Takže ty dva soubory byla havěť? Díky
A nic z těch 3 souborů tam nebylo. Asi je to opravdu pryč
Tady je Lop Find LOG
--------------------------------
LopFind v4 © Čas: 18:58:16,70 Datum: ne 20.07.2008
******************************************
1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 2468-AA4B.
Věpis adres ýe C:\Documents and Settings\Administrator\DATAAP~1
17.07.2008 11:11 <DIR> AVG7
08.04.2007 17:50 <DIR> Lavasoft
04.12.2006 22:00 62 desktop.ini
04.12.2006 22:00 <DIR> ..
04.12.2006 22:00 <DIR> Microsoft
04.12.2006 22:00 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 5, Volněch bajt…: 3643330560
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 2468-AA4B.
Věpis adres ýe C:\Documents and Settings\All Users\DATAAP~1
19.07.2008 15:52 <DIR> POP3Profiles
19.07.2008 14:55 <DIR> TEMP
18.07.2008 07:25 <DIR> Spyware Terminator
16.07.2008 13:59 <DIR> NOS
13.02.2008 12:05 <DIR> nView_Profiles
19.01.2008 20:23 <DIR> Grisoft
19.01.2008 16:38 <DIR> NVIDIA
03.01.2008 17:55 <DIR> ESET
29.10.2007 19:40 <DIR> Trymedia
04.10.2007 12:57 <DIR> LangSoft
03.10.2007 07:12 <DIR> MailFrontier
24.06.2007 20:07 <DIR> Lavasoft
24.06.2007 19:49 <DIR> savesetupholdfrag
26.04.2007 07:50 1379 QTSBandwidthCache
14.03.2007 09:50 <DIR> Adobe
22.02.2007 18:59 <DIR> Avg7
26.01.2007 19:16 <DIR> Symantec
24.01.2007 21:06 <DIR> Spybot - Search & Destroy
21.01.2007 21:13 <DIR> Ahead
09.12.2006 01:24 <DIR> CyberLink
08.12.2006 15:25 <DIR> Google
07.12.2006 19:09 <DIR> MSN6
03.12.2006 16:11 <DIR> Apple Computer
03.12.2006 15:43 62 desktop.ini
03.12.2006 15:42 <DIR> Microsoft
03.12.2006 15:42 <DIR> ..
03.12.2006 15:42 <DIR> .
03.12.2006 15:37 <DIR> Windows Genuine Advantage
2 soubor…, 1441 bajt…
Adres ý…: 26, Volněch bajt…: 3643326464
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 2468-AA4B.
Věpis adres ýe C:\Documents and Settings\Jarda - Drak\DATAAP~1
20.07.2008 10:15 <DIR> Comodo
18.07.2008 07:25 <DIR> Spyware Terminator
15.07.2008 17:01 <DIR> Acclaim Entertainment
13.07.2008 16:03 <DIR> TMNT
10.07.2008 20:26 <DIR> TMNT Demo
03.07.2008 11:33 <DIR> THQ
25.06.2008 23:43 <DIR> cYo
18.05.2008 08:41 <DIR> DivX
18.05.2008 08:30 <DIR> GRETECH
08.05.2008 18:22 <DIR> dvdcss
05.05.2008 13:07 <DIR> Any Video Converter
19.01.2008 20:23 <DIR> AVG7
07.01.2008 23:57 <DIR> GlarySoft
01.01.2008 16:24 <DIR> Gearbox Software
04.10.2007 12:57 <DIR> LangSoft
21.07.2007 15:03 <DIR> Black Sea Studios
12.07.2007 20:50 <DIR> COWON
24.06.2007 19:48 <DIR> boobsafecash
30.05.2007 18:52 <DIR> FastStone
24.05.2007 19:14 21328 GDIPFONTCACHEV1.DAT
24.05.2007 19:07 <DIR> Zoner
25.04.2007 17:11 <DIR> MusicIP
02.04.2007 23:31 <DIR> Mozilla
02.04.2007 23:31 <DIR> SecondLife
02.04.2007 22:21 <DIR> Oxin's Style!
01.04.2007 08:13 <DIR> Command & Conquer 3 Tiberium Wars Demo
31.03.2007 17:10 <DIR> vlc
15.02.2007 21:05 <DIR> PSpad
10.02.2007 22:04 <DIR> AdobeUM
04.02.2007 20:53 <DIR> SecuROM
03.02.2007 11:55 <DIR> InterVideo
28.01.2007 18:06 <DIR> Systweak
25.01.2007 14:33 <DIR> SuperAdBlocker.com
21.01.2007 21:15 <DIR> Ahead
28.12.2006 23:17 <DIR> Adobe
12.12.2006 15:15 <DIR> Lavasoft
09.12.2006 01:24 <DIR> CyberLink
09.12.2006 01:17 <DIR> Media Player Classic
08.12.2006 15:25 <DIR> Google
07.12.2006 19:09 <DIR> MSN6
04.12.2006 22:14 <DIR> Apple Computer
04.12.2006 21:04 <DIR> Help
03.12.2006 16:13 <DIR> Real
03.12.2006 15:23 <DIR> Macromedia
03.12.2006 14:56 <DIR> Identities
03.12.2006 14:56 62 desktop.ini
03.12.2006 14:56 <DIR> Microsoft
03.12.2006 14:56 <DIR> .
03.12.2006 14:56 <DIR> ..
2 soubor…, 21390 bajt…
Adres ý…: 47, Volněch bajt…: 3643322368
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 2468-AA4B.
Věpis adres ýe C:\Documents and Settings\Default User\DATAAP~1
03.12.2006 15:43 62 desktop.ini
03.12.2006 15:42 <DIR> ..
03.12.2006 15:42 <DIR> Microsoft
03.12.2006 15:42 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 3, Volněch bajt…: 3643318272
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 2468-AA4B.
Věpis adres ýe C:\Documents and Settings\LocalService\DATAAP~1
19.01.2008 20:23 <DIR> AVG7
03.12.2006 14:54 <DIR> ..
03.12.2006 14:54 <DIR> Microsoft
03.12.2006 14:54 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 4, Volněch bajt…: 3643318272
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 2468-AA4B.
Věpis adres ýe C:\Documents and Settings\NetworkService\DATAAP~1
03.12.2006 14:54 <DIR> ..
03.12.2006 14:54 <DIR> Microsoft
03.12.2006 14:54 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 3643318272
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 2468-AA4B.
Věpis adres ýe C:\Documents and Settings\Jarda - Drak\Application Data
13.02.2007 00:43 <DIR> ..
13.02.2007 00:43 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 2, Volněch bajt…: 3643318272
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 2468-AA4B.
Věpis adres ýe C:\Documents and Settings\LocalService\Application Data
13.02.2007 01:42 <DIR> Spyware Terminator
13.02.2007 01:42 <DIR> ..
13.02.2007 01:42 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 3643318272
******************************************
2) Zjišťování přítomnosti ve složce Program Files:
a) Výpis obsahu Program Files složky pro zjištění duplicitních kopií podezřelých adresářů:
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 2468-AA4B.
Věpis adres ýe C:\Program Files
20.07.2008 11:15 <DIR> .
20.07.2008 11:15 <DIR> ..
04.10.2007 13:15 <DIR> ABC Dictionary
08.01.2008 13:27 <DIR> Absolute Uninstaller
16.09.2007 18:45 <DIR> Activision
15.07.2008 12:17 <DIR> AGEIA Technologies
21.01.2007 21:13 <DIR> Ahead
20.01.2007 19:17 <DIR> Alcohol Soft
03.12.2006 15:01 <DIR> Analog Devices
25.01.2007 14:02 <DIR> Apple Software Update
10.12.2006 18:41 <DIR> ASUS
18.05.2008 08:32 <DIR> AVSMedia
08.06.2007 22:01 <DIR> BitLord
04.10.2007 13:12 <DIR> Britanik
08.05.2008 18:24 <DIR> BSplayer Pro
07.07.2007 17:22 <DIR> CCleaner
08.01.2007 20:09 <DIR> Codec pack
12.03.2008 20:21 <DIR> Codec Pack - All In 1
25.06.2008 23:42 <DIR> ComicRack
16.07.2008 18:41 <DIR> Common Files
20.07.2008 11:39 <DIR> COMODO
03.12.2006 14:48 <DIR> ComPlus Applications
03.02.2007 11:53 <DIR> Creative
27.04.2007 19:13 <DIR> CyberLink
08.01.2007 20:09 <DIR> DAEMON Tools
17.12.2006 20:27 <DIR> directx
18.05.2008 08:49 <DIR> DivX
03.12.2006 15:07 <DIR> E-Color
16.07.2008 17:36 <DIR> EGirl_v15
04.10.2007 18:51 <DIR> Eurotran XP
20.10.2007 18:20 <DIR> fdrlab
08.02.2008 21:46 <DIR> FlashGet
08.03.2007 21:16 <DIR> Free Audio Pack
17.02.2008 07:09 <DIR> Google
08.01.2007 20:09 <DIR> Grafika - ovladaźe
18.05.2008 08:29 <DIR> GRETECH
19.01.2008 20:23 <DIR> Grisoft
28.12.2006 23:20 <DIR> Hewlett-Packard
19.07.2008 15:40 <DIR> InstallShield Installation Information
03.02.2007 11:54 <DIR> InterActual
22.04.2008 19:10 <DIR> Internet Explorer
01.04.2007 07:24 <DIR> InterVideo
03.06.2007 14:30 <DIR> iPod
03.06.2007 14:30 <DIR> iTunes
17.06.2008 17:48 <DIR> JetAudio
08.01.2007 20:09 <DIR> K-Lite Codec Pack
02.08.2007 19:11 <DIR> Lavasoft
12.03.2008 08:57 <DIR> MediaCoder
08.01.2007 20:09 <DIR> Messenger
04.01.2008 12:15 <DIR> Microsoft CAPICOM 2.1.0.2
03.12.2006 14:51 <DIR> microsoft frontpage
04.12.2006 21:50 <DIR> Microsoft Office
04.10.2007 19:13 <DIR> Microton 2006
08.01.2007 20:09 <DIR> Movie Maker
03.12.2006 14:48 <DIR> MSN Gaming Zone
22.05.2007 14:16 <DIR> MSXML 4.0
18.05.2008 08:48 <DIR> Mv2Player
08.01.2007 20:09 <DIR> NetMeeting
03.12.2006 14:50 <DIR> Online Services
17.10.2007 20:09 <DIR> OpenAL
13.06.2007 16:18 <DIR> Outlook Express
30.01.2008 22:15 <DIR> Pcsx2
03.10.2007 14:10 <DIR> PENDULO Studios
21.06.2007 19:25 <DIR> PowerISO
08.01.2007 20:09 <DIR> QuickTime
08.01.2007 20:09 <DIR> RADVideo
16.06.2008 20:13 <DIR> Real
18.07.2008 12:38 <DIR> RegCleaner
08.01.2007 20:09 <DIR> SiSLan
08.01.2008 13:27 <DIR> Smarty Uninstaller Pro
13.03.2008 12:16 <DIR> SMPlayer
22.04.2008 18:13 <DIR> Spybot - Search & Destroy
18.07.2008 12:03 <DIR> Spyware Terminator
19.07.2008 14:59 <DIR> SpywareBlaster
19.01.2008 16:30 <DIR> Sunbelt Software
31.01.2007 14:51 <DIR> SuperAdBlocker.com
05.03.2008 11:31 <DIR> Terminal Reality
07.05.2008 11:38 <DIR> The KMPlayer
19.07.2008 14:23 <DIR> Trend Micro
06.09.2007 18:41 <DIR> TrojanHunter 4.2
23.04.2008 17:04 <DIR> Trymedia
03.12.2006 14:56 <DIR> Uninstall Information
04.10.2007 13:54 <DIR> ViaVoiceTTS
14.04.2008 12:40 <DIR> VideoLAN
11.06.2007 21:55 <DIR> Windows Media Connect 2
17.01.2008 20:02 <DIR> Windows Media Player
08.01.2007 20:09 <DIR> Windows NT
03.12.2006 15:30 <DIR> WindowsUpdate
03.03.2007 02:10 <DIR> WinRAR
08.12.2006 15:23 <DIR> WinZip
30.05.2007 18:51 <DIR> XericDesign
03.12.2006 14:51 <DIR> xerox
08.01.2007 20:09 <DIR> XP Codec Pack
03.06.2007 12:40 <DIR> Xtreme Desktop
07.12.2006 19:40 <DIR> Zone Labs
05.01.2008 11:34 <DIR> ZoneAlarmSB
24.05.2007 19:06 <DIR> Zoner
0 soubor…, 0 bajt…
Adres ý…: 97, Volněch bajt…: 3˙643˙314˙176
b) Vyhledávání podvodných sponzorovaných programů ve složce Program Files:
Nebyly nalezeny žádné podvodné programy.
******************************************
3) Vyhledávání a odstranění podezřelých .job souborů:
a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 2468-AA4B.
Věpis adres ýe C:\WINDOWS\Tasks
03.12.2006 14:51 6 SA.DAT
03.12.2006 14:49 65 desktop.ini
03.12.2006 14:49 <DIR> ..
03.12.2006 14:49 <DIR> .
2 soubor…, 71 bajt…
Adres ý…: 2, Volněch bajt…: 3˙643˙310˙080
––––––––––––––––––––––––––––––––––––––––––
b) Zjišťování vlastností přítomných .job souborů:
Nebyly nalezeny žádné soubory představující naplánované úlohy.
––––––––––––––––––––––––––––––––––––––––––
c) Nalezené a odstraněné nežádoucí soubory:
Nebyly nalezeny žádné nežádoucí soubory.
––––––––––––––––––––––––––––––––––––––––––
d) Soubory přítomné v adresáři po vymazání:
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 2468-AA4B.
Věpis adres ýe C:\WINDOWS\Tasks
03.12.2006 14:51 6 SA.DAT
03.12.2006 14:49 65 desktop.ini
03.12.2006 14:49 <DIR> ..
03.12.2006 14:49 <DIR> .
2 soubor…, 71 bajt…
Adres ý…: 2, Volněch bajt…: 3˙643˙297˙792
******************************************
4) Zjišťování přítomnosti v registru:
a) Vyhledávání spouštěcích bodů v registru:
Nebyly nalezeny žádné spouštěcí body v registru.
b) Export výjimek IE pop-up blockeru:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
"www.jetix.cz"=hex:
"PopupMgr"="yes"
c) Export povolení Windows firewallu:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
»»»»»»»»»»»»» Konec výpisu «««««««««««««««
Problémy po vymazání trojana(zmizelé ikony např.) Vyřešeno
Re: Problémy po vymazání trojana(zmizelé ikony např.)
A ještě jedna věc. Avg mi ode dneška při testu ukazuje:
OBJECT C:\Windows\system32\drivers\etc\hosts
RESULT Change
nemám páru co to je,objevuje se to v okénku infekce ale jinak už si toho AVG nevšímá
OBJECT C:\Windows\system32\drivers\etc\hosts
RESULT Change
nemám páru co to je,objevuje se to v okénku infekce ale jinak už si toho AVG nevšímá
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Problémy po vymazání trojana(zmizelé ikony např.)
Jo byly.
Smaž tyto dva adresáře/složky označené tučně:
C:\Documents and Settings\Jarda - Drak\Data aplikací\boobsafecash
C:\Documents and Settings\All Users\Data aplikací\savesetupholdfrag
aby jsi se dostal do tohoto umístění budeš si muset zapnout zobrazení skrytých souborů a složek.
To je v pořádku, protože jak SDFix tak CF resetují nastavení tohoto souboru. Pokud používáš u Spybota Imunizaci tak ji zkus znovu provést, ale měla by být aktivní.
Pokud tedy nemáš žádné další problémy tak by to bylo už vše
Smaž tyto dva adresáře/složky označené tučně:
C:\Documents and Settings\Jarda - Drak\Data aplikací\boobsafecash
C:\Documents and Settings\All Users\Data aplikací\savesetupholdfrag
aby jsi se dostal do tohoto umístění budeš si muset zapnout zobrazení skrytých souborů a složek.
To je v pořádku, protože jak SDFix tak CF resetují nastavení tohoto souboru. Pokud používáš u Spybota Imunizaci tak ji zkus znovu provést, ale měla by být aktivní.
Pokud tedy nemáš žádné další problémy tak by to bylo už vše
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Problémy po vymazání trojana(zmizelé ikony např.)
Provedeno. Díky za tvůj čas a musím říct, že takhle kvalitní služby úplně zadarmo se nevidí každý den. Zdar 
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Problémy po vymazání trojana(zmizelé ikony např.)
Nemáš za co
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Problémy po vymazání trojana(zmizelé ikony např.)
Ahoj Helpáci,
no koukám, že se to tu už řešilo, přesně ten samý problém. Já bych poprosil jen o zkontrolování výpisu z HiJackThis,
breberky řádily :))) Winspywareprotect je fakt humus, ale nakonec je to snad neškodný spyware, malware...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:10, on 25.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Miranda IM2\miranda32.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jumbo\Plocha\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MsUpdate] C:\DOCUME~1\Jumbo\LOCALS~1\Temp\\Setup_ver1.1427.0.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 9109 bytes
A zde výpis z SDFix:
SDFix: Version 1.208
Run by Jumbo on p 25.07.2008 at 17:15
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\dssc32.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\smchk.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\s1265.php.bat - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 17:30:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 3
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 3
disk error: C:\Documents and Settings\Jumbo\ntuser.dat, 3
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Hide IP Platinum\\hideippla.exe"="C:\\Program Files\\Hide IP Platinum\\hideippla.exe:*:Enabled:Hide IP Platinum"
"C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\Miranda IM2\\miranda32.exe"="C:\\Program Files\\Miranda IM2\\miranda32.exe:*:Enabled:Miranda IM"
"E:\\Games\\Wolfenstein - Enemy Territory\\ETDED.exe"="E:\\Games\\Wolfenstein - Enemy Territory\\ETDED.exe:*:Enabled:ETDED"
"C:\\temp\\Mir4nda-IM-0.7.1-Pack-v2.0\\miranda32.exe"="C:\\temp\\Mir4nda-IM-0.7.1-Pack-v2.0\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"="C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Disabled:uTorrent"
"C:\\dvbdream\\winlirc\\winlirc.exe"="C:\\dvbdream\\winlirc\\winlirc.exe:*:Enabled:winlirc"
"C:\\WINDOWS\\system32\\windows_update.exe"="C:\\WINDOWS\\system32\\windows_update.exe:*:Disabled:windows_update"
"C:\\Program Files\\VPN Anonymizer\\privoxy\\VPN_Anonymizer_webfilter.exe"="C:\\Program Files\\VPN Anonymizer\\privoxy\\VPN_Anonymizer_webfilter.exe:*:Enabled:VPN_Anonymizer_webfilter"
"E:\\Games\\Guitar Hero III\\GH3.exe"="E:\\Games\\Guitar Hero III\\GH3.exe:*:Disabled:Guitar Hero III"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 14 Apr 2008 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 14 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 23 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4518ec01efd35d902d89281b046eff1\BIT1.tmp"
Wed 23 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT113D.tmp"
Finished!
no koukám, že se to tu už řešilo, přesně ten samý problém. Já bych poprosil jen o zkontrolování výpisu z HiJackThis,
breberky řádily :))) Winspywareprotect je fakt humus, ale nakonec je to snad neškodný spyware, malware...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:10, on 25.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Miranda IM2\miranda32.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jumbo\Plocha\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MsUpdate] C:\DOCUME~1\Jumbo\LOCALS~1\Temp\\Setup_ver1.1427.0.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 9109 bytes
A zde výpis z SDFix:
SDFix: Version 1.208
Run by Jumbo on p 25.07.2008 at 17:15
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\dssc32.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\smchk.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\s1265.php.bat - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 17:30:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 3
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 3
disk error: C:\Documents and Settings\Jumbo\ntuser.dat, 3
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Hide IP Platinum\\hideippla.exe"="C:\\Program Files\\Hide IP Platinum\\hideippla.exe:*:Enabled:Hide IP Platinum"
"C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\Miranda IM2\\miranda32.exe"="C:\\Program Files\\Miranda IM2\\miranda32.exe:*:Enabled:Miranda IM"
"E:\\Games\\Wolfenstein - Enemy Territory\\ETDED.exe"="E:\\Games\\Wolfenstein - Enemy Territory\\ETDED.exe:*:Enabled:ETDED"
"C:\\temp\\Mir4nda-IM-0.7.1-Pack-v2.0\\miranda32.exe"="C:\\temp\\Mir4nda-IM-0.7.1-Pack-v2.0\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"="C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Disabled:uTorrent"
"C:\\dvbdream\\winlirc\\winlirc.exe"="C:\\dvbdream\\winlirc\\winlirc.exe:*:Enabled:winlirc"
"C:\\WINDOWS\\system32\\windows_update.exe"="C:\\WINDOWS\\system32\\windows_update.exe:*:Disabled:windows_update"
"C:\\Program Files\\VPN Anonymizer\\privoxy\\VPN_Anonymizer_webfilter.exe"="C:\\Program Files\\VPN Anonymizer\\privoxy\\VPN_Anonymizer_webfilter.exe:*:Enabled:VPN_Anonymizer_webfilter"
"E:\\Games\\Guitar Hero III\\GH3.exe"="E:\\Games\\Guitar Hero III\\GH3.exe:*:Disabled:Guitar Hero III"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 14 Apr 2008 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 14 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 23 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4518ec01efd35d902d89281b046eff1\BIT1.tmp"
Wed 23 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT113D.tmp"
Finished!
Re: Problémy po vymazání trojana(zmizelé ikony např.)
Vypadá to, že po použití programu SDFix je problém vyřešen!
SuperAntiSpyware nehlásí žádné napadení, krom obvyklých tracking cookies....
Disky jsou vidět, všechny programy, jdou registry, správce úloh i vlastnosti
Ten "Virus Alert!" u hodin se odstraní v
OVLÁDACÍ PANELY
MÍSTNÍ A JAZYKOVÁ NASTAVENÍ
VLASTNÍ NASTAVENÍ
ZÁLOŽKA ČAS
V KOLONCE FORMÁT ČASU VYMAZAT Virus Alert!
Prosím však přeci jen o prohlídku výpisů z HiJackThis a SDFix.
Díky!!!
Výpisy:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:38, on 25.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Jumbo\Plocha\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
--
End of file - 8641 bytes
SDFix:
SDFix: Version 1.208
Run by Jumbo on p 25.07.2008 at 17:15
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\dssc32.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\smchk.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\s1265.php.bat - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 17:30:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 3
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 3
disk error: C:\Documents and Settings\Jumbo\ntuser.dat, 3
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Hide IP Platinum\\hideippla.exe"="C:\\Program Files\\Hide IP Platinum\\hideippla.exe:*:Enabled:Hide IP Platinum"
"C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\Miranda IM2\\miranda32.exe"="C:\\Program Files\\Miranda IM2\\miranda32.exe:*:Enabled:Miranda IM"
"E:\\Games\\Wolfenstein - Enemy Territory\\ETDED.exe"="E:\\Games\\Wolfenstein - Enemy Territory\\ETDED.exe:*:Enabled:ETDED"
"C:\\temp\\Mir4nda-IM-0.7.1-Pack-v2.0\\miranda32.exe"="C:\\temp\\Mir4nda-IM-0.7.1-Pack-v2.0\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"="C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Disabled:uTorrent"
"C:\\dvbdream\\winlirc\\winlirc.exe"="C:\\dvbdream\\winlirc\\winlirc.exe:*:Enabled:winlirc"
"C:\\WINDOWS\\system32\\windows_update.exe"="C:\\WINDOWS\\system32\\windows_update.exe:*:Disabled:windows_update"
"C:\\Program Files\\VPN Anonymizer\\privoxy\\VPN_Anonymizer_webfilter.exe"="C:\\Program Files\\VPN Anonymizer\\privoxy\\VPN_Anonymizer_webfilter.exe:*:Enabled:VPN_Anonymizer_webfilter"
"E:\\Games\\Guitar Hero III\\GH3.exe"="E:\\Games\\Guitar Hero III\\GH3.exe:*:Disabled:Guitar Hero III"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 14 Apr 2008 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 14 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 23 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4518ec01efd35d902d89281b046eff1\BIT1.tmp"
Wed 23 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT113D.tmp"
Finished!
SuperAntiSpyware nehlásí žádné napadení, krom obvyklých tracking cookies....
Disky jsou vidět, všechny programy, jdou registry, správce úloh i vlastnosti
Ten "Virus Alert!" u hodin se odstraní v
OVLÁDACÍ PANELY
MÍSTNÍ A JAZYKOVÁ NASTAVENÍ
VLASTNÍ NASTAVENÍ
ZÁLOŽKA ČAS
V KOLONCE FORMÁT ČASU VYMAZAT Virus Alert!
Prosím však přeci jen o prohlídku výpisů z HiJackThis a SDFix.
Díky!!!
Výpisy:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:38, on 25.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Jumbo\Plocha\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
--
End of file - 8641 bytes
SDFix:
SDFix: Version 1.208
Run by Jumbo on p 25.07.2008 at 17:15
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\dssc32.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\smchk.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\Jumbo\LOCALS~1\Temp\s1265.php.bat - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 17:30:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 3
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 3
disk error: C:\Documents and Settings\Jumbo\ntuser.dat, 3
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Hide IP Platinum\\hideippla.exe"="C:\\Program Files\\Hide IP Platinum\\hideippla.exe:*:Enabled:Hide IP Platinum"
"C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\Miranda IM2\\miranda32.exe"="C:\\Program Files\\Miranda IM2\\miranda32.exe:*:Enabled:Miranda IM"
"E:\\Games\\Wolfenstein - Enemy Territory\\ETDED.exe"="E:\\Games\\Wolfenstein - Enemy Territory\\ETDED.exe:*:Enabled:ETDED"
"C:\\temp\\Mir4nda-IM-0.7.1-Pack-v2.0\\miranda32.exe"="C:\\temp\\Mir4nda-IM-0.7.1-Pack-v2.0\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"="C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Disabled:uTorrent"
"C:\\dvbdream\\winlirc\\winlirc.exe"="C:\\dvbdream\\winlirc\\winlirc.exe:*:Enabled:winlirc"
"C:\\WINDOWS\\system32\\windows_update.exe"="C:\\WINDOWS\\system32\\windows_update.exe:*:Disabled:windows_update"
"C:\\Program Files\\VPN Anonymizer\\privoxy\\VPN_Anonymizer_webfilter.exe"="C:\\Program Files\\VPN Anonymizer\\privoxy\\VPN_Anonymizer_webfilter.exe:*:Enabled:VPN_Anonymizer_webfilter"
"E:\\Games\\Guitar Hero III\\GH3.exe"="E:\\Games\\Guitar Hero III\\GH3.exe:*:Disabled:Guitar Hero III"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 14 Apr 2008 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 14 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 23 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4518ec01efd35d902d89281b046eff1\BIT1.tmp"
Wed 23 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT113D.tmp"
Finished!
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host