Blbne Windows

vcera po skonceni prace na PC som vypol win [start-vypnut-vypnut], vypol sa v pohode
dnes so ho zapol a zrazu: nedaju sa presuvat ikonky, ked otvorim dajaky program tak sa dole v liste neukaze, antivirus sa neda pustit pise mi dajaky error 9 [este smart security]
hlbkova antivirova kontrola bola robena pred 2 dnami = 29.6 vecer a naslo mi 0 virusom a 0 inych skodlivych programov
windows sa spusta normalne ale ked sa prihlasim [mam len 1 ucet a tak sa prihlasujem automatiky bez hesla] tak dlho sa nahrava plocha a ikonky
neciete cym by to mohlo byt?
asi bude treba log z HijackThis, tu je
-------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:49, on 1. 7. 2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
X:\WINDOWS\RTHDCPL.EXE
X:\WINDOWS\SysWOW64\ctfmon.exe
c:\hry\steam\steam.exe
C:\Programy\AnyDVD\AnyDVDtray.exe
X:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
C:\Programy\CloneCD\CloneCDTray.exe
C:\Programy\Winamp\winampa.exe
C:\Programy\PowerDVD8\PDVD8Serv.exe
X:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
C:\Programy\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Programy\Opera\opera.exe
C:\Programy\ESET Smart Security\x86\ekrn.exe
X:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
X:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programy\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programy\CDBurnerXP\NMSAccessU.exe
X:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
X:\WINDOWS\SysWOW64\IoctlSvc.exe
C:\Programy\Alcohol 120%\StarWind\StarWindServiceAE.exe
X:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
X:\Documents and Settings\Nexus\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=userinit
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programy\SnagIt 8\SnagItBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programy\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - X:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - X:\WINDOWS\SysWow64\xmlview.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Programy\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programy\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "X:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programy\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programy\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl8] C:\Programy\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programy\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] "X:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programy\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] X:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "X:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\hry\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "X:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ICQ] "C:\Programy\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programy\Alcohol 120%\axcmd.exe" /automount
O4 - HKCU\..\Run: [AnyDVD] "C:\Programy\AnyDVD\AnyDVD.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] X:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] X:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-686719922-4179254502-346169579-1002\..\Run: [CTFMON.EXE] X:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-686719922-4179254502-346169579-1002\..\Run: [AlcoholAutomount] "C:\Programy\Alcohol 120%\axcmd.exe" /automount (User '?')
O4 - HKUS\S-1-5-21-686719922-4179254502-346169579-1002\..\Run: [AnyDVD] "C:\Programy\AnyDVD\AnyDVD.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] X:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] X:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\Programy\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - X:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - X:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - X:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - X:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2675439281
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programy\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - X:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - X:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programy\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programy\ESET Smart Security\x86\ekrn.exe
O23 - Service: Event Log (Eventlog) - Unknown owner - X:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - X:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - X:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - X:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - X:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Programy\MySQL.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programy\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - X:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - X:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programy\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - X:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - X:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - X:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - X:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - X:\WINDOWS\SysWOW64\IoctlSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - X:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - X:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - Unknown owner - X:\WINDOWS\system32\pr2ah4nc.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - X:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - X:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - X:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - X:\WINDOWS\
O23 - Service: Virtual Disk Service (vds) - Unknown owner - X:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - X:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - C:\Programy\WAMP5\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Programy\WAMP5\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - X:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 10120 bytes
-------------------------------------------------------
p.s.
na internet moc nechodim teda virus je na 99 percent vyluceny
chodim iba na mail [googlemail, zoznam.sk], zive.cz a na stranku servera kde hravam world of warcraft + hram aj world of warcraft ale tam sa vir chytit neda

no...mne sa stalo neviem ci presne to iste ale bolo to dost podobne...vecer som vypol pc rano idem zapnut no zapinal sa asi 5 min a ked sa konecne zapol ikonou som nemohol ani pohnut, Tento pocitac mi otvaralo asi 10 sec a to uz ani nehovorim ked som skusil dat kopirovat asi len 5mb subor a iba priprava na kopiropvanie trvala asi 5min a dalej som nedosiel tak som vzal CD Windows XP a pekne to preinstaloval a vsetko ide ako ma byt......a vir to tiez nebol....proste jednoducho zblbol system ine vysvetlenie si najst neviem......cize navrhujem reinstal

OK log az zajtra lebo musim utekat prec
a reinstall nepripada do uvahy - stratil by som moc cennych dat!
P.S. ak nemate daco dolezite tak sem nepiste! zajtra tot editnem a vlozim log

ved si dolezite data skopiruj na druhu particiju a sformatuj iba tu z winom

Vidite to je v tom zalohovat zalohovat nikdy nemozeme vediet ci nam nezhori zdroj aj s HDD napr Pozri si v spravcovy uloh procesy ci tam neni volaky co ti zere procesor atd.. ram

ohladom toho logu: combofix je nekompatibilny s 64bitovym XP cize neda sa spustit
ohladom formatu: to by slo vsetko dolezite mam na 750GB disku a win mam na 80GB ale napr. registre su ulozene na 80ke a formatom by sa vymazali. mohol by som si ich zalohovat ale mozno je problem v registri a tym by sa potom nic nevyriesilo

P.S. neoplatilo by sa prejst na VISTU ?????
na internet chodim malokedy a hram hlavne World Of Warcraft a Guild Wars - pojdu tieto hry na Viste???

Zdravim

Posli mi na mail log z ESET SysInspectoru.

log je poslany z adresy jjjozy<at>zoznam<dot>sk

Zbehol som to, ale nenasiel som nic, co by malo sposobovat problemy. Skus sem poslat este log z Gmeru (vsetko).

odoslane

Chcel som log zo vsetkeho, nie len par riadkov.

NEXUS:
poslany blchizmus,
ale pc mas zaprasene ...

COZE ???

Procesy, ovladace,...z toho vsetkeho chcem logy.

no OK ale ako mam urobit tie logy?
napr. procesy... pomocou toho programu Gmer som ani po 30 minutach nezistil ako ulozit log do suboru...
a ked pustim Gmer napise mi

a potom sa ukaze okno programu...

Jo, nie je to na 64 bit... Skus opravu Windows - bez straty dat.

ja som opravu este tusim nerobil... len instalaciu s formatom
ako sa robi oprava?

Tak ako instalacia, akurat sa zvoli moznost "R" namiesto novej instalacie.

DAKUJEM VSETKYM CO MI POMOHLI
uvedomil som si ze nemam iadne az tak moc dolezite udaje na disku a tak som urobil format a teraz to slape ako ma


ESTE 1 DIKY