diky zarychlou reakci tady je výpis z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:48, on 23.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Actionboy\Plocha\HJT\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] E:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = E:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Download All by Gigaget - E:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - E:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1919851F-147D-4D33-AC92-C6B63C375EBC}: NameServer = 81.30.225.2,81.30.224.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{1919851F-147D-4D33-AC92-C6B63C375EBC}: NameServer = 81.30.225.2,81.30.224.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\Honza\LOCALS~1\Temp\hpdj.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8860 bytes
a tady z SDFix:
SDFix: Version 1.115
Run by Actionboy on p 23.11.2007 at 19:38
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\Actionboy\Oblˇben‚ polo§ky\Error Cleaner.url - Deleted
C:\Documents and Settings\Actionboy\Plocha\Error Cleaner.url - Deleted
C:\Documents and Settings\Actionboy\Oblˇben‚ polo§ky\Privacy Protector.url - Deleted
C:\Documents and Settings\Actionboy\Plocha\Privacy Protector.url - Deleted
C:\Documents and Settings\Actionboy\Oblˇben‚ polo§ky\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Actionboy\Plocha\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\jokwmp.dll - Deleted
C:\WINDOWS\nethop.exe - Deleted
C:\WINDOWS\popnetgdv.dll - Deleted
C:\WINDOWS\rmvgor.dll - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\sapnet.dll - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-23 19:56:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="E:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:93,5a,66,34,af,66,45,78,60,fb,49,c9,84,d7,bc,b1,3e,6a,3c,0a,19,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="E:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b4,78,92,c3,83,b0,f2,3c,aa,7d,e0,d8,64,97,68,e5,d7,26,9c,66,29,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,64,93,ae,e5,c5,89,fe,60,04,ff,dd,f2,58,65,fd,78,2a,..
"khjeh"=hex:3e,22,1e,26,e9,ba,cf,b3,3a,29,d1,6a,c4,9e,23,38,d6,62,aa,c5,0b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cc,6a,91,d9,81,66,87,5f,a5,e7,e2,47,ad,fd,dd,f9,48,6a,ee,37,9b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:cb,32,58,cb,b0,f0,5c,bf,8f,2b,60,e3,eb,42,13,0d,a1,be,f8,2d,94,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:bd,10,e5,0d,37,a6,63,b9,66,d4,11,1e,1c,be,86,07,a5,a4,c0,56,de,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:67,24,5c,53,6c,b1,7d,3f,45,f2,5e,c7,07,98,bd,5a,8b,c0,51,9f,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="E:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:93,5a,66,34,af,66,45,78,60,fb,49,c9,84,d7,bc,b1,3e,6a,3c,0a,19,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="E:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b4,78,92,c3,83,b0,f2,3c,aa,7d,e0,d8,64,97,68,e5,d7,26,9c,66,29,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,64,93,ae,e5,c5,89,fe,60,04,ff,dd,f2,58,65,fd,78,2a,..
"khjeh"=hex:3e,22,1e,26,e9,ba,cf,b3,3a,29,d1,6a,c4,9e,23,38,d6,62,aa,c5,0b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cc,6a,91,d9,81,66,87,5f,a5,e7,e2,47,ad,fd,dd,f9,48,6a,ee,37,9b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:cb,32,58,cb,b0,f0,5c,bf,8f,2b,60,e3,eb,42,13,0d,a1,be,f8,2d,94,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:bd,10,e5,0d,37,a6,63,b9,66,d4,11,1e,1c,be,86,07,a5,a4,c0,56,de,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:67,24,5c,53,6c,b1,7d,3f,45,f2,5e,c7,07,98,bd,5a,8b,c0,51,9f,3f,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\0]
"SecretName"="{C4539A86-FE54-4323-B6E1-B30C77067D5E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\1]
"SecretName"="{73B6E3BF-5FF5-46D6-9CE3-2C964BA9D4D6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\10]
"SecretName"="{37D5CB58-F08B-40B3-A315-832F5787F827}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\11]
"SecretName"="{CCAFD617-0A74-45C6-ABD0-CA045800F714}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\12]
"SecretName"="{812B710F-D9CD-48E1-965C-F232A853F504}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\13]
"SecretName"="{C45B95AC-70D1-453E-A5D1-C7D2DC37B759}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\14]
"SecretName"="{8FF72C86-36B8-4698-A9F2-783C429C4CB2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\15]
"SecretName"="{063981EB-175D-4CE0-85BB-242B3A6221F6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\16]
"SecretName"="{113F4B76-958F-465F-BA3E-97A949380191}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\17]
"SecretName"="{C13057EA-FD5A-44B1-91EB-9F87B85E182D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\18]
"SecretName"="{46CA121D-DEFD-41A7-A19F-D537A143F687}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\19]
"SecretName"="{B3F5952A-ED4F-4811-8FB6-90F51E82D717}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\2]
"SecretName"="{196D6354-CAE0-48E0-B6C1-9D9332780356}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\3]
"SecretName"="{BE7BCFC2-A02D-4AB2-AAFA-AA03DC589AA3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\4]
"SecretName"="{B2351BB2-D3C7-4501-9BE3-B3F412165282}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\5]
"SecretName"="{1B4CE2D6-EA83-4F0B-941B-35C44A330905}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\6]
"SecretName"="{5FE43B39-FBA9-4528-B016-4DC813AE6905}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\7]
"SecretName"="{5EDFD83E-CE72-4E6E-84F1-ED9F90F74AD2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\8]
"SecretName"="{19000072-B49A-4D3F-AEF3-0325B5E6C1A9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\9]
"SecretName"="{7EB0826C-1AB4-4655-9B03-1728EA9FCD07}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\{s-1-5-21-2000478354-1563985344-854245398-1003}\Paths\0]
"SecretName"="{1C5875A5-84DA-4707-A269-532D816D4A44}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\{s-1-5-21-2000478354-1563985344-854245398-1003}\Paths\1]
"SecretName"="{A190464A-DD29-4052-8EC2-2780592057B3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\{s-1-5-21-2000478354-1563985344-854245398-1006}\Paths\0]
"SecretName"="{98BCC61E-58A9-44BE-8F0B-C12F3629D9AF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\{s-1-5-21-2000478354-1563985344-854245398-1006}\Paths\1]
"SecretName"="{37196FEA-62AC-40D8-A79B-687910CB6918}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\{s-1-5-21-2000478354-1563985344-854245398-1006}\Paths\2]
"SecretName"="{CC527B57-7282-48C4-A105-6AEB4EC6E6DF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows]
"CrawlScopeVersion"=dword:000001be
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\uTorrent\\utorrent.exe"="E:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\Hry\\Battlefield 2\\BF2.exe"="D:\\Hry\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"
"D:\\Mix\\ICQ 6\\ICQ.exe"="D:\\Mix\\ICQ 6\\ICQ.exe:*:Enabled:ICQ Library"
"D:\\Hry\\Stronghold2\\Stronghold2.exe"="D:\\Hry\\Stronghold2\\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"D:\\Hry\\Lord of the rings\\game.dat"="D:\\Hry\\Lord of the rings\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"E:\\Program Files\\ICQ6\\ICQ.exe"="E:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"E:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"="E:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe:*:Enabled:Gigaget"
"C:\\Documents and Settings\\Actionboy\\Plocha\\Stahov nˇ\\sdc205\\StrongDC.exe"="C:\\Documents and Settings\\Actionboy\\Plocha\\Stahov nˇ\\sdc205\\StrongDC.exe:*:Enabled:StrongDC++"
"E:\\Program Files\\Strong DC++\\StrongDC.exe"="E:\\Program Files\\Strong DC++\\StrongDC.exe:*:Enabled:StrongDC++"
"E:\\Program Files\\SIM\\sim.exe"="E:\\Program Files\\SIM\\sim.exe:*:Enabled:sim"
"E:\\Program Files\\Gadu-Gadu\\gg.exe"="E:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
"E:\\Program Files\\Trillian\\trillian.exe"="E:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"D:\\Hry\\Warcraft III\\Warcraft III\\Warcraft III.exe"="D:\\Hry\\Warcraft III\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\Hry\\Warcraft III\\War3.exe"="D:\\Hry\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"D:\\Hry\\Warcraft III\\Warcraft III.exe"="D:\\Hry\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"E:\\Program Files\\Hamachi\\hamachi.exe"="E:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"E:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"="E:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe:*:Enabled:GG E-Sports Platform Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 23 Nov 2007 85,946 A..H. --- "C:\Documents and Settings\Actionboy\Local Settings\Temp\BIT17.tmp"
Fri 23 Nov 2007 345,812 A..H. --- "C:\Documents and Settings\Actionboy\Local Settings\Temp\BIT52D.tmp"
Fri 23 Nov 2007 319,135 A..H. --- "C:\Documents and Settings\Actionboy\Local Settings\Temp\BIT531.tmp"
Sat 6 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!