PC-HELP.CZ

Ahoj lidičky...
Prosím vás o pomoc. Asi sem čapl vira, nebo fakt nevim.
Problikává mi lišta a okna... se systémem se dá pracovat, ale je to děsný...
chvilku to jede, chvilku ne... Bude něco s explorer.exe asi teda.
zkoušel jsem inovaci windows, ale tam mi vyhodí hlášku že některé součásti nejsou pod Win XP.. To je ovladač grafiky. Ale tim to neni, začalo to až teď, kdežto ovl. grafiky jsem instaloval před tejdnem.
Prosím vás o rychlou pomoc díky.

log z Hijackthis by nebyl? :wink:

Jasný šéfe.. chvilku to trvalo než jsem to spustil skrz správce úloh...

Logfile of HijackThis v1.99.1
Scan saved at 19:46:57, on 20.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Comodo\Firewall\CPF .exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
c:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Pepas\Dokumenty\Nepoužívané !!SLOŽKY!!\Helping data\Ccleaner,Spybot,Ad Adware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnnn.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{6286579B-4CF2-4AB1-918C-BDD2FCF654BB}: NameServer = 10.10.10.10,10.10.11.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - HP - (no file)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Jak tak na to koukam zjišťuju že mi ten explorer vůbec neběží, ale čemu se taky divit...
Když ho zapnu manuálně začne to blikat.. tim "to" myslim lištu a okna..

log je v pořádku.

Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).

Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.

Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj

OK jdu na to.. Ale nevim k čemu to pomůže... Když jsem restartoval pc, oběvila se mi tabulka ERROR:Explorer.exe není platnou formou bitové kopie...
Snad to k něčemu pomůže.
Jdu na ten log..

SDFix: Version 1.119

Run by Pepas on źt 20.12.2007 at 20:11

Microsoft Windows XP [Verze 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\ctfmon.exe.tmp - Deleted
C:\DOCUME~1\Pepas\LOCALS~1\Temp\removalfile.bat - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 20:18:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Systém nemůže nalézt uvedený soubor.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ca,d4,7e,5f,c5,79,04,9f,26,a9,59,5b,ec,2d,1d,df,1e,03,89,36,3a,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ec,b1,9d,93,dd,d9,2a,9e,cc,ca,bc,7c,b0,f3,d8,6a,22,..
"khjeh"=hex:85,33,09,fd,bc,11,3e,75,6b,57,df,02,bc,14,ec,ba,d7,c8,d0,16,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:66,eb,19,9b,2b,45,22,83,7b,ed,3f,38,ce,66,33,d2,70,09,5d,2a,8a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:6d,9d,b4,73,9e,92,fe,40,27,01,72,44,d2,05,b4,0f,a6,1f,e8,44,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ca,d4,7e,5f,c5,79,04,9f,26,a9,59,5b,ec,2d,1d,df,1e,03,89,36,3a,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ec,b1,9d,93,dd,d9,2a,9e,cc,ca,bc,7c,b0,f3,d8,6a,22,..
"khjeh"=hex:85,33,09,fd,bc,11,3e,75,6b,57,df,02,bc,14,ec,ba,d7,c8,d0,16,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4b,87,3f,54,81,1d,b5,26,e9,eb,8c,24,b3,1a,87,4d,e4,c2,1f,8b,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:6d,9d,b4,73,9e,92,fe,40,27,01,72,44,d2,05,b4,0f,a6,1f,e8,44,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ca,d4,7e,5f,c5,79,04,9f,26,a9,59,5b,ec,2d,1d,df,1e,03,89,36,3a,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ec,b1,9d,93,dd,d9,2a,9e,cc,ca,bc,7c,b0,f3,d8,6a,22,..
"khjeh"=hex:85,33,09,fd,bc,11,3e,75,6b,57,df,02,bc,14,ec,ba,d7,c8,d0,16,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4b,87,3f,54,81,1d,b5,26,e9,eb,8c,24,b3,1a,87,4d,e4,c2,1f,8b,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:6d,9d,b4,73,9e,92,fe,40,27,01,72,44,d2,05,b4,0f,a6,1f,e8,44,32,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="4E34C64F039B2CBFE219A606CE923BA04F7AA099123F674C8BA6927C4E2025F53CFD04B9883938804627ED9369343DC3F9A015F8EA51542C441C75C218354E1B78A8BF44DAF4F0A6A5B55CACD87FC99BFD558D37E450115B4C64142BFBF2998079EC6FAF535856DAA8692265F7FEE93554CC12DD7C60CD6C0D626D57383B7FDD3CF82BD11324C69A7CDE10E96A6F86EF7BACCC8DF55D1D457769A57BD0A5DCBCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CC038D530D6EB3452A2D97226D213B55577958C37B8619AE2B5470A6DDD1F3ABF08CC7663AC78D2A47A982EF34866514119AF1F521B1A47E46449F40B5603E1235B3AD2D17FA2E4D28AB09EA5112F454F3AC15940A48AC416A0C48DD137852AAB2980459A6FF57F57CB2996C48717E7A9722BC095B1C37C5671C4506E1AF4C8D98AF9E19FF79D41F68649640727C6DF7A5B3EF9FEDC8A405561CA5EA0DED4D4061A71635558F92BCF0749FAB5B21BB7441243D13A8B59C19BFE48F93CA95A4C5B77A92445159E22D01E586D312FA4DDDBB674351D61DD97805CA70B2A61700FD6C557A70C7752EE3E2017F869E428A569F100390DCA783F3311C49EE6AFB6E0CCAEA2125C0B12C0AE669C7866601CC3E8EA899385F4BE973538ED638206FD69635B292A7A9F0B288FCCF370C174AF532DCF291F17D0FB635CEEE8AE2116CD3795FDFCDFBFC9A21A1FB4980429B5C2535953E9DA63172C4A52D86D77FAD6DFB9B148A04298E1F0F0F1827E00E0FC6825E6AAC8E823BE02D7141C26D85D83A3C4DA7210878802BEE8709E0BD03DE7EA10218EBA922088617BF364B494A61CBB9209383607238D8DA45476198829D7C6BD2C3EA5403AF5E408985EAC8D4CE37E3D05D9F4BE12A61228AF7975DB23F0AA3D7979E40266CDD9B57B3F16CB576075C5ED9921501336305EE41D62A63C1C7C01D308C78AA8984220693CEC7B615E611138BF037EF66707142C5917661D87D45F573291B09EA4D2458410A06B9EECB1E828195933A3ABE37A112C3B3CFD25801273C5F8707705F40944799511CF5E8F765BF2547C9036CB277494EEEFADA7FE386F1428667510C7B4EF3BA403CE49544DBE241809CC7F7513089844680F8A855362F43FD6705F1BF1269B197D080A0EDE15813F2F79C34C9CD5C040351889FBCA3A3ED1A9D351F44FD865B3E17A400186F46756684B03EF0438985D0852A60068B651E4681F078F424EE726B1BCCDA2FD4B36DCD08C8234EEDE328838DD27E05BEC0DF4C1E368D7209FF41B16F4DA9C68D3D14A2898482067CDA026BCEA93A4B44559F1894B1EEE26BA63AEDB60514E48A3A08655E122EF5BDD7E0A36C03802EC7D9E3CB61197AB73E10FEDF14F61CA06A0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000061

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Games\\CoD4\\iw3mp.exe"="C:\\Games\\CoD4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Games\\Crysis-game\\Bin32\\Crysis.exe"="C:\\Games\\Crysis-game\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Games\\Crysis-game\\Bin32\\CrysisDedicatedServer.exe"="C:\\Games\\Crysis-game\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 18 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 18 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Fri 5 Jan 2007 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Fri 2 Nov 2007 168 ..SHR --- "C:\WINDOWS\system32\1E56179BA8.sys"
Tue 18 Dec 2007 5,018 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 3 Jan 2006 10,752 A..H. --- "C:\Documents and Settings\Pepas\Plocha\UPM\LDE.dll"
Mon 28 Aug 2006 3,584 A..H. --- "C:\Documents and Settings\Pepas\Plocha\UPM\md5.dll"
Tue 3 Oct 2006 43,520 A..H. --- "C:\Documents and Settings\Pepas\Plocha\UPM\ndisasm_dll.dll"
Sun 4 Nov 2007 8,704 A..H. --- "C:\Documents and Settings\Pepas\Plocha\UPM\upm.dll"

Finished!

Tak co šéfe.. pomohlo to ?

to se ptáme my :shock:

ano,je omyl domnívat se,že když pošleš log,je to jako bych seděl u tvýho kompu.
ty programy co píšu nemaj jenom diagnostickej účel,ale i likvidujou známí infekce.

toto
C:\WINDOWS\system32\1E56179BA8.sys
nech zkontrolovat tady http://www.virustotal.com/flash/index_en.html

takže-co ten komp?

Už to nemusíme řešit šéfe...
Provedl jsem celkovou rekontrukci systému v podobě formátu...
Muj HDD už to stejně potřeboval a já to měl během tohoto měsíce v plánu.
Nyní je vše ok a HDD mam jak novorozeně. Navíc jsem si před týdnem sehnal nejnovější software v podobě Office 2007, Nero 7 Ultra Edition a Totala... Chtěl sem si to tam naházet až po formátu, tak to mam teď..
Jinak ale díky za ochotu šéfe..
Zdravim a čest práci.

to řešení odpovídá tvému avataru.dva půlpalcový Desert eagle :lol:

tak fajn.hezký vánoce Obrázek

PC-HELP.CZ

Kritickej problém... Explorer.exe vyvádí jak na trhu

Kritickej problém... Explorer.exe vyvádí jak na trhu