Dobry den mam problem se svym OS XP pro nejakou zahadou se mi nezobrazuji nektere systemove prvky jako je pruvodce hledanim, uzivatelske ucty - kdyz jsem chtel nejaky ucet smazat tak tam proste zadne nejsou ale kdyz se prihlasim na uvodni obrazovku tak tam jsou a proto jsem se chtel rozhodnout opravit instalacni system xp ( pomoci tlacitka R ) ale ta moznost tam neni tak nevim cim to jestli tim ze uz nemam moznost opravit instaci v minulosti jsem uz opravu instalace delal a bylo to tam a ted kdyz to potrebuji neni. Nechci preinstalovat system nebot nechci stratit data ( nemam je kam presunout a vypolovani mi prijde zdlouhave) poradte mi prosim nekdo kde jsou chyby
dekuji
tak to nevim..
po jaký akci to začalo dělat??
co zkusit obnovit systém?
pote co se mi na hlavnim panelu obevil u hodin virus alert!!! a obnova systemu to uz jsem delal asi 5x a nic
tímto tě odkazuji na vedlejší téma - Virus Alert, to si pečlivě pročti a udělej, co je tam psáno, řešení jsme zatím ale nenašli:(
virus alert mam vyreseny zacalo to az po 14 dnech co tam byl
mno, nejprve díky za rady v tamtom tématu..
teď zpět k tobě, takže to začalo po čtrnácti dnech? nějaká pozdější akce? zdá se mi to hodně, těch 14 dní..
zkus instalaci přímo za spuštěných win, myslim, že tim se taky dostaneš pouze do opravy - zvolíš možnost instalace "inovaci"
když to nepomůže, nevim, ale asi by neměl bejt takovej problém koupit za desetikačku DVD, stahnout si ze stahni.net nějakej free vypalovák a vypálit zálohy, disk sformátovat a provést instalaci nanovo..
je so cice ta nejhorší a poslední možnst, taky sem přeinstalovával systém už tolikrát, že mi ho to ani nehctělo zaktivovat, ale dá se to zkousnout, zvlášť, pokud v kompu nemáš moc proglramů, já sem bratrovi musel obnovit pokaždý sbírku 30ti her, takže to bylo na dvoudenní posezení u počítače :D
předtím ale ještě zkus hodit log z hijackthisu nebo z toho combofixu, ale spíš z hijackthisu a třeba tam něco najdeme.. možná by to moh dělat taky nějakej vir, zkus to projet nějakejma online scannerama..
log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:15, on 5.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WPMP150\miranda32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mojebanka.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MirandaIM] "C:\Program Files\WPMP150\miranda32.exe" "C:\Program Files\WPMP150\Profiles\MujProfil"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wu...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/cli...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B530F82-1755-41DB-843A-4AAF6455A2E5}: NameServer = 10.154.86.1,10.152.16.116
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 9078 bytes
z combofixu:
ComboFix 08-10-05.01 - Absender 2008-10-05 22:12:45.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1314 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Absender\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Resident AV is active
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\kačka\Cookies\kačka@ad.yieldmanager[1].txt
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-05 do 2008-10-05 )))))))))))))))))))))))))))))))
.
2008-10-05 00:31 . 2008-10-05 00:31 <DIR> d-------- C:\Program Files\Windows Defender
2008-10-04 21:24 . 2008-10-04 21:24 1,917 --a------ C:\WINDOWS\imsins.BAK
2008-10-04 21:18 . 2008-10-04 21:22 <DIR> d-------- C:\Program Files\Primy kanal
2008-10-04 21:18 . 2008-01-08 12:57 150,016 --a------ C:\WINDOWS\system32\Unzip32N.dll
2008-10-04 21:18 . 2008-01-08 12:57 141,312 --a------ C:\WINDOWS\system32\Zip32N.dll
2008-10-04 20:19 . 2008-10-04 20:19 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-04 16:31 . 2008-10-04 16:31 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-10-04 16:26 . 2008-10-04 16:26 <DIR> d-------- C:\Program Files\ICQ6Toolbar
2008-10-04 16:26 . 2008-10-04 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ICQ
2008-10-04 16:25 . 2008-10-04 16:27 <DIR> d-------- C:\Program Files\ICQ6
2008-10-04 15:45 . 2008-10-04 16:14 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-10-04 10:58 . 2008-10-04 15:03 <DIR> d-------- C:\Program Files\ICQToolbar
2008-10-03 15:14 . 2008-10-03 15:14 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-10-03 15:14 . 2008-10-03 15:14 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-10-03 15:13 . 2008-10-03 15:13 <DIR> d-------- C:\kav
2008-10-02 14:55 . 2008-10-02 14:56 <DIR> d-------- C:\Program Files\Far
2008-10-02 13:47 . 2008-10-05 20:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-02 13:47 . 2008-10-02 13:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-29 17:26 . 2008-09-29 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Winferno
2008-09-29 10:38 . 2008-09-29 10:38 <DIR> d-------- C:\Program Files\Real
2008-09-29 10:38 . 2008-09-29 10:38 774,144 --a------ C:\Program Files\RngInterstitial.dll
2008-09-29 10:38 . 2008-09-29 10:39 2,046 --a------ C:\lma_log.html
2008-09-29 10:37 . 2008-09-29 10:37 <DIR> d-------- C:\Program Files\Freeze.com
2008-09-29 10:37 . 2008-09-30 23:16 906 --a------ C:\log.html
2008-09-26 21:39 . 2008-09-26 21:39 <DIR> d-------- C:\Documents and Settings\kačka\Data aplikací\SUPERAntiSpyware.com
2008-09-26 18:20 . 2008-09-26 18:21 <DIR> d-------- C:\WINDOWS\speech
2008-09-26 15:03 . 2008-09-26 15:03 <DIR> d-------- C:\Program Files\Audacity
2008-09-24 21:55 . 2008-09-24 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Software Licensors
2008-09-24 21:27 . 2008-09-24 22:05 <DIR> d-------- C:\Documents and Settings\Absender\Data aplikací\TmpRecentIcons
2008-09-24 20:55 . 2008-09-24 20:55 <DIR> d-------- C:\Program Files\Photodex Presenter
2008-09-24 20:55 . 2008-09-24 20:55 <DIR> d-------- C:\Program Files\Photodex
2008-09-23 18:30 . 2008-09-24 20:32 <DIR> d-------- C:\Program Files\Living Cell 3D Screensaver
2008-09-21 22:53 . 2008-09-21 22:53 <DIR> d-------- C:\Documents and Settings\Absender\Data aplikací\Nero
2008-09-15 19:03 . 2008-09-15 19:03 <DIR> d-------- C:\Documents and Settings\Absender\Data aplikací\Command & Conquer 3 Tiberium Wars
2008-09-15 18:56 . 2008-09-15 18:56 <DIR> d-------- C:\Program Files\Electronic Arts
2008-09-14 02:51 . 2008-09-14 02:51 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-09-14 02:49 . 2008-09-14 02:49 <DIR> d-------- C:\Program Files\Bonjour
2008-09-12 21:08 . 2008-09-12 21:08 1,986,560 --a------ C:\WINDOWS\system32\akll.dll
2008-09-12 21:08 . 2008-09-12 21:08 1,245,184 --a------ C:\WINDOWS\system32\bkll.dll
2008-09-12 21:08 . 2008-09-12 21:08 1,212,416 --a------ C:\WINDOWS\system32\ckll.dll
2008-09-12 21:08 . 2008-09-12 21:08 196,608 --a------ C:\WINDOWS\system32\maag.dll
2008-09-12 21:07 . 2008-09-12 21:20 <DIR> d-------- C:\Program Files\ALO Power Audio Converter
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 20:11 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Skype
2008-10-05 19:10 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-05 02:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-05 01:37 --------- d-----w C:\Program Files\VirtualDJ
2008-10-04 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-04 19:22 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-10-04 14:10 --------- d-----w C:\Documents and Settings\kačka\Data aplikací\Skype
2008-10-04 13:37 --------- d-----w C:\Program Files\Java
2008-10-04 08:53 --------- d-----w C:\Program Files\WPMP150
2008-10-02 17:28 --------- d-----w C:\Documents and Settings\kačka\Data aplikací\Winamp
2008-09-29 16:21 --------- d-----w C:\Documents and Settings\oluška\Data aplikací\ICQ
2008-09-29 08:38 --------- d-----w C:\Program Files\Common Files\Real
2008-09-24 21:16 --------- d-----w C:\Program Files\Trojan Remover
2008-09-24 20:16 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-24 20:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-17 17:26 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Image Zone Express
2008-09-17 11:16 --------- d-----w C:\Documents and Settings\oluška\Data aplikací\Skype
2008-09-14 00:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-12 17:25 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-09-10 20:49 --------- d-----w C:\Program Files\Scorpions WinCheater
2008-09-10 12:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-09-05 15:47 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-30 19:49 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Winamp
2008-08-30 16:29 --------- d-----w C:\Program Files\Winamp
2008-08-28 21:38 --------- d-----w C:\Program Files\Ford Street Racing
2008-08-27 15:56 --------- d-----w C:\Program Files\PowerISO
2008-08-27 11:23 --------- d-----w C:\Documents and Settings\Strejda\Data aplikací\ICQ
2008-08-23 23:54 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-23 23:13 --------- d-----w C:\Program Files\Codemasters
2008-08-23 19:20 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\ICQ
2008-08-22 19:28 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-08-22 19:28 249,856 ------w C:\WINDOWS\Setup1.exe
2008-08-20 12:42 --------- d-----w C:\Program Files\City Interactive
2008-08-20 10:11 --------- d-----w C:\Program Files\Playlogic
2008-08-19 20:44 --------- d-----w C:\Program Files\Microsoft Works
2008-08-19 20:43 --------- d-----w C:\Program Files\MSBuild
2008-08-19 20:42 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-19 20:40 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-08-19 11:44 --------- d-----w C:\Documents and Settings\Absender\Data aplikací\Stellarium
2008-08-19 09:28 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 11:22 --------- d-----w C:\Documents and Settings\Strejda\Data aplikací\DAEMON Tools
2008-08-16 10:40 --------- d-----w C:\Program Files\Common Files\Logitech
2008-08-16 10:39 --------- d-----w C:\Program Files\Logitech
2008-08-10 12:46 --------- d-----w C:\Program Files\ICQ614_45_23
2008-03-17 20:27 0 ----a-w C:\Program Files\AstonWriteTest.txt
2007-08-06 12:09 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-05-04 09:37 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-03 19:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050320080504\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MirandaIM"="C:\Program Files\WPMP150\miranda32.exe" [2008-06-30 602181]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\Absender
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-12-31 16:29 962560 C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 17:08 173304 C:\Program Files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
--a------ 2007-09-18 22:26 3850240 C:\Program Files\qipinfium9000\infium.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2006-06-26 09:46 497200 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 10:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-06-26 10:33 243248 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--ahs---- 2008-04-14 08:52 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-06-01 11:22 7618560 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 15:08 21686568 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"ares"="C:\Program Files\Ares\Ares.exe" -h
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"nwiz"=nwiz.exe /install
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"LogitechSetup"=D:\Setup\Setup.exe /restart /l:enu
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
"P17Helper"=Rundll32 SPIRun.dll,RunDLLEntry
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Documents and Settings\\Absender\\qip8020\\qip.exe"=
"C:\\Program Files\\Strong DC++\\StrongDC.exe"=
"C:\\Program Files\\qip8020\\qip.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\qipinfium9000\\infium.exe"=
"C:\\totalcmd\\Totalcmd_.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\WPMP150\\miranda32.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);C:\WINDOWS\system32\DRIVERS\vacs2xkd.sys [2007-11-01 42880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 69120]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-18 355584]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2008-10-05 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
2008-09-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-10-05 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-AVP - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\Absender\Data aplikací\Mozilla\Firefox\Profiles\3oby5vjs.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://seznam.cz/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - C:\Program Files\TV JOJ Media Player\npplugin_netscape.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 22:20:43
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2008-10-05 22:24:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-10-05 20:24:10
ComboFix2.txt 2008-09-26 10:45:13
Před spuštěním: Volných bajtů: 176 717 029 376
Po spuštění: Volných bajtů: 176,717,385,728
300 --- E O F --- 2008-09-10 12:04:22
takže bloknout toto:
C:\Program Files\Bonjour\mDNSResponder.exe - to sem tam měl taky a pc se moh zbláznit..
Photodex - nějaký váš program?
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
- neznámí zmetci..
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
- pryč s toolbary a tim noname
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B530F82-1755-41DB-843A-4AAF6455A2E5}: NameServer = 10.154.86.1,10.152.16.116 - vemi podezřelé
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll - neznám, že by Kaspersky, nebo se za něj jen někdo schovává?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - sis tam dal nějak hodně antivirů ne?
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe - nikd yjsem o tom neslyšel
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe - co to je? proč mázvukovka přístup k CD?
každopádně, než něco fixneš, vyčekj na Tatika, ten logům orzumí víc než já..
u toto, co neznám, tak pokud to jsou programy, nebo věci, o kterých víš nebo je používáš, tak to neblokuj..
po spusteni combofixu jsem mi vratlil i pruvodce hledanim a uzivatelske ucty
tak to je zajímavé, že by se vše vyřešilo jen oskenováním?? :D
je to zajimave a ten tatka je tu nebo ne
jj, dej tomu čas, toto neni Online poradna, takže až se dotyčný poradce dostaví, tak teprv může odpovídat, nejsem u počítače furt, tato poradna je naše zájmová činnost, nikoliv zaměstnání :)
většina z nás jsou studenti i středních škol..
No, TOBiAS to vzal poněkud rázně, ale proč ne. Já si to doma taky řádně pročišťuji. Můj log je tak třetinový proti těm, vo tu vidím.
to C:\Program Files\Bonjour\mDNSResponder.exe : http://www.liutilities.com/products/wintaskspro/processlibrary/mdnsrespo...
to C:\WINDOWS\system32\cisvc.exe a C:\WINDOWS\system32\cidaemon.exe jedná se o procesy, které indexují disk. Pravděpodobně vytěžují procesor skoro na 100%. Dá se zrušit ve Službách a aplikacích.
Co se týká toolbarů a no namů, sdílím názor jako TOBiAS
ARES - opravdu ho máte naistalovaný? A používáte? Pokud ne, klidně můžete vyhodit.
vyhodil bych O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Projel jste PC antivirem, adawarem a spybotem? Virus Alert Vám určitě nabídl stažení nějakého antiviru. Doufám, že jste nic nestahoval. Projeťe PC a dejte vědět, jestli něco nějaký program našel.
tady je novy log z hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:56, on 6.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WPMP150\miranda32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mojebanka.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MirandaIM] "C:\Program Files\WPMP150\miranda32.exe" "C:\Program Files\WPMP150\Profiles\MujProfil"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wu...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/cli...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B530F82-1755-41DB-843A-4AAF6455A2E5}: NameServer = 10.154.86.1,10.152.16.116
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8300 bytes
to nám to prožídlo :)
for Tatik: doufám, že neva, že všechny logisty odkazuju na tebe, to víš, eště toho z nich moc neznám a teprv se to učim, abych něbloknul něco špatnýho.. třeba u kámoše tam měl třikrát spouštěná systému windows, to se mi zdálo divný, tak sme to fixly a to byla pro Vistu neúnosná rána :D - smrtelná :D
aha tak to jo 8-)
Nevadí, já všem doporučuji udělat bod obnovy. Nikdy nevím, co kdo ještě vymaže. Nebo že bych mu nepřesně poradil? To určitě ne. :))
prosim te muzes se podivat na tento log diky
http://www.pcporadenstvi.cz/forum/viewtopic.php?p=17150#17150