Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:16, on 16.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\explorer.exe
C:\totalcmd\TOTALCMD.EXE
c:\slozka\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_427b.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_427b.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_427b.dll"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ati2kaag - ati2kaag.dll (file missing)
O20 - Winlogon Notify: odtemdt2 - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 7240 bytes
prosim o kontrolu logu
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
vítej na PC-HELPu 
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_427b.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_427b.dll"
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_427b.dll"
O20 - Winlogon Notify: ati2kaag - ati2kaag.dll (file missing)
O20 - Winlogon Notify: odtemdt2 - C:\WINDOWS\
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt+ pošli nový HJT log.
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_427b.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_427b.dll"
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg_427b.dll"
O20 - Winlogon Notify: ati2kaag - ati2kaag.dll (file missing)
O20 - Winlogon Notify: odtemdt2 - C:\WINDOWS\
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt+ pošli nový HJT log.
SDFix: Version 1.142
Run by Administrator on so 16.02.2008 at 16:13
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
msupdate
Path:
c:\windows\system32\mssrv32.exe
msupdate - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service Yco24 - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\drivers\Yco24.sys - Deleted
C:\WINDOWS\SYSTEM32\PFB0E0~1.DLL - Deleted
C:\WINDOWS\SYSTEM32\PFCA7F~1.DLL - Deleted
C:\WINDOWS\SYSTEM32\SFXZMT~1.DLL - Deleted
C:\WINDOWS\SYSTEM32\SFXZMT~2.DLL - Deleted
C:\WINDOWS\SYSTEM32\SFXZMT~3.DLL - Deleted
C:\WINDOWS\SYSTEM32\SFXZMT~4.DLL - Deleted
C:\WINDOWS\SYSTEM32\SFG_4282.DLL - Deleted
C:\WINDOWS\SYSTEM32\ETWGOGST.TMP - Deleted
C:\WINDOWS\system32\2_exception.nls - Deleted
C:\WINDOWS\system32\dllh8jkd1q8.exe - Deleted
C:\WINDOWS\system32\mssrv32.exe - Deleted
C:\WINDOWS\system32\drivers\symavc32.sys - Deleted
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 16:21:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:d04208fa
"s1"=dword:c6276b1d
"s2"=dword:9fae0e33
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS]
"StateIndex"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths]
"}\1a?n?e?t?a?"="C:\Documents and Settings\\x017daneta\Dokumenty"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Hints\}\1a]
"PictureSource"="C:\Documents and Settings\All Users\Data aplikac\xed\Microsoft\User Account Pictures\Default Pictures\\x17e\x00e1ba.bmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="ED32D9BE8C3E66C5A7A799837C4E43786CA39D08DD
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Premium\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,9a,00,00,00,01,00,00,00,01,00,00,00,8e,..
scanning hidden files ...
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0004A.log 131072 bytes
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0004B.log 131072 bytes
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0004C.log 131072 bytes
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0004D.log 131072 bytes
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0004E.log 131072 bytes
C:\WINDOWS\SoftwareDistribution\Download\3bf6999727ddb1d518f5b60a6000e8ba\WindowsXP-KB908531-v2-x86-express-CSY.cab 154449 bytes
C:\WINDOWS\SoftwareDistribution\Download\e5d341b83923c9c441c2b3b14b0320d3
C:\WINDOWS\SoftwareDistribution\Download\e5d341b83923c9c441c2b3b14b0320d3\backup
C:\WINDOWS\SoftwareDistribution\Download\6fd37e91266acb4a00bdb8e201fbd862\download\BIT95.tmp 0 bytes
C:\WINDOWS\SoftwareDistribution\Download\751fa29d4bd499683d965a7822bbce82\WindowsXP-KB901190-x86-express-CSY.cab 151309 bytes
C:\WINDOWS\SoftwareDistribution\Download\7a93be16865afe5068a00f32d0ad1246\BIT49.tmp 155962 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\backup
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\backup\sp2gdr
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\backup\sp2gdr\shell32.dll 8388096 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\backup\sp2qfe
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\backup\sp2qfe\shell32.dll 8388096 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\download
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\download\BIT97.tmp 0 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\spmsg.dll 15072 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\spuninst.exe 215776 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\susdl.req 984 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\branches.inf 705 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\eula.txt 858 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\KB908531.cat 14054 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\spcustom.dll 22752 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\update.exe 720096 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\update.url 5993 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\update.ver 1442 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\updatebr.inf 592 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\update_SP1QFE.inf 10754 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\update_SP2GDR.inf 11997 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\update_SP2QFE.inf 12827 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\updspapi.dll 379616 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\WindowsXP-KB908531-v2-x86-CSY.psm 3272 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\_downloadprogress_.state 4 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\_unpacked_.state 34 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\_usedelta_.state 34 bytes
C:\WINDOWS\SoftwareDistribution\Download\2217e444456149a1d60e352d15e05ac7\backup\sp2gdr\browseui.dll 1016832 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2217e444456149a1d60e352d15e05ac7\backup\sp2gdr\cdfview.dll 151040 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2217e444456149a1d60e352d15e05ac7\backup\sp2gdr\danim.dll 1054720 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2217e444456149a1d60e352d15e05ac7\backup\sp2gdr\dxtmsft.dll 357888 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2217e444456149a1d60e352d15e05ac7\backup\sp2gdr\dxtrans.dll 201728 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2217e444456149a1d60e352d15e05ac7\download\BIT96.tmp 0 bytes
C:\WINDOWS\SoftwareDistribution\Download\34be356f9a111a17675dc288437e09e3
C:\WINDOWS\SoftwareDistribution\Download\34be356f9a111a17675dc288437e09e3\backup
C:\WINDOWS\SoftwareDistribution\Download\3a4b17774256790710b116f48cad024c
C:\WINDOWS\SoftwareDistribution\Download\3a4b17774256790710b116f48cad024c\BITA.tmp 10703680 bytes executable
C:\WINDOWS\system32\CatRoot2\edb0000E.log 131072 bytes
C:\WINDOWS\KB913580.log 6775 bytes
C:\WINDOWS\KB914388.log 6688 bytes
C:\WINDOWS\KB918439.log 7008 bytes
C:\WINDOWS\KB920670.log 7087 bytes
C:\WINDOWS\KB925902.log 7171 bytes
C:\WINDOWS\KB926436.log 6846 bytes
C:\WINDOWS\KB942763.log 7121 bytes
C:\WINDOWS\LastGood
C:\WINDOWS\LastGood\INF
C:\WINDOWS\LastGood\INF\oem414.inf 0 bytes
C:\WINDOWS\LastGood\INF\oem414.PNF 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 61
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\PROGRA~1\\ACETRA~1\\acetrans.exe"="C:\\PROGRA~1\\ACETRA~1\\acetrans.exe:*:Enabled:Ace Translator"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Valve\\hl.exe"="D:\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\\Valve\\hlds.exe"="D:\\Valve\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQLite"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"\\\\DOMA-PXVAAO5XHY\\D\\Battlefield 1942 Singleplayer Demo\\bf1942.exe"="\\\\DOMA-PXVAAO5XHY\\D\\Battlefield 1942 Singleplayer Demo\\bf1942.exe:*:Enabled:bf1942.exe"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\\Ubi Soft\\IL-2 Sturmovik Forgotten Battles\\il2fb.exe"="D:\\Ubi Soft\\IL-2 Sturmovik Forgotten Battles\\il2fb.exe:*:Enabled:il2fb"
"D:\\Valve\\hltv.exe"="D:\\Valve\\hltv.exe:*:Enabled:HLTV Launcher"
"D:\\TTDX\\openttd.exe"="D:\\TTDX\\openttd.exe:*:Enabled:OpenTTD"
"D:\\TTDX\\TTDLOADW.OVL"="D:\\TTDX\\TTDLOADW.OVL:*:Enabled:TTDLOADW"
"D:\\TrackMania Sunrise\\TmSunrise.exe"="D:\\TrackMania Sunrise\\TmSunrise.exe:*:Enabled:TmSunrise"
"D:\\Call of Duty\\CoDMP.exe"="D:\\Call of Duty\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\PrintServer Utilities\\WinUtil\\PSAdmin.exe"="C:\\Program Files\\PrintServer Utilities\\WinUtil\\PSAdmin.exe:*:Enabled:PSAdmin"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\Teamspeak2_RC22\\server_windows.exe"="C:\\Program Files\\Teamspeak2_RC22\\server_windows.exe:*:Enabled:Server"
"C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\\Call of Duty 2\\CoD2MP_s.exe"="D:\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\PROGRA~1\\ACETRA~1\\acetrans.exe"="C:\\PROGRA~1\\ACETRA~1\\acetrans.exe:*:Enabled:Ace Translator"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 5 Sep 2006 427,632 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe"
Tue 11 May 2004 61,440 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.3\uinstrsc.dll"
Wed 17 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 23 Sep 2006 154,583 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\00727be00eb44eabbe301c318b80ba61\BIT6B.tmp"
Mon 5 Feb 2007 152,447 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0951061dbce750922010bdaa7abf1e49\BIT6C.tmp"
Sat 16 Feb 2008 618,248 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2669788b2ed683212782ea820636565b\BIT1E.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3800864e9fb944138896d6db694a2d9e\BIT35.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\57ea94fc50b3d37052dbdb534910078e\BIT10.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e75856c6efd762fe9068b5aa0da3bd6\BIT2B.tmp"
Sat 16 Feb 2008 5,815,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8d7f6ac7d58137ef6417a0a1506e44ba\BIT34.tmp"
Sat 16 Feb 2008 804,256 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\96596298c814e2d472eb776751230590\BIT1F.tmp"
Tue 14 Dec 2004 338,152 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bcc3f24dcc5ab7bb112aea41ce8f2c8b\BIT6A.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ed476d6c3767ce82048580a8ee41dcf5\BIT6D.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\00f85aac948bcf6d640626746edf60f9\download\BIT7E.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\053a8d720f751c64c56fbe8b6600daef\download\BITC.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\06eb70ce8801d72536d039501f1a5c28\download\BIT58.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1101414bb9e83b62084019569c64e3bb\download\BIT92.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\12daac87fc2e01040beda57ad4e7f12e\download\BIT77.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1ca7117a1ee827f8125e8bf2e4c00c74\download\BIT19.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1d8dd98abe0ed0d26bc073a83ddc074b\download\BIT72.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1fe4ff564d1dcc280a9bd961cd8df41e\download\BIT8E.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24957a983e1ed82751d0e04e4d999dc7\download\BIT6F.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\302f6a018cefce90cb551248d22f4640\download\BITB.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\33779474ef8ab75b67f51c7e2e3a80e5\download\BIT82.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\40ff1c2576d72a940c4903dd67d9e7f4\download\BIT7B.tmp"
Wed 4 Jan 2006 87,214 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\42ee6ff0bd464ce23260323989e41d58\download\BIT4C.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4bbbea5f313586b3fa592e6783e358aa\download\BIT10.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f117ea82f047151f372fc40eae8b663\download\BIT74.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\513c4590bd1894ef6eabf763bf3a7503\download\BITA.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\54438091347d420ae27601eb9fcb4587\download\BIT76.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5bbacd6a681e35c2c497f811feba7b76\download\BIT70.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5fa9563e06660b7fc55d5ba2f73241e8\download\BIT8F.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\612fb09751075bc84631a5f45a14242b\download\BIT79.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\642eca1c8980052e3055d14b91066db5\download\BIT13.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6626c0d5f59e49f6819f7657812702a9\download\BIT6.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\66eed887da5482a1fd9a76342d71dc23\download\BIT78.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6cd2e40d19879f80e7bf6868618f255f\download\BIT15.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6dec695d1aa36b96b236119204e9daea\download\BIT18.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\701bbc439e2ff47a457d9740440ec948\download\BIT87.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\733424ccee980bc90e7b33193acd7716\download\BIT85.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7a93be16865afe5068a00f32d0ad1246\download\BIT7.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7ea0907c12389f8327ba547c9e394348\download\BIT88.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7fce958b0ca0fd79d0e07ec7f1d00afc\download\BIT8C.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\83fea40c19f48d8678633ac5af441e54\download\BITD.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\852fa9cd37d04bc89e414a3fb2ef2f4b\download\BIT8A.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\88896ca0498e954bfa21602cc9c1d566\download\BIT11.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b8bbb6975447c7fcec803dbcdc61261\download\BIT81.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8ccd4871973779ac0c0663ae253006ec\download\BIT75.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\92082761f51194cdf64ab9e514c4b224\download\BIT91.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9726830d0123224b1d29103f202f536f\download\BIT8.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9abe4e4fdc20ef26387cd9e096392331\download\BIT9.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9b61aa71b9af024a32d0706989159aad\download\BIT8D.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e0a3a14ec0d4e4d61a1ad2b435c7de0\download\BIT14.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a710c4f8df8ca45d258f91026a568cb0\download\BIT16.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a96455fa4f0c660d44502301c2c7fc41\download\BIT12.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ba698011e4f92f4f5a7de348c0eb7e8f\download\BIT71.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bd74a87132b6d6c5a5ed54768503fab5\download\BIT7C.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c0aa41dc2e72ef175c6c43497f103e8a\download\BIT84.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c573e4938c9634483bd47dd8ee7de9eb\download\BIT83.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8bd19c2b1130e8b1f570feab47fce71\download\BIT17.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cd7deef539d262f0bf532264748317f0\download\BITE.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d24df90f5807ede61f49cf61a3694ae5\download\BIT73.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d4d720d85b0fcfb9e1e299b282c6ec92\download\BIT7D.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d64b910d11378e281d7e4e85f9b954d2\download\BIT8B.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d6825026fe6101b32c53383c9edd89c1\download\BIT62.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d7a11776576065db16f0bb72c1ad6b25\download\BIT89.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e5a6ce1f8ea60105c71471c731c05538\download\BIT67.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e70cae62aa04e88be1d0e3f4341552ae\download\BIT5.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e963a52e5dabd874db0bce0ac8a55edf\download\BIT7A.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ea42314f860f5702c15b0ee4cecc20d9\download\BIT90.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f130e00444d27b807b3e818375c146d6\download\BITF.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f458bd461aec609d2fbb34f48bbbe4d2\download\BIT7F.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fbe7276e626ef1181696976ff82fb1bd\download\BIT80.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fc35e4c5030a99b1369e76da84ab3a01\download\BIT4F.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd3e63cd9a4971514053f9d47955026a\download\BIT86.tmp"
Finished!
Run by Administrator on so 16.02.2008 at 16:13
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
msupdate
Path:
c:\windows\system32\mssrv32.exe
msupdate - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service Yco24 - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\drivers\Yco24.sys - Deleted
C:\WINDOWS\SYSTEM32\PFB0E0~1.DLL - Deleted
C:\WINDOWS\SYSTEM32\PFCA7F~1.DLL - Deleted
C:\WINDOWS\SYSTEM32\SFXZMT~1.DLL - Deleted
C:\WINDOWS\SYSTEM32\SFXZMT~2.DLL - Deleted
C:\WINDOWS\SYSTEM32\SFXZMT~3.DLL - Deleted
C:\WINDOWS\SYSTEM32\SFXZMT~4.DLL - Deleted
C:\WINDOWS\SYSTEM32\SFG_4282.DLL - Deleted
C:\WINDOWS\SYSTEM32\ETWGOGST.TMP - Deleted
C:\WINDOWS\system32\2_exception.nls - Deleted
C:\WINDOWS\system32\dllh8jkd1q8.exe - Deleted
C:\WINDOWS\system32\mssrv32.exe - Deleted
C:\WINDOWS\system32\drivers\symavc32.sys - Deleted
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 16:21:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:d04208fa
"s1"=dword:c6276b1d
"s2"=dword:9fae0e33
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS]
"StateIndex"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths]
"}\1a?n?e?t?a?"="C:\Documents and Settings\\x017daneta\Dokumenty"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Hints\}\1a]
"PictureSource"="C:\Documents and Settings\All Users\Data aplikac\xed\Microsoft\User Account Pictures\Default Pictures\\x17e\x00e1ba.bmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="ED32D9BE8C3E66C5A7A799837C4E43786CA39D08DD
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Premium\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,9a,00,00,00,01,00,00,00,01,00,00,00,8e,..
scanning hidden files ...
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0004A.log 131072 bytes
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0004B.log 131072 bytes
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0004C.log 131072 bytes
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0004D.log 131072 bytes
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0004E.log 131072 bytes
C:\WINDOWS\SoftwareDistribution\Download\3bf6999727ddb1d518f5b60a6000e8ba\WindowsXP-KB908531-v2-x86-express-CSY.cab 154449 bytes
C:\WINDOWS\SoftwareDistribution\Download\e5d341b83923c9c441c2b3b14b0320d3
C:\WINDOWS\SoftwareDistribution\Download\e5d341b83923c9c441c2b3b14b0320d3\backup
C:\WINDOWS\SoftwareDistribution\Download\6fd37e91266acb4a00bdb8e201fbd862\download\BIT95.tmp 0 bytes
C:\WINDOWS\SoftwareDistribution\Download\751fa29d4bd499683d965a7822bbce82\WindowsXP-KB901190-x86-express-CSY.cab 151309 bytes
C:\WINDOWS\SoftwareDistribution\Download\7a93be16865afe5068a00f32d0ad1246\BIT49.tmp 155962 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\backup
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\backup\sp2gdr
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\backup\sp2gdr\shell32.dll 8388096 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\backup\sp2qfe
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\backup\sp2qfe\shell32.dll 8388096 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\download
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\download\BIT97.tmp 0 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\spmsg.dll 15072 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\spuninst.exe 215776 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\susdl.req 984 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\branches.inf 705 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\eula.txt 858 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\KB908531.cat 14054 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\spcustom.dll 22752 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\update.exe 720096 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\update.url 5993 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\update.ver 1442 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\updatebr.inf 592 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\update_SP1QFE.inf 10754 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\update_SP2GDR.inf 11997 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\update_SP2QFE.inf 12827 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\update\updspapi.dll 379616 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\WindowsXP-KB908531-v2-x86-CSY.psm 3272 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\_downloadprogress_.state 4 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\_unpacked_.state 34 bytes
C:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\_usedelta_.state 34 bytes
C:\WINDOWS\SoftwareDistribution\Download\2217e444456149a1d60e352d15e05ac7\backup\sp2gdr\browseui.dll 1016832 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2217e444456149a1d60e352d15e05ac7\backup\sp2gdr\cdfview.dll 151040 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2217e444456149a1d60e352d15e05ac7\backup\sp2gdr\danim.dll 1054720 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2217e444456149a1d60e352d15e05ac7\backup\sp2gdr\dxtmsft.dll 357888 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2217e444456149a1d60e352d15e05ac7\backup\sp2gdr\dxtrans.dll 201728 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2217e444456149a1d60e352d15e05ac7\download\BIT96.tmp 0 bytes
C:\WINDOWS\SoftwareDistribution\Download\34be356f9a111a17675dc288437e09e3
C:\WINDOWS\SoftwareDistribution\Download\34be356f9a111a17675dc288437e09e3\backup
C:\WINDOWS\SoftwareDistribution\Download\3a4b17774256790710b116f48cad024c
C:\WINDOWS\SoftwareDistribution\Download\3a4b17774256790710b116f48cad024c\BITA.tmp 10703680 bytes executable
C:\WINDOWS\system32\CatRoot2\edb0000E.log 131072 bytes
C:\WINDOWS\KB913580.log 6775 bytes
C:\WINDOWS\KB914388.log 6688 bytes
C:\WINDOWS\KB918439.log 7008 bytes
C:\WINDOWS\KB920670.log 7087 bytes
C:\WINDOWS\KB925902.log 7171 bytes
C:\WINDOWS\KB926436.log 6846 bytes
C:\WINDOWS\KB942763.log 7121 bytes
C:\WINDOWS\LastGood
C:\WINDOWS\LastGood\INF
C:\WINDOWS\LastGood\INF\oem414.inf 0 bytes
C:\WINDOWS\LastGood\INF\oem414.PNF 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 61
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\PROGRA~1\\ACETRA~1\\acetrans.exe"="C:\\PROGRA~1\\ACETRA~1\\acetrans.exe:*:Enabled:Ace Translator"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Valve\\hl.exe"="D:\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\\Valve\\hlds.exe"="D:\\Valve\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQLite"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"\\\\DOMA-PXVAAO5XHY\\D\\Battlefield 1942 Singleplayer Demo\\bf1942.exe"="\\\\DOMA-PXVAAO5XHY\\D\\Battlefield 1942 Singleplayer Demo\\bf1942.exe:*:Enabled:bf1942.exe"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\\Ubi Soft\\IL-2 Sturmovik Forgotten Battles\\il2fb.exe"="D:\\Ubi Soft\\IL-2 Sturmovik Forgotten Battles\\il2fb.exe:*:Enabled:il2fb"
"D:\\Valve\\hltv.exe"="D:\\Valve\\hltv.exe:*:Enabled:HLTV Launcher"
"D:\\TTDX\\openttd.exe"="D:\\TTDX\\openttd.exe:*:Enabled:OpenTTD"
"D:\\TTDX\\TTDLOADW.OVL"="D:\\TTDX\\TTDLOADW.OVL:*:Enabled:TTDLOADW"
"D:\\TrackMania Sunrise\\TmSunrise.exe"="D:\\TrackMania Sunrise\\TmSunrise.exe:*:Enabled:TmSunrise"
"D:\\Call of Duty\\CoDMP.exe"="D:\\Call of Duty\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\PrintServer Utilities\\WinUtil\\PSAdmin.exe"="C:\\Program Files\\PrintServer Utilities\\WinUtil\\PSAdmin.exe:*:Enabled:PSAdmin"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\Teamspeak2_RC22\\server_windows.exe"="C:\\Program Files\\Teamspeak2_RC22\\server_windows.exe:*:Enabled:Server"
"C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\\Call of Duty 2\\CoD2MP_s.exe"="D:\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\PROGRA~1\\ACETRA~1\\acetrans.exe"="C:\\PROGRA~1\\ACETRA~1\\acetrans.exe:*:Enabled:Ace Translator"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 5 Sep 2006 427,632 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe"
Tue 11 May 2004 61,440 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.3\uinstrsc.dll"
Wed 17 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 23 Sep 2006 154,583 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\00727be00eb44eabbe301c318b80ba61\BIT6B.tmp"
Mon 5 Feb 2007 152,447 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0951061dbce750922010bdaa7abf1e49\BIT6C.tmp"
Sat 16 Feb 2008 618,248 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2669788b2ed683212782ea820636565b\BIT1E.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3800864e9fb944138896d6db694a2d9e\BIT35.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\57ea94fc50b3d37052dbdb534910078e\BIT10.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e75856c6efd762fe9068b5aa0da3bd6\BIT2B.tmp"
Sat 16 Feb 2008 5,815,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8d7f6ac7d58137ef6417a0a1506e44ba\BIT34.tmp"
Sat 16 Feb 2008 804,256 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\96596298c814e2d472eb776751230590\BIT1F.tmp"
Tue 14 Dec 2004 338,152 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bcc3f24dcc5ab7bb112aea41ce8f2c8b\BIT6A.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ed476d6c3767ce82048580a8ee41dcf5\BIT6D.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\00f85aac948bcf6d640626746edf60f9\download\BIT7E.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\053a8d720f751c64c56fbe8b6600daef\download\BITC.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\06eb70ce8801d72536d039501f1a5c28\download\BIT58.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1101414bb9e83b62084019569c64e3bb\download\BIT92.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\12daac87fc2e01040beda57ad4e7f12e\download\BIT77.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1ca7117a1ee827f8125e8bf2e4c00c74\download\BIT19.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1d8dd98abe0ed0d26bc073a83ddc074b\download\BIT72.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1fe4ff564d1dcc280a9bd961cd8df41e\download\BIT8E.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24957a983e1ed82751d0e04e4d999dc7\download\BIT6F.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\302f6a018cefce90cb551248d22f4640\download\BITB.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\33779474ef8ab75b67f51c7e2e3a80e5\download\BIT82.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\40ff1c2576d72a940c4903dd67d9e7f4\download\BIT7B.tmp"
Wed 4 Jan 2006 87,214 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\42ee6ff0bd464ce23260323989e41d58\download\BIT4C.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4bbbea5f313586b3fa592e6783e358aa\download\BIT10.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f117ea82f047151f372fc40eae8b663\download\BIT74.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\513c4590bd1894ef6eabf763bf3a7503\download\BITA.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\54438091347d420ae27601eb9fcb4587\download\BIT76.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5bbacd6a681e35c2c497f811feba7b76\download\BIT70.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5fa9563e06660b7fc55d5ba2f73241e8\download\BIT8F.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\612fb09751075bc84631a5f45a14242b\download\BIT79.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\642eca1c8980052e3055d14b91066db5\download\BIT13.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6626c0d5f59e49f6819f7657812702a9\download\BIT6.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\66eed887da5482a1fd9a76342d71dc23\download\BIT78.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6cd2e40d19879f80e7bf6868618f255f\download\BIT15.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6dec695d1aa36b96b236119204e9daea\download\BIT18.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\701bbc439e2ff47a457d9740440ec948\download\BIT87.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\733424ccee980bc90e7b33193acd7716\download\BIT85.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7a93be16865afe5068a00f32d0ad1246\download\BIT7.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7ea0907c12389f8327ba547c9e394348\download\BIT88.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7fce958b0ca0fd79d0e07ec7f1d00afc\download\BIT8C.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\83fea40c19f48d8678633ac5af441e54\download\BITD.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\852fa9cd37d04bc89e414a3fb2ef2f4b\download\BIT8A.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\88896ca0498e954bfa21602cc9c1d566\download\BIT11.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b8bbb6975447c7fcec803dbcdc61261\download\BIT81.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8ccd4871973779ac0c0663ae253006ec\download\BIT75.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\92082761f51194cdf64ab9e514c4b224\download\BIT91.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9726830d0123224b1d29103f202f536f\download\BIT8.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9abe4e4fdc20ef26387cd9e096392331\download\BIT9.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9b61aa71b9af024a32d0706989159aad\download\BIT8D.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e0a3a14ec0d4e4d61a1ad2b435c7de0\download\BIT14.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a710c4f8df8ca45d258f91026a568cb0\download\BIT16.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a96455fa4f0c660d44502301c2c7fc41\download\BIT12.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ba698011e4f92f4f5a7de348c0eb7e8f\download\BIT71.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bd74a87132b6d6c5a5ed54768503fab5\download\BIT7C.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c0aa41dc2e72ef175c6c43497f103e8a\download\BIT84.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c573e4938c9634483bd47dd8ee7de9eb\download\BIT83.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8bd19c2b1130e8b1f570feab47fce71\download\BIT17.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cd7deef539d262f0bf532264748317f0\download\BITE.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d24df90f5807ede61f49cf61a3694ae5\download\BIT73.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d4d720d85b0fcfb9e1e299b282c6ec92\download\BIT7D.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d64b910d11378e281d7e4e85f9b954d2\download\BIT8B.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d6825026fe6101b32c53383c9edd89c1\download\BIT62.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d7a11776576065db16f0bb72c1ad6b25\download\BIT89.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e5a6ce1f8ea60105c71471c731c05538\download\BIT67.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e70cae62aa04e88be1d0e3f4341552ae\download\BIT5.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e963a52e5dabd874db0bce0ac8a55edf\download\BIT7A.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ea42314f860f5702c15b0ee4cecc20d9\download\BIT90.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f130e00444d27b807b3e818375c146d6\download\BITF.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f458bd461aec609d2fbb34f48bbbe4d2\download\BIT7F.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fbe7276e626ef1181696976ff82fb1bd\download\BIT80.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fc35e4c5030a99b1369e76da84ab3a01\download\BIT4F.tmp"
Sat 16 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd3e63cd9a4971514053f9d47955026a\download\BIT86.tmp"
Finished!
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:08, on 17.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
C:\slozka\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_427b.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WinMain - {C231CF11-134F-3552-44AC-E685D962C63C} - C:\WINDOWS\system32\adduser32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6855 bytes
Scan saved at 14:54:08, on 17.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
C:\slozka\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_427b.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WinMain - {C231CF11-134F-3552-44AC-E685D962C63C} - C:\WINDOWS\system32\adduser32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6855 bytes
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
fixni
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_427b.dll
O21 - SSODL: WinMain - {C231CF11-134F-3552-44AC-E685D962C63C} - C:\WINDOWS\system32\adduser32.dll
použij Avenger
V hlavním dialogu je potřeba zvolit "Input script manually" a dále stisknout tlačítko s lupou. Otevře se editor, do kterého se již vkládají samotné "skripty".Skript se uvede do chodu stisknutím tlačítka se semaforem. Program se ještě zeptá, zda to myslíme vážně a následně nabídne okamžitý restart celého systému (doporučeno).
Po restartu pošli z avengera log co na tebe vybafne+nový log z hijackthis+info o chování
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_427b.dll
O21 - SSODL: WinMain - {C231CF11-134F-3552-44AC-E685D962C63C} - C:\WINDOWS\system32\adduser32.dll
použij Avenger
V hlavním dialogu je potřeba zvolit "Input script manually" a dále stisknout tlačítko s lupou. Otevře se editor, do kterého se již vkládají samotné "skripty".Skript se uvede do chodu stisknutím tlačítka se semaforem. Program se ještě zeptá, zda to myslíme vážně a následně nabídne okamžitý restart celého systému (doporučeno).
Files to delete:
C:\WINDOWS\system32\sfg_427b.dll
C:\WINDOWS\system32\adduser32.dll
Po restartu pošli z avengera log co na tebe vybafne+nový log z hijackthis+info o chování
no z avangera na me vybaf prazdny poznamkovy blok a ten druhy
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56:08, on 18.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\totalcmd\TOTALCMD.EXE
C:\slozka\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6550 bytes
system je stabilnejsi a najizdi rychleji a ten otravny spam zmizel diky
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56:08, on 18.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\totalcmd\TOTALCMD.EXE
C:\slozka\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6550 bytes
system je stabilnejsi a najizdi rychleji a ten otravny spam zmizel diky
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
fajn.nainstaluj firewall.a není zač 
vyčisti systém CCleanerem a RegCleanerem
T-Cleaner smaže vše po Combu,SDFixu,Avengeru atd.
vyber si tady,doporučuju ZoneAlarm nebo Comodo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18
vyčisti systém CCleanerem a RegCleanerem
T-Cleaner smaže vše po Combu,SDFixu,Avengeru atd.
vyber si tady,doporučuju ZoneAlarm nebo Comodo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 84 hostů