Ahoj lidičky...
Prosím vás o pomoc. Asi sem čapl vira, nebo fakt nevim.
Problikává mi lišta a okna... se systémem se dá pracovat, ale je to děsný...
chvilku to jede, chvilku ne... Bude něco s explorer.exe asi teda.
zkoušel jsem inovaci windows, ale tam mi vyhodí hlášku že některé součásti nejsou pod Win XP.. To je ovladač grafiky. Ale tim to neni, začalo to až teď, kdežto ovl. grafiky jsem instaloval před tejdnem.
Prosím vás o rychlou pomoc díky.
Kritickej problém... Explorer.exe vyvádí jak na trhu
Kritickej problém... Explorer.exe vyvádí jak na trhu
i7 9700K + SC Ninja 5, ROG STRIX Z390-F GAMING, RTX 4070Ti Gaming OC, M.2 XPG GAMMIX S11 Pro 1TB,
HyperX 16GB DDR4 3600MHz CL17 FURY Black series, RM750xCorsair, SSD Kingston 1T + 120GB
MSI MAG VAMPIRIC + 2x140mm,1x120mm fans Noctua - noRGB!
Creative Sb audigy FX.
AOC Q27G2S/EU Gaming QHD
HyperX 16GB DDR4 3600MHz CL17 FURY Black series, RM750xCorsair, SSD Kingston 1T + 120GB
MSI MAG VAMPIRIC + 2x140mm,1x120mm fans Noctua - noRGB!
Creative Sb audigy FX.
AOC Q27G2S/EU Gaming QHD
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Jasný šéfe.. chvilku to trvalo než jsem to spustil skrz správce úloh...
Logfile of HijackThis v1.99.1
Scan saved at 19:46:57, on 20.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Comodo\Firewall\CPF .exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
c:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Pepas\Dokumenty\Nepoužívané !!SLOŽKY!!\Helping data\Ccleaner,Spybot,Ad Adware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnnn.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{6286579B-4CF2-4AB1-918C-BDD2FCF654BB}: NameServer = 10.10.10.10,10.10.11.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - HP - (no file)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Logfile of HijackThis v1.99.1
Scan saved at 19:46:57, on 20.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Comodo\Firewall\CPF .exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
c:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Pepas\Dokumenty\Nepoužívané !!SLOŽKY!!\Helping data\Ccleaner,Spybot,Ad Adware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnnn.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{6286579B-4CF2-4AB1-918C-BDD2FCF654BB}: NameServer = 10.10.10.10,10.10.11.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - HP - (no file)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
i7 9700K + SC Ninja 5, ROG STRIX Z390-F GAMING, RTX 4070Ti Gaming OC, M.2 XPG GAMMIX S11 Pro 1TB,
HyperX 16GB DDR4 3600MHz CL17 FURY Black series, RM750xCorsair, SSD Kingston 1T + 120GB
MSI MAG VAMPIRIC + 2x140mm,1x120mm fans Noctua - noRGB!
Creative Sb audigy FX.
AOC Q27G2S/EU Gaming QHD
HyperX 16GB DDR4 3600MHz CL17 FURY Black series, RM750xCorsair, SSD Kingston 1T + 120GB
MSI MAG VAMPIRIC + 2x140mm,1x120mm fans Noctua - noRGB!
Creative Sb audigy FX.
AOC Q27G2S/EU Gaming QHD
Jak tak na to koukam zjišťuju že mi ten explorer vůbec neběží, ale čemu se taky divit...
Když ho zapnu manuálně začne to blikat.. tim "to" myslim lištu a okna..
Když ho zapnu manuálně začne to blikat.. tim "to" myslim lištu a okna..
i7 9700K + SC Ninja 5, ROG STRIX Z390-F GAMING, RTX 4070Ti Gaming OC, M.2 XPG GAMMIX S11 Pro 1TB,
HyperX 16GB DDR4 3600MHz CL17 FURY Black series, RM750xCorsair, SSD Kingston 1T + 120GB
MSI MAG VAMPIRIC + 2x140mm,1x120mm fans Noctua - noRGB!
Creative Sb audigy FX.
AOC Q27G2S/EU Gaming QHD
HyperX 16GB DDR4 3600MHz CL17 FURY Black series, RM750xCorsair, SSD Kingston 1T + 120GB
MSI MAG VAMPIRIC + 2x140mm,1x120mm fans Noctua - noRGB!
Creative Sb audigy FX.
AOC Q27G2S/EU Gaming QHD
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
log je v pořádku.
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj
OK jdu na to.. Ale nevim k čemu to pomůže... Když jsem restartoval pc, oběvila se mi tabulka ERROR:Explorer.exe není platnou formou bitové kopie...
Snad to k něčemu pomůže.
Jdu na ten log..
Snad to k něčemu pomůže.
Jdu na ten log..
i7 9700K + SC Ninja 5, ROG STRIX Z390-F GAMING, RTX 4070Ti Gaming OC, M.2 XPG GAMMIX S11 Pro 1TB,
HyperX 16GB DDR4 3600MHz CL17 FURY Black series, RM750xCorsair, SSD Kingston 1T + 120GB
MSI MAG VAMPIRIC + 2x140mm,1x120mm fans Noctua - noRGB!
Creative Sb audigy FX.
AOC Q27G2S/EU Gaming QHD
HyperX 16GB DDR4 3600MHz CL17 FURY Black series, RM750xCorsair, SSD Kingston 1T + 120GB
MSI MAG VAMPIRIC + 2x140mm,1x120mm fans Noctua - noRGB!
Creative Sb audigy FX.
AOC Q27G2S/EU Gaming QHD
SDFix: Version 1.119
Run by Pepas on źt 20.12.2007 at 20:11
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\ctfmon.exe.tmp - Deleted
C:\DOCUME~1\Pepas\LOCALS~1\Temp\removalfile.bat - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 20:18:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Systém nemůže nalézt uvedený soubor.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ca,d4,7e,5f,c5,79,04,9f,26,a9,59,5b,ec,2d,1d,df,1e,03,89,36,3a,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ec,b1,9d,93,dd,d9,2a,9e,cc,ca,bc,7c,b0,f3,d8,6a,22,..
"khjeh"=hex:85,33,09,fd,bc,11,3e,75,6b,57,df,02,bc,14,ec,ba,d7,c8,d0,16,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:66,eb,19,9b,2b,45,22,83,7b,ed,3f,38,ce,66,33,d2,70,09,5d,2a,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:6d,9d,b4,73,9e,92,fe,40,27,01,72,44,d2,05,b4,0f,a6,1f,e8,44,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ca,d4,7e,5f,c5,79,04,9f,26,a9,59,5b,ec,2d,1d,df,1e,03,89,36,3a,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ec,b1,9d,93,dd,d9,2a,9e,cc,ca,bc,7c,b0,f3,d8,6a,22,..
"khjeh"=hex:85,33,09,fd,bc,11,3e,75,6b,57,df,02,bc,14,ec,ba,d7,c8,d0,16,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4b,87,3f,54,81,1d,b5,26,e9,eb,8c,24,b3,1a,87,4d,e4,c2,1f,8b,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:6d,9d,b4,73,9e,92,fe,40,27,01,72,44,d2,05,b4,0f,a6,1f,e8,44,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ca,d4,7e,5f,c5,79,04,9f,26,a9,59,5b,ec,2d,1d,df,1e,03,89,36,3a,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ec,b1,9d,93,dd,d9,2a,9e,cc,ca,bc,7c,b0,f3,d8,6a,22,..
"khjeh"=hex:85,33,09,fd,bc,11,3e,75,6b,57,df,02,bc,14,ec,ba,d7,c8,d0,16,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4b,87,3f,54,81,1d,b5,26,e9,eb,8c,24,b3,1a,87,4d,e4,c2,1f,8b,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:6d,9d,b4,73,9e,92,fe,40,27,01,72,44,d2,05,b4,0f,a6,1f,e8,44,32,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="4E34C64F039B2CBFE219A606CE923BA04F7AA099123F674C8BA6927C4E2025F53CFD04B9883938804627ED9369343DC3F9A015F8EA51542C441C75C218354E1B78A8BF44DAF4F0A6A5B55CACD87FC99BFD558D37E450115B4C64142BFBF2998079EC6FAF535856DAA8692265F7FEE93554CC12DD7C60CD6C0D626D57383B7FDD3CF82BD11324C69A7CDE10E96A6F86EF7BACCC8DF55D1D457769A57BD0A5DCBCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CC038D530D6EB3452A2D97226D213B55577958C37B8619AE2B5470A6DDD1F3ABF08CC7663AC78D2A47A982EF34866514119AF1F521B1A47E46449F40B5603E1235B3AD2D17FA2E4D28AB09EA5112F454F3AC15940A48AC416A0C48DD137852AAB2980459A6FF57F57CB2996C48717E7A9722BC095B1C37C5671C4506E1AF4C8D98AF9E19FF79D41F68649640727C6DF7A5B3EF9FEDC8A405561CA5EA0DED4D4061A71635558F92BCF0749FAB5B21BB7441243D13A8B59C19BFE48F93CA95A4C5B77A92445159E22D01E586D312FA4DDDBB674351D61DD97805CA70B2A61700FD6C557A70C7752EE3E2017F869E428A569F100390DCA783F3311C49EE6AFB6E0CCAEA2125C0B12C0AE669C7866601CC3E8EA899385F4BE973538ED638206FD69635B292A7A9F0B288FCCF370C174AF532DCF291F17D0FB635CEEE8AE2116CD3795FDFCDFBFC9A21A1FB4980429B5C2535953E9DA63172C4A52D86D77FAD6DFB9B148A04298E1F0F0F1827E00E0FC6825E6AAC8E823BE02D7141C26D85D83A3C4DA7210878802BEE8709E0BD03DE7EA10218EBA922088617BF364B494A61CBB9209383607238D8DA45476198829D7C6BD2C3EA5403AF5E408985EAC8D4CE37E3D05D9F4BE12A61228AF7975DB23F0AA3D7979E40266CDD9B57B3F16CB576075C5ED9921501336305EE41D62A63C1C7C01D308C78AA8984220693CEC7B615E611138BF037EF66707142C5917661D87D45F573291B09EA4D2458410A06B9EECB1E828195933A3ABE37A112C3B3CFD25801273C5F8707705F40944799511CF5E8F765BF2547C9036CB277494EEEFADA7FE386F1428667510C7B4EF3BA403CE49544DBE241809CC7F7513089844680F8A855362F43FD6705F1BF1269B197D080A0EDE15813F2F79C34C9CD5C040351889FBCA3A3ED1A9D351F44FD865B3E17A400186F46756684B03EF0438985D0852A60068B651E4681F078F424EE726B1BCCDA2FD4B36DCD08C8234EEDE328838DD27E05BEC0DF4C1E368D7209FF41B16F4DA9C68D3D14A2898482067CDA026BCEA93A4B44559F1894B1EEE26BA63AEDB60514E48A3A08655E122EF5BDD7E0A36C03802EC7D9E3CB61197AB73E10FEDF14F61CA06A0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000061
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Games\\CoD4\\iw3mp.exe"="C:\\Games\\CoD4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Games\\Crysis-game\\Bin32\\Crysis.exe"="C:\\Games\\Crysis-game\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Games\\Crysis-game\\Bin32\\CrysisDedicatedServer.exe"="C:\\Games\\Crysis-game\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 18 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 18 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Fri 5 Jan 2007 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Fri 2 Nov 2007 168 ..SHR --- "C:\WINDOWS\system32\1E56179BA8.sys"
Tue 18 Dec 2007 5,018 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 3 Jan 2006 10,752 A..H. --- "C:\Documents and Settings\Pepas\Plocha\UPM\LDE.dll"
Mon 28 Aug 2006 3,584 A..H. --- "C:\Documents and Settings\Pepas\Plocha\UPM\md5.dll"
Tue 3 Oct 2006 43,520 A..H. --- "C:\Documents and Settings\Pepas\Plocha\UPM\ndisasm_dll.dll"
Sun 4 Nov 2007 8,704 A..H. --- "C:\Documents and Settings\Pepas\Plocha\UPM\upm.dll"
Finished!
Run by Pepas on źt 20.12.2007 at 20:11
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\ctfmon.exe.tmp - Deleted
C:\DOCUME~1\Pepas\LOCALS~1\Temp\removalfile.bat - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 20:18:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Systém nemůže nalézt uvedený soubor.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ca,d4,7e,5f,c5,79,04,9f,26,a9,59,5b,ec,2d,1d,df,1e,03,89,36,3a,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ec,b1,9d,93,dd,d9,2a,9e,cc,ca,bc,7c,b0,f3,d8,6a,22,..
"khjeh"=hex:85,33,09,fd,bc,11,3e,75,6b,57,df,02,bc,14,ec,ba,d7,c8,d0,16,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:66,eb,19,9b,2b,45,22,83,7b,ed,3f,38,ce,66,33,d2,70,09,5d,2a,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:6d,9d,b4,73,9e,92,fe,40,27,01,72,44,d2,05,b4,0f,a6,1f,e8,44,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ca,d4,7e,5f,c5,79,04,9f,26,a9,59,5b,ec,2d,1d,df,1e,03,89,36,3a,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ec,b1,9d,93,dd,d9,2a,9e,cc,ca,bc,7c,b0,f3,d8,6a,22,..
"khjeh"=hex:85,33,09,fd,bc,11,3e,75,6b,57,df,02,bc,14,ec,ba,d7,c8,d0,16,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4b,87,3f,54,81,1d,b5,26,e9,eb,8c,24,b3,1a,87,4d,e4,c2,1f,8b,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:6d,9d,b4,73,9e,92,fe,40,27,01,72,44,d2,05,b4,0f,a6,1f,e8,44,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ca,d4,7e,5f,c5,79,04,9f,26,a9,59,5b,ec,2d,1d,df,1e,03,89,36,3a,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ec,b1,9d,93,dd,d9,2a,9e,cc,ca,bc,7c,b0,f3,d8,6a,22,..
"khjeh"=hex:85,33,09,fd,bc,11,3e,75,6b,57,df,02,bc,14,ec,ba,d7,c8,d0,16,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4b,87,3f,54,81,1d,b5,26,e9,eb,8c,24,b3,1a,87,4d,e4,c2,1f,8b,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:6d,9d,b4,73,9e,92,fe,40,27,01,72,44,d2,05,b4,0f,a6,1f,e8,44,32,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="4E34C64F039B2CBFE219A606CE923BA04F7AA099123F674C8BA6927C4E2025F53CFD04B9883938804627ED9369343DC3F9A015F8EA51542C441C75C218354E1B78A8BF44DAF4F0A6A5B55CACD87FC99BFD558D37E450115B4C64142BFBF2998079EC6FAF535856DAA8692265F7FEE93554CC12DD7C60CD6C0D626D57383B7FDD3CF82BD11324C69A7CDE10E96A6F86EF7BACCC8DF55D1D457769A57BD0A5DCBCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CC038D530D6EB3452A2D97226D213B55577958C37B8619AE2B5470A6DDD1F3ABF08CC7663AC78D2A47A982EF34866514119AF1F521B1A47E46449F40B5603E1235B3AD2D17FA2E4D28AB09EA5112F454F3AC15940A48AC416A0C48DD137852AAB2980459A6FF57F57CB2996C48717E7A9722BC095B1C37C5671C4506E1AF4C8D98AF9E19FF79D41F68649640727C6DF7A5B3EF9FEDC8A405561CA5EA0DED4D4061A71635558F92BCF0749FAB5B21BB7441243D13A8B59C19BFE48F93CA95A4C5B77A92445159E22D01E586D312FA4DDDBB674351D61DD97805CA70B2A61700FD6C557A70C7752EE3E2017F869E428A569F100390DCA783F3311C49EE6AFB6E0CCAEA2125C0B12C0AE669C7866601CC3E8EA899385F4BE973538ED638206FD69635B292A7A9F0B288FCCF370C174AF532DCF291F17D0FB635CEEE8AE2116CD3795FDFCDFBFC9A21A1FB4980429B5C2535953E9DA63172C4A52D86D77FAD6DFB9B148A04298E1F0F0F1827E00E0FC6825E6AAC8E823BE02D7141C26D85D83A3C4DA7210878802BEE8709E0BD03DE7EA10218EBA922088617BF364B494A61CBB9209383607238D8DA45476198829D7C6BD2C3EA5403AF5E408985EAC8D4CE37E3D05D9F4BE12A61228AF7975DB23F0AA3D7979E40266CDD9B57B3F16CB576075C5ED9921501336305EE41D62A63C1C7C01D308C78AA8984220693CEC7B615E611138BF037EF66707142C5917661D87D45F573291B09EA4D2458410A06B9EECB1E828195933A3ABE37A112C3B3CFD25801273C5F8707705F40944799511CF5E8F765BF2547C9036CB277494EEEFADA7FE386F1428667510C7B4EF3BA403CE49544DBE241809CC7F7513089844680F8A855362F43FD6705F1BF1269B197D080A0EDE15813F2F79C34C9CD5C040351889FBCA3A3ED1A9D351F44FD865B3E17A400186F46756684B03EF0438985D0852A60068B651E4681F078F424EE726B1BCCDA2FD4B36DCD08C8234EEDE328838DD27E05BEC0DF4C1E368D7209FF41B16F4DA9C68D3D14A2898482067CDA026BCEA93A4B44559F1894B1EEE26BA63AEDB60514E48A3A08655E122EF5BDD7E0A36C03802EC7D9E3CB61197AB73E10FEDF14F61CA06A0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000061
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Games\\CoD4\\iw3mp.exe"="C:\\Games\\CoD4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Games\\Crysis-game\\Bin32\\Crysis.exe"="C:\\Games\\Crysis-game\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Games\\Crysis-game\\Bin32\\CrysisDedicatedServer.exe"="C:\\Games\\Crysis-game\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 18 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 18 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Fri 5 Jan 2007 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Fri 2 Nov 2007 168 ..SHR --- "C:\WINDOWS\system32\1E56179BA8.sys"
Tue 18 Dec 2007 5,018 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 3 Jan 2006 10,752 A..H. --- "C:\Documents and Settings\Pepas\Plocha\UPM\LDE.dll"
Mon 28 Aug 2006 3,584 A..H. --- "C:\Documents and Settings\Pepas\Plocha\UPM\md5.dll"
Tue 3 Oct 2006 43,520 A..H. --- "C:\Documents and Settings\Pepas\Plocha\UPM\ndisasm_dll.dll"
Sun 4 Nov 2007 8,704 A..H. --- "C:\Documents and Settings\Pepas\Plocha\UPM\upm.dll"
Finished!
i7 9700K + SC Ninja 5, ROG STRIX Z390-F GAMING, RTX 4070Ti Gaming OC, M.2 XPG GAMMIX S11 Pro 1TB,
HyperX 16GB DDR4 3600MHz CL17 FURY Black series, RM750xCorsair, SSD Kingston 1T + 120GB
MSI MAG VAMPIRIC + 2x140mm,1x120mm fans Noctua - noRGB!
Creative Sb audigy FX.
AOC Q27G2S/EU Gaming QHD
HyperX 16GB DDR4 3600MHz CL17 FURY Black series, RM750xCorsair, SSD Kingston 1T + 120GB
MSI MAG VAMPIRIC + 2x140mm,1x120mm fans Noctua - noRGB!
Creative Sb audigy FX.
AOC Q27G2S/EU Gaming QHD
Tak co šéfe.. pomohlo to ?
i7 9700K + SC Ninja 5, ROG STRIX Z390-F GAMING, RTX 4070Ti Gaming OC, M.2 XPG GAMMIX S11 Pro 1TB,
HyperX 16GB DDR4 3600MHz CL17 FURY Black series, RM750xCorsair, SSD Kingston 1T + 120GB
MSI MAG VAMPIRIC + 2x140mm,1x120mm fans Noctua - noRGB!
Creative Sb audigy FX.
AOC Q27G2S/EU Gaming QHD
HyperX 16GB DDR4 3600MHz CL17 FURY Black series, RM750xCorsair, SSD Kingston 1T + 120GB
MSI MAG VAMPIRIC + 2x140mm,1x120mm fans Noctua - noRGB!
Creative Sb audigy FX.
AOC Q27G2S/EU Gaming QHD
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
ano,je omyl domnívat se,že když pošleš log,je to jako bych seděl u tvýho kompu.
ty programy co píšu nemaj jenom diagnostickej účel,ale i likvidujou známí infekce.
toto
C:\WINDOWS\system32\1E56179BA8.sys
nech zkontrolovat tady http://www.virustotal.com/flash/index_en.html
takže-co ten komp?
ty programy co píšu nemaj jenom diagnostickej účel,ale i likvidujou známí infekce.
toto
C:\WINDOWS\system32\1E56179BA8.sys
nech zkontrolovat tady http://www.virustotal.com/flash/index_en.html
takže-co ten komp?
Už to nemusíme řešit šéfe...
Provedl jsem celkovou rekontrukci systému v podobě formátu...
Muj HDD už to stejně potřeboval a já to měl během tohoto měsíce v plánu.
Nyní je vše ok a HDD mam jak novorozeně. Navíc jsem si před týdnem sehnal nejnovější software v podobě Office 2007, Nero 7 Ultra Edition a Totala... Chtěl sem si to tam naházet až po formátu, tak to mam teď..
Jinak ale díky za ochotu šéfe..
Zdravim a čest práci.
Provedl jsem celkovou rekontrukci systému v podobě formátu...
Muj HDD už to stejně potřeboval a já to měl během tohoto měsíce v plánu.
Nyní je vše ok a HDD mam jak novorozeně. Navíc jsem si před týdnem sehnal nejnovější software v podobě Office 2007, Nero 7 Ultra Edition a Totala... Chtěl sem si to tam naházet až po formátu, tak to mam teď..
Jinak ale díky za ochotu šéfe..
Zdravim a čest práci.
i7 9700K + SC Ninja 5, ROG STRIX Z390-F GAMING, RTX 4070Ti Gaming OC, M.2 XPG GAMMIX S11 Pro 1TB,
HyperX 16GB DDR4 3600MHz CL17 FURY Black series, RM750xCorsair, SSD Kingston 1T + 120GB
MSI MAG VAMPIRIC + 2x140mm,1x120mm fans Noctua - noRGB!
Creative Sb audigy FX.
AOC Q27G2S/EU Gaming QHD
HyperX 16GB DDR4 3600MHz CL17 FURY Black series, RM750xCorsair, SSD Kingston 1T + 120GB
MSI MAG VAMPIRIC + 2x140mm,1x120mm fans Noctua - noRGB!
Creative Sb audigy FX.
AOC Q27G2S/EU Gaming QHD
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů