PC-HELP.CZ

ahoj lidi, mam problem: po kazdem zapnuti PC mi avast hodi zpravu o nalezeni viru, vzdy ten soubor pochazi ze slozky windows/temp, smazal jsem uz jeden soubor odtamtud, ktery byl pozitivni v 11 pripadech na virustotal. Ultimate process manager mi sem tam ale hodi zpravu o novem procesu jako jsou napriklad tyto:

28.1.2008 11:56:47: Nový proces: C:\WINDOWS\TEMP\961D2A18.exe
28.1.2008 12:06:49: Nový proces: C:\WINDOWS\TEMP\56B20653.exe
28.1.2008 12:36:56: Nový proces: C:\WINDOWS\TEMP\B640967C.exe
28.1.2008 12:46:57: Nový proces: C:\WINDOWS\TEMP\63C92327.exe
zadne takove soubory ale v PC nemam (dival jsem se i na skryte)

ale potom ve vypisu procesu se zadny takovy neobjevi... projel jsem PC Ad-Awarem, ted ho projizdim Avastem, Superantispywarem a Spybotem, podam zpravu jak to dopadlo.

//připojeno k původnímu tématu, nezakládej zbytečně nová vlákna a pokračuj v jednom
fredik

ahoj lidi, mam podezreni na virus, po kazdem zapnuti PC avast najde trojana. Je to .dll , takze prosim o kontrolu logu

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Install\Privacy Eraser Pro\PrivacyEraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
E:\Install\Process commander\upm.exe
C:\Program Files\Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
E:\Install\Antimalware\test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centrum.cz/?&Theme=dark_vader
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/?&Theme=dark_vader
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Privacy Eraser Pro] E:\Install\Privacy Eraser Pro\PrivacyEraser.exe /Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: Adobe Gamma.lnk = ?
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Install\Icq 5.1\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Install\Icq 5.1\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - E:\Install\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - E:\Install\Games\airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing)

(omlouvam se za ty dve vlakna, ale zdalo se mi to lepsi)
mam tady vysledky: nic neodhalilo zadny virus, krome Spybota... ten nasel toto: Windows/system32/xpdx.sys oznacil to jako trojana (presny nazev nevim), kdyz se to pokusim smazat tak to nejde (je to soucasti procesu), v nouzovem rezimu to take nejde. Prosim o pomoc.

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah. Sleduj pak jak se chová PC a dej vědět jak to vypadá.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Mezi tím můžeš aktualizovat Javu:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 4
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 4 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber Windows
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u4-windows-i586-p.exe, který sis stáhl na začátku.

tady to je:


SDFix: Version 1.131

Run by Lukino on po 28.01.2008 at 15:02

Microsoft Windows XP [Verze 5.1.2600]

Running From: c:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service xpdx - Deleted after Reboot

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\regedit.com - Deleted
C:\WINDOWS\system32\xpdx.sys - Deleted





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\explorer.exe
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 15:05:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:54aa47c8
"s2"=dword:711a79e3
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:70,71,07,ab,aa,e9,31,b7,82,e8,39,54,ef,99,da,5c,3c,7a,c2,d1,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,48,f4,0b,60,d3,b9,d0,8d,80,ba,15,fa,ac,e6,dd,77,0e,..
"hdf12"=hex:07,1d,f6,d5,44,74,9e,fe,c5,12,c5,40,ba,c7,27,ae,37,ae,5c,f7,9a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ec,1a,24,7d,56,e0,66,f7,e9,fa,c9,54,01,cb,d1,6b,bd,4a,06,75,79,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,e4,4c,08,60,c5,11,d6,0d,84,cb,e5,eb,d9,5c,cd,7d,a9,..
"hdf12"=hex:83,8a,8a,ee,59,ee,e8,e5,15,2b,93,86,0a,f8,e0,7a,74,78,56,ac,d7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:63,4f,be,1e,1e,62,de,bb,9d,a6,0a,b0,45,5f,27,1f,97,6a,d3,7b,92,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:b0,07,0a,3b,f0,f3,68,a0,b3,8c,c3,61,6e,5b,62,90,60,1c,40,c3,5b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cb,27,50,05,f3,b0,4c,65,20,b2,11,ca,a2,b5,42,65,bb,88,67,11,9e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:70,71,07,ab,aa,e9,31,b7,82,e8,39,54,ef,99,da,5c,3c,7a,c2,d1,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,48,f4,0b,60,d3,b9,d0,8d,80,ba,15,fa,ac,e6,dd,77,0e,..
"hdf12"=hex:07,1d,f6,d5,44,74,9e,fe,c5,12,c5,40,ba,c7,27,ae,37,ae,5c,f7,9a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ec,1a,24,7d,56,e0,66,f7,e9,fa,c9,54,01,cb,d1,6b,bd,4a,06,75,79,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,e4,4c,08,60,c5,11,d6,0d,84,cb,e5,eb,d9,5c,cd,7d,a9,..
"hdf12"=hex:83,8a,8a,ee,59,ee,e8,e5,15,2b,93,86,0a,f8,e0,7a,74,78,56,ac,d7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:63,4f,be,1e,1e,62,de,bb,9d,a6,0a,b0,45,5f,27,1f,97,6a,d3,7b,92,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:b0,07,0a,3b,f0,f3,68,a0,b3,8c,c3,61,6e,5b,62,90,60,1c,40,c3,5b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cb,27,50,05,f3,b0,4c,65,20,b2,11,ca,a2,b5,42,65,bb,88,67,11,9e,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\r\1e]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,e0,e9,c4,00,00,00,00,ec,7e,bd,63,4d,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OOCC06.00.00.01WSSV"="B40ED03F2130EBB30777678EC1B3ED3E078E64AF79A4AC5B94092414D13E58C581589B754FE3FC3F62B640A109506CC2F1F67B98D19842070339307474F769D4825957AD00F5C4AA8E3B9E219C52D63310E424EC7C49030675E1BCA252205BC1F083473BDB097E69CD60166B0151079F4EB3653B75648B27A2855FF5FD182937E91DB463B153A5244650C253DA779BCDF99749035D283A6AA0FAB3BC325593956FC3EB5FF39E7C36820D40A1778575B8C895DFB776EA3288EEEBDAB8C9609FEE6566BC5DB64A0733F0EA318FC3CD3C0C5186BA412913DAEB6BD8F71C4856148C16C97E01B5C68F5C65FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A9C6AECB7A5D1407C038D530D6EB345261301FC80FB452430466E6F4CBF2A2EFCBA481F4F0D9A1B04FD03685153C15E7BE58CAB668EDD88D9C820174961DBFFDC25B61A0F9C6C9E3C0A4DC3D952F29A1FC64B42A6BF415DCB4F0356D1C2FEC893D23488A54983190A481CD7211D04602131049FC2DAA8554061F5EF04489263C5A3A1C9DDF52708A21959C897D65C0A2CB1A6BAB57325EF7A3FCCA358E519DA38E6139E710B8558AAF924F896173250646C76ED7A7F286B06E7FBB130CF036B3235F6D9D6CD760A99DAFE31FDA46308FF4609C45EE1A9ACD9F9E688AE4930942357CFB9410FC48E78CA7C91919EC55891EAE31DC1298E97F42D7793D522CE18935089BC829B977AAF23AE56CE1BBBB9D5D83DE2D8B22765B37AB0DEF226E4328E7D278D77DE388361A280E300BC83DDE2131CA64E62DF95BB09EB50C3854DF9F6532318561174FB8A0B910A081EEE73FAC100C5AC6F7DDDB3738F921899A22D79C0057394231D1BF7738AC1F474DFE1916FCB185DF81C29E2708D2DF9FC2A4994B1A74FC9D53474065F296ACEEC7F827C755BC05FA0FFC49301B2E9F9B913894886202FE09E49E9002BD75F3A2857F8B827E2017772792E5D588EF58AC90E1DABB3D6E93A91079EA3DECE5BE1C71F2C9D6DE47234496C060EF68EBA91B8D5A6323169DB1BB41AD7158DC787E2DBAE34AAC628EB1E7EE740B2958ECD33F188D07CDD967F28EABC326E86B30C539D49959BDF9456EFA81539B02F632BE0A869C06A179969606C57970D77B85CD3A768EA79A18B2AAABE9352A4F69EBF27B71DB0157EB6880984A411CE4736471BA1AF1C924348EDB3A8123363859C09DABB6D300FBA912B6D0B5BED720BEADB0DB00A53793CA079AFC695F9E38734B9243F5406BEE31B8E5CF4BCC37EFCAB530D12BC04D71DB3BA35C065C2B9EE6194781169314E60378D947907A338E0BC1B7E4620C4C1C69C1D7D57FC0048F6A2C54B740F0AAEA266087FDD086A489F690B2703108D8C87C243CFA41E9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\r\1e]
"Inno Setup: Setup Version"="5.1.9"
"Inno Setup: App Path"="E:\Install\Games\Vampire\Vampire"
"InstallLocation"="E:\Install\Games\Vampire\Vampire\"
"Inno Setup: Icon Group"="(Default)"
"Inno Setup: User"="Lukino"
"Inno Setup: Setup Type"="doporucena"
"Inno Setup: Selected Components"="bez_dia,textury,skript,skiny"
"Inno Setup: Deselected Components"="s_dia"
"DisplayName"="verze 1.00"
"DisplayIcon"="E:\Install\Games\Vampire\Vampire"
"UninstallString"=""E:\Install\Games\Vampire\Vampire\unins000.exe""
"QuietUninstallString"=""E:\Install\Games\Vampire\Vampire\unins000.exe" /SILENT"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"InstallDate"="20070612"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000041
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Nero 7 Premium\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,a4,00,00,00,01,00,00,00,01,00,00,00,98,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Nero 7 Ultra Edition\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,9a,00,00,00,01,00,00,00,01,00,00,00,8e,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\GAMES\\BFME\\game.dat"="E:\\GAMES\\BFME\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"E:\\Install\\ICQ\\ICQLite\\ICQLite.exe"="E:\\Install\\ICQ\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"E:\\Install\\Games\\BFME\\game.dat"="E:\\Install\\Games\\BFME\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"E:\\Install\\Games\\BFME2\\game.dat"="E:\\Install\\Games\\BFME2\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Install\\Games\\Age of empires III\\age3x.exe"="E:\\Install\\Games\\Age of empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"E:\\Install\\BitComet\\BitComet.exe"="E:\\Install\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"E:\\Install\\Games\\Zoo tycoon 2\\zt.exe"="E:\\Install\\Games\\Zoo tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"E:\\Install\\Icq 5.1\\ICQLite\\ICQLite.exe"="E:\\Install\\Icq 5.1\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\PROGRA~1\\ACETRA~1\\acetrans.exe"="C:\\PROGRA~1\\ACETRA~1\\acetrans.exe:*:Enabled:Ace Translator"
"E:\\Install\\Pinnacle\\programs\\RM.exe"="E:\\Install\\Pinnacle\\programs\\RM.exe:*:Enabled:Render Manager"
"E:\\Install\\Pinnacle\\programs\\Studio.exe"="E:\\Install\\Pinnacle\\programs\\Studio.exe:*:Enabled:Studio"
"E:\\Install\\Pinnacle\\programs\\PMSRegisterFile.exe"="E:\\Install\\Pinnacle\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"E:\\Install\\Pinnacle\\programs\\umi.exe"="E:\\Install\\Pinnacle\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe:*:Enabled:Kerio Personal Firewall 4 - Service"
"E:\\Install\\QIP\\qip.exe"="E:\\Install\\QIP\\qip.exe:*:Disabled:Quiet Internet Pager"
"E:\\Install\\Games\\airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="E:\\Install\\Games\\airborne\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"E:\\Install\\Games\\COD4\\iw3mp.exe"="E:\\Install\\Games\\COD4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\PROGRA~1\\ACETRA~1\\acetrans.exe"="C:\\PROGRA~1\\ACETRA~1\\acetrans.exe:*:Enabled:Ace Translator"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 10 Oct 2007 625,152 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Wed 5 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 5 Apr 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Sat 24 Jan 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Thu 30 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"

Finished!


ps. ty procesy uz prestaly, aspon prozatim

Smaž adresář který si vytvořil SDFix:
c:\SDFix

Pokud by se vyskytl opět problém tak dej vědět.

PS: pokud používáš ještě starou verzi HJT (1.99.1) tak si stáhni aktuální verzi zde a tu starou před použitím vymaž a dávej sem pak příště celý log včetně hlavičky.