Najde vyr a resne ihned pc

[Goodmen]

Ahoj hele mam problem pokazde¨kdys spusstim adwarecko a najde my to nejake ty kryticke obekty tak my to ihnes resne pc zadny jinaci program tam nevydi jen nod 32 my porad rval ze tady mam nekde vira ... prosim muze my nekdo poradit co stim mam delat popr jak nejlepe odstranit trojany?? bud na icq ci mail odpoved pls

[Bez_n1ck]

jasan C:format

[Geeker]

Ahoj hele mam problem pokazde¨kdys spusstim adwarecko a najde my to nejake ty kryticke obekty tak my to ihnes resne pc zadny jinaci program tam nevydi jen nod 32 my porad rval ze tady mam nekde vira ... prosim muze my nekdo poradit co stim mam delat popr jak nejlepe odstranit trojany?? bud na icq ci mail odpoved pls

Nouzovy rezim nezabira?

[Goodmen]

V nouzaku sem to jeste neskusel to mne nenapadlo .... skusim

Koukam ze my asik nic jineho nezbyde kurva zas delat zalohu to mne neba no nic no tak format ....

[zombux]

blbost, formát je řešení pro lamy koukni do nouzáku, dej výpis z hijackthis a uvidíme

[Baron Prášil]

HijackThis stahneš tady-
http://www.trendsecure.com/portal/en-US ... ckThis.exe
rozbal do vlastní složky,spusť,klikni na "Do a system scan and save a logfile"
Vygenerovaný texťák zkopíruj sem.

[Goodmen]

HijackThis stahneš tady-
http://www.trendsecure.com/portal/en-US ... ckThis.exe
rozbal do vlastní složky,spusť,klikni na "Do a system scan and save a logfile"
Vygenerovaný texťák zkopíruj sem.

presne to sem udelal a taky my to reslo pc ihned takze fakt nevim

[bellatrix]

presne to sem udelal a taky my to reslo pc ihned takze fakt nevim

ak si to este nesformatoval, mam par napadov... len sem pisni, ze problem pretrvava, nech sa zbytocne netrapime..

[Goodmen]

presne to sem udelal a taky my to reslo pc ihned takze fakt nevim

ak si to este nesformatoval, mam par napadov... len sem pisni, ze problem pretrvava, nech sa zbytocne netrapime..

Frmat bohuzel probehl pac se zhroutil system a neslo nic ale po formatu ktery byl 4x posobe dukladny my dela porad paseku mam otazku muze to byt us totalne zavirovana ip adresa ze jakmyle se pripojim tak my zacnpou viry bombardovat pc??

Ted my dela jianci problem lystu mam povytahlou nahoru jako start lystu a jakmyle se pripojim k netu tak my koci tabulka z errorem a po 5 minutach se my ta lysta vrati z5 do povodniho stvau a vypadnou my veskere ovladace zvuku tudis my nejde zvuk a ani nastaveni zvukove tak ted neformatuj ua cekam co reknete tady je vipys z hijacku


Logfile of HijackThis v1.99.1
Scan saved at 16:56:36, on 25.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\apache\mysql\bin\mysqld-nt.exe
C:\Programy\Nod32\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\apache\APACHE.EXE
C:\Programy\Spyware Terminator\sp_rsser.exe
c:\apache\APACHE.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Programy\Nod32\nod32kui.exe
C:\Programy\Postak\Postak.exe
C:\Programy\DAP\DAP.EXE
C:\Programy\Winamp\Winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Programy\ObjectDock\ObjectDock.exe
C:\Programy\Winamp\winamp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programy\ICQLite\ICQLite.exe
C:\Programy\Opera\Opera.exe
C:\Programy\totalcmd\TOTALCMD.EXE
c:\Programy\Xchat\Xchat-Anti-Kick.exe
C:\WINDOWS\System32\svchost.exe
C:\Programy\IrfanView\I_VIEW32.EXE
E:\Archyv\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programy\ICQToolbar\toolbaru.dll
O1 - Hosts: 108.112.42.206 ad.doubleclick.net
O1 - Hosts: 184.169.44.29 upgrade.bitdefender.com
O1 - Hosts: 106.62.59.13 report.bitdefender.com
O1 - Hosts: 178.95.95.213 ad.fastclick.net
O1 - Hosts: 107.116.117.138 ads.fastclick.net
O1 - Hosts: 174.15.27.94 ar.atwola.com
O1 - Hosts: 115.27.183.221 atdmt.com
O1 - Hosts: 183.97.110.57 avp.ch
O1 - Hosts: 114.153.7.176 avp.com
O1 - Hosts: 179.51.181.210 avp.ru
O1 - Hosts: 108.15.197.227 awaps.net
O1 - Hosts: 180.66.164.240 banner.fastclick.net
O1 - Hosts: 112.56.109.230 banners.fastclick.net
O1 - Hosts: 177.137.61.67 ca.com
O1 - Hosts: 111.18.29.102 www.ca.com
O1 - Hosts: 180.140.140.115 click.atdmt.com
O1 - Hosts: 104.148.31.185 clicks.atdmt.com
O1 - Hosts: 186.213.124.100 customer.symantec.com
O1 - Hosts: 100.96.64.129 dispatch.mcafee.com
O1 - Hosts: 183.2.101.136 download.mcafee.com
O1 - Hosts: 104.210.98.148 download.microsoft.com
O1 - Hosts: 181.159.189.68 downloads.microsoft.com
O1 - Hosts: 112.218.150.78 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 181.65.170.225 downloads-eu2.kaspersky-labs.com
O1 - Hosts: 115.202.138.212 downloads-eu3.kaspersky-labs.com
O1 - Hosts: 185.37.50.218 downloads-us1.kaspersky-labs.com
O1 - Hosts: 109.114.81.80 downloads-us2.kaspersky-labs.com
O1 - Hosts: 180.183.191.200 downloads-us3.kaspersky-labs.com
O1 - Hosts: 111.63.81.72 downloads1.kaspersky-labs.com
O1 - Hosts: 187.45.123.197 downloads2.kaspersky-labs.com
O1 - Hosts: 102.48.18.192 downloads3.kaspersky-labs.com
O1 - Hosts: 180.188.144.114 downloads4.kaspersky-labs.com
O1 - Hosts: 111.57.62.146 engine.awaps.net
O1 - Hosts: 179.113.96.3 f-secure.com
O1 - Hosts: 100.178.73.135 fastclick.net
O1 - Hosts: 182.38.71.88 ftp.avp.ch
O1 - Hosts: 107.152.141.111 ftp.downloads2.kaspersky-labs.com
O1 - Hosts: 186.39.46.12 ftp.f-secure.com
O1 - Hosts: 106.65.181.226 ftp.kasperskylab.ru
O1 - Hosts: 174.100.75.218 ftp.sophos.com
O1 - Hosts: 111.138.97.30 go.microsoft.com
O1 - Hosts: 174.194.28.31 ids.kaspersky-labs.com
O1 - Hosts: 110.101.147.64 kaspersky-labs.com
O1 - Hosts: 182.218.134.18 kaspersky.com
O1 - Hosts: 110.50.113.133 liveupdate.symantec.com
O1 - Hosts: 178.160.128.199 liveupdate.symantecliveupdate.com
O1 - Hosts: 115.84.151.31 mast.mcafee.com
O1 - Hosts: 185.0.220.131 mcafee.com
O1 - Hosts: 109.92.142.185 media.fastclick.net
O1 - Hosts: 176.171.191.233 msdn.microsoft.com
O1 - Hosts: 103.113.37.211 my-etrust.com
O1 - Hosts: 180.172.202.29 nai.com
O1 - Hosts: 115.89.143.98 networkassociates.com
O1 - Hosts: 174.46.37.27 office.microsoft.com
O1 - Hosts: 109.188.51.100 phx.corporate-ir.net
O1 - Hosts: 185.45.204.116 rads.mcafee.com
O1 - Hosts: 109.120.41.223 secure.nai.com
O1 - Hosts: 177.7.179.127 securityresponse.symantec.com
O1 - Hosts: 108.217.74.1 service1.symantec.com
O1 - Hosts: 183.50.26.181 sophos.com
O1 - Hosts: 109.170.21.186 spd.atdmt.com
O1 - Hosts: 187.58.188.136 support.microsoft.com
O1 - Hosts: 101.13.209.239 symantec.com
O1 - Hosts: 176.188.88.223 trendmicro.com
O1 - Hosts: 105.130.169.168 update.symantec.com
O1 - Hosts: 182.123.36.37 updates.symantec.com
O1 - Hosts: 108.110.33.59 updates1.kaspersky-labs.com
O1 - Hosts: 183.59.213.85 updates2.kaspersky-labs.com
O1 - Hosts: 100.8.14.248 updates3.kaspersky-labs.com
O1 - Hosts: 177.203.115.101 updates4.kaspersky-labs.com
O1 - Hosts: 115.99.75.57 updates5.kaspersky-labs.com
O1 - Hosts: 177.164.21.164 us.mcafee.com
O1 - Hosts: 104.191.68.232 vil.nai.com
O1 - Hosts: 178.104.12.229 viruslist.com
O1 - Hosts: 115.45.29.170 viruslist.ru
O1 - Hosts: 180.17.225.124 windowsupdate.microsoft.com
O1 - Hosts: 101.14.104.106 www.avp.ch
O1 - Hosts: 187.220.183.234 www.avp.com
O1 - Hosts: 106.32.32.175 www.avp.ru
O1 - Hosts: 186.54.74.45 www.awaps.net
O1 - Hosts: 101.143.19.123 www.ca.com
O1 - Hosts: 174.32.86.13 www.f-secure.com
O1 - Hosts: 105.116.161.207 www.fastclick.net
O1 - Hosts: 181.161.67.179 www.grisoft.com
O1 - Hosts: 112.172.26.189 www.kaspersky-labs.com
O1 - Hosts: 184.209.149.39 www.kaspersky.com
O1 - Hosts: 101.182.189.240 www.kaspersky.ru
O1 - Hosts: 173.37.26.35 www.mcafee.com
O1 - Hosts: 112.46.139.229 www.my-etrust.com
O1 - Hosts: 178.225.214.176 www.nai.com
O1 - Hosts: 108.150.114.26 www.networkassociates.com
O1 - Hosts: 178.182.181.42 www.sophos.com
O1 - Hosts: 109.208.204.78 www.symantec.com
O1 - Hosts: 185.128.102.236 www.trendmicro.com
O1 - Hosts: 106.65.196.108 www.viruslist.com
O1 - Hosts: 179.223.125.67 www.viruslist.ru
O1 - Hosts: 103.38.35.138 www3.ca.com
O1 - Hosts: 175.24.52.173 avp.ch
O1 - Hosts: 112.167.176.41 avp.com
O1 - Hosts: 181.132.72.29 avp.ru
O1 - Hosts: 108.51.94.92 awaps.net
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programy\ICQToolbar\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Programy\Postak\SRank.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programy\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programy\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SMail] "C:\Programy\Postak\Postak.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programy\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programy\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [WinampAgent] "C:\Programy\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programy\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Zástupce - ObjectDock.lnk = C:\Programy\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Clean Traces - C:\Programy\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programy\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programy\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download &all with DAP - C:\Programy\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programy\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programy\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{268EE927-C3D8-4532-8E44-6F46AD11C9E7}: NameServer = 212.111.0.10,193.179.148.42
O17 - HKLM\System\CS1\Services\Tcpip\..\{268EE927-C3D8-4532-8E44-6F46AD11C9E7}: NameServer = 212.111.0.10,193.179.148.42
O17 - HKLM\System\CS2\Services\Tcpip\..\{268EE927-C3D8-4532-8E44-6F46AD11C9E7}: NameServer = 212.111.0.10,193.179.148.42
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: MySql - Unknown owner - c:/apache/mysql/bin/mysqld-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programy\Nod32\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programy\Spyware Terminator\sp_rsser.exe


Ten vipys je z doby co sem pripojeny k internetu

[rary]

Nainstaluj si FIREWALL.

Stáhni si HostsXpert a rozbal ho do vlastní složky. A spusť ho.
Klikni na tlačítko Restore MS Hosts File a potvrď stisknutím na OK. Poté až to obnoví hosts soubor tak klikni na Make ReadOnly?
A restartuj PC.

Jinak je možné že ti tlačítko Restore MS Hosts File "nebude fungovat" v tom případě budeš musem kliknout na - Make Writeable? potom by již vše mělo jít podle návodu co jsem napsal výše.

Kdyby jsi něčemu nerozuměl s tím HostsXpert tak se zeptej.

Poté v HJT fixni:
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe

Vidím že používáš DAP pokud máš free verzi tak postupuj dle tohoto návodu na odstranění protože free verze obsahuje adware.

V taskmanageru (ctrl+alt+delete) ukonči:
DAP.EXE

A odinstaluj DAP (Download Accelerator Plus)

Poté smaž jeho složku až ho odinstaluješ:
C:\Programy\DAP

Poté použij ComboFix:

Stáhni si
combofix a ulož ho na plochu, spusť ho.Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
Jinak je log umístěný na - C:\ComboFix.txt

(Je možné že se PC restartuje pokud combofix nalezne nějaký infikovaný soubory u kterých je potřeba restart aby je smazal.)

Musíš mít účet administrátora aby ti fungoval combofix.

[Goodmen]

ComboFix 07-08-25.2 - "Goodmen" 2007-08-26 11:32:29.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.207 [GMT 2:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\svchost.exe


((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))


2007-08-26 11:22 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-25 17:22 <DIR> d-------- C:\Program Files\uTorrent
2007-08-23 19:12 <DIR> d-------- C:\Program Files\directx
2007-08-20 18:30 <DIR> d-------- C:\sphere
2007-08-20 18:21 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-08-20 18:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Adobe Systems
2007-08-18 22:41 831,600 --a------ C:\WINDOWS\system32\Ctaa1.dat
2007-08-18 22:41 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2007-08-18 22:41 333,600 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys
2007-08-18 22:41 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-08-18 22:41 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-08-18 22:41 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-08-18 22:41 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-08-18 22:41 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-08-18 22:41 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-08-18 22:41 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll
2007-08-18 22:41 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-18 22:41 <DIR> d-------- C:\Program Files\InterActual
2007-08-18 22:41 <DIR> d-------- C:\Program Files\Creative
2007-08-18 22:41 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2007-08-18 16:49 <DIR> d-------- C:\Temp
2007-08-17 19:30 138,368 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-08-17 19:07 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-08-17 19:01 <DIR> d-------- C:\Program Files\WinClamAVShield
2007-08-17 17:27 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-08-17 17:27 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-08-17 17:00 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-08-16 23:58 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-08-16 23:57 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-08-16 23:57 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-08-16 23:55 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-08-16 23:55 9,291 --a------ C:\WINDOWS\system\VER.DLL
2007-08-16 23:55 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-08-16 23:55 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-08-16 23:55 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-08-16 23:55 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-08-16 23:55 75,264 --a------ C:\WINDOWS\system32\storprop.dll
2007-08-16 23:55 70,272 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-08-16 23:55 69,632 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-08-16 23:55 69,008 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-08-16 23:55 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-08-16 23:55 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-08-16 23:55 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-08-16 23:55 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-08-16 23:55 6,656 --a------ C:\WINDOWS\system32\kbdpl.dll
2007-08-16 23:55 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-08-16 23:55 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-08-16 23:55 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-08-16 23:55 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-08-16 23:55 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-08-16 23:55 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-08-16 23:55 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-08-16 23:55 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-08-16 23:55 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-08-16 23:55 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-08-16 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-08-16 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-08-16 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-08-16 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-08-16 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-08-16 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-08-16 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-08-16 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-08-16 23:55 5,632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-08-16 23:55 5,632 --a------ C:\WINDOWS\system32\kbdpl1.dll
2007-08-16 23:55 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-08-16 23:55 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-08-16 23:55 33,040 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-08-16 23:55 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-08-16 23:55 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-08-16 23:55 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-08-16 23:55 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-08-16 23:55 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-08-16 23:55 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-08-16 23:55 127,024 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-08-16 23:55 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-08-16 23:55 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-08-16 23:55 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-08-16 23:55 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Data aplikacˇ
2007-08-16 23:55 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Data aplikacˇ
2007-08-16 23:55 <DIR> dr------- C:\Program Files
2007-08-16 23:55 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Nabˇdka Start
2007-08-16 23:55 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Nabˇdka Start
2007-08-16 23:55 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty
2007-08-16 23:55 <DIR> d--hs---- C:\WINDOWS\Installer
2007-08-16 23:55 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\ćablony
2007-08-16 23:55 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Okolnˇ tisk rny
2007-08-16 23:55 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Okolnˇ sˇś
2007-08-16 23:55 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\ćablony
2007-08-16 23:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-08-16 23:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-08-16 23:55 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-08-16 23:55 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-08-16 23:55 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Plocha
2007-08-16 23:55 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Oblˇben‚ polo§ky
2007-08-16 23:55 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Dokumenty
2007-08-16 23:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Plocha
2007-08-16 23:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Oblˇben‚ polo§ky
2007-08-16 23:54 <DIR> d-------- C:\Documents and Settings
2007-08-16 23:53 <DIR> d--hs---- C:\System Volume Information


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-26 11:13 --------- d-------- C:\DOCUME~1\Goodmen\DATAAP~1\uTorrent
2007-08-20 20:59 --------- d-------- C:\DOCUME~1\Goodmen\DATAAP~1\Opera
2007-08-20 19:49 --------- d-------- C:\DOCUME~1\Goodmen\DATAAP~1\XnView
2007-08-19 09:40 --------- d-------- C:\DOCUME~1\Goodmen\DATAAP~1\teamspeak2
2007-08-18 22:43 --------- d-------- C:\DOCUME~1\Goodmen\DATAAP~1\InterVideo
2007-08-17 17:34 --------- d-------- C:\DOCUME~1\Goodmen\DATAAP~1\Avant Profiles
2007-08-17 17:06 --------- d-------- C:\DOCUME~1\Goodmen\DATAAP~1\ICQLite
2007-08-16 22:54 --------- d-------- C:\DOCUME~1\Goodmen\DATAAP~1\Ahead
2007-08-16 22:49 --------- d-------- C:\DOCUME~1\Goodmen\DATAAP~1\TuneUp Software
2007-08-16 22:40 --------- d-------- C:\DOCUME~1\Goodmen\DATAAP~1\Lavasoft
2007-08-16 22:15 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-08-16 22:15 2426 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 11:20]
"nwiz"="nwiz.exe" [2005-06-15 11:20 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 11:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"nod32kui"="C:\Programy\Nod32\nod32kui.exe" [2007-08-17 17:26]
"SMail"="C:\Programy\Postak\Postak.exe" [2006-05-18 14:36]
"SpywareTerminator"="C:\Programy\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-17 19:30]
"WinampAgent"="C:\Programy\Winamp\Winampa.exe" [2004-12-20 20:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Programy\ICQLite\ICQLite.exe -trayboot

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ICQ Lite"="C:\Programy\ICQLite\ICQLite.exe" -minimize
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"SoundMan"=SOUNDMAN.EXE

R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-08-24 15:17:58 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Programy\TuneUp Utilities 2007\SystemOptimizer.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 11:33:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:/apache/mysql/bin/mysqld-nt.exe"

Completion time: 2007-08-26 11:33:43
C:\ComboFix-quarantined-files.txt ... 2007-08-26 11:33

--- E O F ---

[Goodmen]

jo a stim firewalem si mam jaky stahnout aby se my nehadal z rezidentnim stitem Noda a Spywer terminator.... Comodo firewal?? nebo keiero? snim nemam moc dobre skusenosti pri instalovani se my pokazde lagne pc a tak jej musim deaktivovat vecne....

Jinac pri testu comoda fix nechtel restart tudis asik nic nenasel.

[bellatrix]

log z combofixu vyzera ok (zmazal 1smejda)
z firewallov odporucam Comodo

[Goodmen]

log z combofixu vyzera ok (zmazal 1smejda)
z firewallov odporucam Comodo

Jo taky si rikam pac keyero mne us posledni 2 dny zacina srat jakisk my nezobrazuje zbytek web stranek nekterych takze vsecko ok??? nebo jeste nejaky upravy??

[bellatrix]

u keria vzdy vypinam "filtrovanie obsahu www stranok" inak si robi co chce

ak s pc nie su problemy, tak je vsetko ok

[Goodmen]

Hojte hele muzete skouknout tento hijack log ??? je to kamose a nejak jeho pc trva nez zacbne pracovat dik.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:12, on 10.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Marek\Plocha\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stahuj.cz
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8286 bytes

[likc]

Tak ono toho tam bezi docela dooost, tak se nediv, ze to chvili trva, nez to nabehne. Jinak tam krome chybejiciho FW nic nevidim, co by bylo nejak drasticky. Jaky procesy pri spousteni nejvice zatezuji PC?

[kuchar]

hele lidi ja mam problem muj pc me nejak zlobi poitreboval byhc poradit co s tim stahl jsem si hijack a tohle mi vijelo

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Programy\Nod32\nod32krn.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programy\Nod32\nod32kui.exe
C:\WINNT\system32\internat.exe
D:\miranda-im\miranda32.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Honza1\Plocha\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programy\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: Blokovat všechny obrázky ze stejného serveru - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Hledat - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Otevřít v nové instanci programu - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Otevřít všechny odkazy na této stránce... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Přidat do seznamu blokovaných reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Zvýraznit - C:\Program Files\Avant Browser\Highlight.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1038335276
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programy\Nod32\nod32krn.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: WINDOWS - Unknown owner - C:\WINNT\HWINDOWS
O23 - Service: Windows Defender User Interface - Unknown owner - C:\WINNT\MsMpEng.exe (file missing)

[likc]

A jak Te napadlo, ze Ti nekdo poradi v cizim tematu? A trosku lidstejsi cestina by taky neskodila. Jinak z HJT Ti urcite vYjelo jeste trochu radku nahore.
Kazdopadne krom O23 - Service: WINDOWS - Unknown owner - C:\WINNT\HWINDOWS nic drastickeho.