PC-HELP.CZ

tak uz som spravil toto
tu je skopirovana z 2x HijackThis :
Logfile of HijackThisX v1.99.1
Scan saved at 13:49:47, on 10. 4. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Documents and Settings\All Users\Data aplikací\Site For Grim Math\Meta gram.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\ADMINI~1\DATAAP~1\DOESIT~1\DRAWID~1.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\Plocha\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb103\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb103\Dealio.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [Grim math bone dale] C:\Documents and Settings\All Users\Data aplikací\Site For Grim Math\Meta gram.exe
O4 - HKLM\..\RunOnce: [RPCInstall] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\REGISTRYFIX.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [beepheart] C:\DOCUME~1\ADMINI~1\DATAAP~1\DOESIT~1\DRAW IDOL.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb103\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pokladna.station.zoznam.sk/god/ocx/ExentCtl.ocx
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{932E7E91-A64B-4B38-9AC0-1CCEDA0E6D82}: NameServer = 195.146.132.58 195.146.128.60
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

a tu je kopirovanie z LopFind :
1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 84E5-17E1.

Věpis adres ýe C:\Documents and Settings\Administrator\DATAAP~1

15. 01. 2007 13:03 <DIR> NetPumper
14. 01. 2007 23:36 <DIR> BitGrabber
14. 01. 2007 23:36 <DIR> Does Itch Logo
06. 01. 2007 20:41 <DIR> Apple Computer
31. 12. 2006 18:00 <DIR> COWON
27. 12. 2006 18:13 <DIR> Azureus
25. 12. 2006 12:33 <DIR> uTorrent
21. 12. 2006 21:19 <DIR> Samsung
29. 11. 2006 22:12 <DIR> BSplayer
27. 11. 2006 00:00 <DIR> Acclaim Entertainment
18. 11. 2006 21:15 <DIR> Publish Providers
18. 11. 2006 21:12 <DIR> Sony
04. 11. 2006 01:04 <DIR> Talkback
04. 11. 2006 01:03 <DIR> Mozilla
16. 10. 2006 19:04 <DIR> Nokia Multimedia Player
16. 10. 2006 19:02 <DIR> SlySoft
16. 10. 2006 19:01 48 .zreglib
06. 10. 2006 22:59 <DIR> Jomigo
01. 10. 2006 14:03 <DIR> Google
01. 08. 2006 12:05 <DIR> Sun
06. 07. 2006 21:05 <DIR> CyberLink
10. 05. 2006 22:38 <DIR> InterVideo
01. 05. 2006 11:57 <DIR> Skype
25. 04. 2006 14:49 <DIR> Help
29. 01. 2006 01:20 <DIR> LegalSounds
24. 01. 2006 16:07 <DIR> ICQLite
14. 01. 2006 22:59 22096 GDIPFONTCACHEV1.DAT
27. 12. 2005 23:30 <DIR> AdobeUM
27. 12. 2005 23:30 <DIR> Adobe
24. 12. 2005 00:34 <DIR> Macromedia
22. 12. 2005 14:49 <DIR> Lavasoft
19. 12. 2005 15:52 <DIR> Identities
19. 12. 2005 15:52 62 desktop.ini
19. 12. 2005 15:52 <DIR> ..
19. 12. 2005 15:52 <DIR> .
19. 12. 2005 15:52 <DIR> Microsoft
3 soubor…, 22206 bajt…
Adres ý…: 33, Volněch bajt…: 4183560192
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 84E5-17E1.

Věpis adres ýe C:\Documents and Settings\All Users\DATAAP~1

23. 03. 2007 22:51 <DIR> Google
18. 02. 2007 22:30 4083 QTSBandwidthCache
14. 01. 2007 23:36 <DIR> Site For Grim Math
06. 01. 2007 20:40 <DIR> Apple Computer
26. 11. 2006 19:27 <DIR> SecuROM
03. 10. 2006 18:23 <DIR> Sony Ericsson
06. 07. 2006 21:03 <DIR> CyberLink
31. 05. 2006 23:40 <DIR> Spyware Terminator
21. 05. 2006 19:16 <DIR> Yahoo! Companion
01. 05. 2006 11:57 <DIR> Skype
02. 03. 2006 15:16 <DIR> Windows Genuine Advantage
19. 02. 2006 14:12 <DIR> nView_Profiles
28. 01. 2006 11:58 <DIR> OLYMPUS
28. 01. 2006 11:53 <DIR> QuickTime
22. 12. 2005 14:50 <DIR> Adobe
22. 12. 2005 14:49 <DIR> Spybot - Search & Destroy
19. 12. 2005 14:19 62 desktop.ini
19. 12. 2005 14:19 <DIR> Microsoft
19. 12. 2005 14:19 <DIR> .
19. 12. 2005 14:19 <DIR> ..
2 soubor…, 4145 bajt…
Adres ý…: 18, Volněch bajt…: 4183560192
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 84E5-17E1.

Věpis adres ýe C:\Documents and Settings\Default User\DATAAP~1

19. 12. 2005 14:19 62 desktop.ini
19. 12. 2005 14:19 <DIR> ..
19. 12. 2005 14:19 <DIR> Microsoft
19. 12. 2005 14:19 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 3, Volněch bajt…: 4183560192
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 84E5-17E1.

Věpis adres ýe C:\Documents and Settings\LocalService\DATAAP~1

04. 01. 2006 12:35 <DIR> Help
19. 12. 2005 15:47 <DIR> ..
19. 12. 2005 15:47 <DIR> Microsoft
19. 12. 2005 15:47 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 4, Volněch bajt…: 4183556096
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 84E5-17E1.

Věpis adres ýe C:\Documents and Settings\NetworkService\DATAAP~1

19. 12. 2005 13:58 <DIR> ..
19. 12. 2005 13:58 <DIR> Microsoft
19. 12. 2005 13:58 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 4183556096
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 84E5-17E1.

Věpis adres ýe C:\Documents and Settings\All Users\Application Data

07. 11. 2006 20:07 <DIR> Move Networks
01. 10. 2006 20:09 <DIR> Exetender
01. 10. 2006 20:09 <DIR> ..
01. 10. 2006 20:09 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 4, Volněch bajt…: 4183560192

******************************************

2) Vyhledávání a odstranění podezřelých .job souborů:

a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 84E5-17E1.

Věpis adres ýe C:\WINDOWS\Tasks

06. 01. 2007 20:40 284 AppleSoftwareUpdate.job
19. 12. 2005 15:47 6 SA.DAT
19. 12. 2005 13:52 65 desktop.ini
19. 12. 2005 13:52 <DIR> ..
19. 12. 2005 13:52 <DIR> .
3 soubor…, 355 bajt…
Adres ý…: 2, Volněch bajt…: 4˙183˙560˙192

––––––––––––––––––––––––––––––––––––––––––

b) Zjišťování vlastností přítomných .job souborů:

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-Task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 04/04/2007 14:43:00
NextRun: 04/11/2007 14:43:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: ...W...
StartDate: 01/06/2007
EndDate: 00/00/0000
StartTime: 14:43
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

––––––––––––––––––––––––––––––––––––––––––

c) Nalezené a odstraněné nežádoucí soubory:

––––––––––––––––––––––––––––––––––––––––––

d) Soubory přítomné v adresáři po vymazání:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 84E5-17E1.

Věpis adres ýe C:\WINDOWS\Tasks

06. 01. 2007 20:40 284 AppleSoftwareUpdate.job
19. 12. 2005 15:47 6 SA.DAT
19. 12. 2005 13:52 65 desktop.ini
19. 12. 2005 13:52 <DIR> ..
19. 12. 2005 13:52 <DIR> .
3 soubor…, 355 bajt…
Adres ý…: 2, Volněch bajt…: 4˙183˙560˙192

******************************************

3) Vyhledávání podvodných programů ve složce Program files:

Adresář C:\Program Files\Adv Nepřítomen !

Adresář C:\Program Files\Adverts Nepřítomen !

Adresář C:\Program Files\BitDownload Nepřítomen !

Adresář C:\Program Files\BitGrabber Přítomen !

Adresář C:\Program Files\BitRoll Nepřítomen !

Adresář C:\Program Files\C2Media Nepřítomen !

Adresář C:\Program Files\Download Plugin Nepřítomen !

Adresář C:\Program Files\Messenger Plus! 3 Nepřítomen !

Adresář C:\Program Files\NetPumper Nepřítomen !

Adresář C:\Program Files\Proxy download Nepřítomen !

Adresář C:\Program Files\SuperTorrent Nepřítomen !

Adresář C:\Program Files\Torrent101 Nepřítomen !

Adresář C:\Program Files\TorrentQ Nepřítomen !

dakujem za kazdu pomoc lebo ten trojsky kon nejde vobec vymazat a uz ma to stve lebo mi seka pc aj internet tak ak niekto ma skusenost nech pomoze dakujem!

V taskmanageru (ctrl+alt+delete) ukonči:
C:\Documents and Settings\All Users\Data aplikací\Site For Grim Math\Meta gram.exee
C:\DOCUME~1\ADMINI~1\DATAAP~1\DOESIT~1\DRAWID~1.EXE

V HJT fixni:
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)

Poté nech tyto soubory otestovat na Virustotalu:
C:\Documents and Settings\All Users\Data aplikací\Site For Grim Math\Meta gram.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\REGISTRYFIX.EXE
C:\DOCUME~1\ADMINI~1\DATAAP~1\DOESIT~1\DRAW IDOL.exe

Pro lepší nalezení si zapni zobrazovat skryté a systémové soubory.
Po sem zkopíruj všechny výsledky.

Budou to šmejdi.Zajímá mě hlavně detekce toho REGISTRYFIX.EXE. Ty dva další soubory budou určitě patřit Lopu.
Poté odstraníme Lopa kompletně.

Pak sem dej tedy nový log z HJT + ty výsledky.

Doplněno:
Ještě v HJT fixni:
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)

fixni tohle ale jsou to jen drobnosti:
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

Logfile of HijackThis v1.99.1
Scan saved at 20:45:29, on 10. 4. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Plocha\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.sk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb103\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb103\Dealio.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [Grim math bone dale] C:\Documents and Settings\All Users\Data aplikací\Site For Grim Math\Meta gram.exe
O4 - HKLM\..\RunOnce: [RPCInstall] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\REGISTRYFIX.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [beepheart] C:\DOCUME~1\ADMINI~1\DATAAP~1\DOESIT~1\DRAW IDOL.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb103\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pokladna.station.zoznam.sk/god/ocx/ExentCtl.ocx
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{932E7E91-A64B-4B38-9AC0-1CCEDA0E6D82}: NameServer = 195.146.132.58 195.146.128.60
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

tie dlasie veci ktore ste mi dali ze mam otestovat tak som ich vobec v pocitaci nenasiel tak neviem teda . ak viete co som robil zle tak ma prosim upozornite

V taskmanageru (ctrl+alt+delete) ukonči:
C:\Documents and Settings\All Users\Data aplikací\Site For Grim Math\Meta gram.exee
C:\DOCUME~1\ADMINI~1\DATAAP~1\DOESIT~1\DRAWID~1.EXE

tieto subory som tiez nenasiel . teda som postupoval tak ze som dal (ctrl+alt+delete) a hladal ci su tam taketo subory ale neboli tam tak neviem teda . prosim poradte ak robim nieco zle

V TaskMangaru (Spravci uloh) ukonci toto:
Meta gram.exe
DRAWID~1.EXE

pozeral som to teraz ale niesu tam ziadne taketo subory je ich tam kopec inych ale tieto dva nie . som to dvakrat pozeral tak neviem teda :cry:

To nevadí jestli si fixnul ty položky v HJT tak pokračuj v tom co psal sakiri otestuj ty soubory.

Poté nech tyto soubory otestovat na Virustotalu:
C:\Documents and Settings\All Users\Data aplikací\Site For Grim Math\Meta gram.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\REGISTRYFIX.EXE
C:\DOCUME~1\ADMINI~1\DATAAP~1\DOESIT~1\DRAW IDOL.exe

TIETO SUBORY NEMOZEM NAJST VO SVOJOM POCITACI,TAK NEVIEM AKO TO MAM DAT ZE PROCHAZET... DIK ZA RADU

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\REGISTRYFIX.EXE =
C:\Documents and Settings\Local settings\Temp\Registryfix.exe to je celá cesta. Až otevřeš složku Temp, tak na lište nahoře si otevři Nástroje a poté Možnosti složky... a na záložce Zobrazení odškrtni možnost Skrýt chráněné soubory operačního systému.
Otevře se ti dialogové okno, kde potvrdíš Ano a ten soubor by se ti měl ukázat.

Stejně tak by se ti měla ukázat i ten soubor Meta gram.exe

Stejný postup ale místo zobrazení odznačení Skrýt chráněné soubory operačního systému (doporučeno) zaklikni pod tím možnost Zobrazit skryté soubory a složky

C:\DOCUME~1\ADMINI~1\DATAAP~1\DOESIT~1\DRAW IDOL.exe = C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DATAAPLIKACÍ\DOESIT~1\DRAW IDOL.exe.

Doesit~1 bude také zkrácený název

PC-HELP.CZ

Trojsky kon C:\WINDOWS\System32\diagisr.dll (Vyreseno)

Trojsky kon C:\WINDOWS\System32\diagisr.dll (Vyreseno)

pozdrav