.0843 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/20 20:30:30.0859 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/20 20:30:31.0125 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/20 20:30:31.0187 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/20 20:30:31.0218 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/20 20:30:31.0250 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/20 20:30:31.0593 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/20 20:30:31.0687 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/20 20:30:31.0734 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/20 20:30:31.0765 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/20 20:30:31.0828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/20 20:30:31.0859 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/20 20:30:31.0890 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/20 20:30:31.0953 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/20 20:30:32.0031 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/20 20:30:32.0093 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/12/20 20:30:32.0125 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/12/20 20:30:32.0187 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/12/20 20:30:32.0296 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/12/20 20:30:32.0437 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/20 20:30:32.0531 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/20 20:30:32.0625 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/12/20 20:30:32.0687 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/12/20 20:30:32.0734 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/20 20:30:32.0953 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/20 20:30:33.0031 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/20 20:30:33.0078 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/20 20:30:33.0156 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/20 20:30:33.0234 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/20 20:30:33.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/20 20:30:33.0296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/20 20:30:33.0609 SynTP (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/20 20:30:33.0656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/20 20:30:33.0843 Tcpip (4afb3b0919649f95c1964aa1fad27d73) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/20 20:30:33.0906 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/20 20:30:33.0937 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/20 20:30:33.0984 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/20 20:30:34.0062 tidnet (8044c4e4448d115f67a9fc1b67ce677f) C:\WINDOWS\system32\DRIVERS\tidnet.sys
2010/12/20 20:30:34.0265 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/20 20:30:34.0390 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/20 20:30:34.0515 USB200M (f15fa1133b544b670132da0a0fbb7088) C:\WINDOWS\system32\DRIVERS\USB200M2.sys
2010/12/20 20:30:34.0656 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/20 20:30:34.0718 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/20 20:30:34.0828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/20 20:30:34.0937 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/20 20:30:34.0984 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/20 20:30:35.0078 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/20 20:30:35.0171 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/20 20:30:35.0265 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/20 20:30:35.0312 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/20 20:30:35.0359 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/20 20:30:35.0421 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/20 20:30:35.0468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/20 20:30:35.0546 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/12/20 20:30:35.0796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/20 20:30:36.0015 winachsf (0e666ac2766f2fd860cc03f405a2ace1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/20 20:30:36.0125 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/20 20:30:36.0187 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/20 20:30:36.0531 ================================================================================
2010/12/20 20:30:36.0531 Scan finished
2010/12/20 20:30:36.0531 ================================================================================

[Rudy]

Nenašel opravdu nic. Jenže podle logu MBR má hlavní zaváděcí záznam nějaký problém. Zkusíme to jinak Nabootujte z instal. CD WinXP. Sledujte pokyny na liště. Až se objeví "R-opravit", stiskněte "R" a přihlašte se k instalaci Windows. Objeví se příkazový řádek, do něhož postupně zadáte:

cd c:\ (stisknete >Enter<)
fixmbr (stsknete >Enter< a potvrdíte)
exit (stisknete >Enter<)

PC se restartuje.

[bertoslaf]

S tim instalacnim CD bude mensi problem...pritelkyne ho nema u sebe, ale doma...ale dejme tomu, ze 23.-24. doma bude, tak bych to udelal, az se tu ukaze...eeee, mam strach...nestane se nic s daty???

A myslite, ze by tento problem mohl zpusobovat to zamrzani pocitace??

Zatim Vam mockrat dekuji a preji prijemne svatky, ozvu se co nejdrive

[Rudy]

Zmíněný postup přepíše celý MBR ze zálohy (nic jiného). Sice se může stát, že systém nenastartuje, ale data na disku zůstanou. Zásada je, že před jakymkoli odvirováním je žádoucí udělat zálohu důležitých dat. I v tomto případě bych to doporučil. Ostatně to mám v podpisu.

A myslite, ze by tento problem mohl zpusobovat to zamrzani pocitace??

Jiný problém v logu nevidím. Teoreticky je možný také hw problém, ale o něm lze uvažovat tehdy, pokud bude v systému vše v pořádku. MBR nedal jednoznačnou odpověď na to, zda je nakažen bootkitem, nebo je jinak poškozen.