Mam IBM T60p z zainstalowanym WinXP Pro. Tak się dziwnie dzieje, że od czasu do czasu data systemu automatycznie zmienia się na styczeń 1981. Pierwsze co mi przyszło do głowy to wymiana baterii na płycie głównej jednak to napewno nie jest to. Bateria ma napięcie odpowiednie 3,2V. Dodatkowo na równolegle zainstalowanym Debianie nie ma tego problemu.

Żadne parametry w biosie się nie resetują. Podmieniłem również dysk wkładając inny z zainstalowaną Vistą. Też wszystko jest prawidłowo. Sprawa dotyczy tylko XP

Czy ktoś ma jakiś pomysł jak dowiedzieć się jaki program ma wpływ na zegar systemowy.

Log HiJack

Logfile of HijackThis v1.99.1

Scan saved at 14:27:29, on 2007-12-12

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)


Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\ibmpmsvc.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\system32\ZoneLabs\vsmon.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\system32\IPSSVC.EXE

F:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

F:\WINDOWS\system32\acs.exe

F:\Program Files\Intel\Wireless\Bin\EvtEng.exe

F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

F:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

F:\WINDOWS\system32\svchost.exe

F:\Program Files\Lenovo\System Update\SUService.exe

F:\WINDOWS\system32\calc.exe

F:\program files\internet explorer\IEXPLORE.EXE

F:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

F:\WINDOWS\System32\TPHDEXLG.exe

F:\WINDOWS\system32\TpKmpSVC.exe

F:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

F:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

F:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

F:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

F:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

F:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

F:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

F:\Program Files\Common Files\Lenovo\Logger\logmon.exe

F:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

F:\WINDOWS\Explorer.EXE

F:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

F:\WINDOWS\system32\TpShocks.exe

F:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

F:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

F:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

F:\Program Files\Synaptics\SynTP\SynTPLpr.exe

F:\Program Files\Synaptics\SynTP\SynTPEnh.exe

F:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

F:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

F:\WINDOWS\system32\rundll32.exe

F:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

F:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

F:\Program Files\Lenovo\AwayTask\AwaySch.EXE

F:\Program Files\Lenovo\Client Security Solution\cssauth.exe

F:\WINDOWS\System32\DLA\DLACTRLW.EXE

F:\Program Files\Lenovo\Zoom\TpScrex.exe

F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

F:\Program Files\Google\Gmail Notifier\gnotify.exe

F:\Program Files\Softwin\BitDefender10\bdmcon.exe

F:\Program Files\Softwin\BitDefender10\bdagent.exe

F:\PROGRA~1\FlashGet\FlashGet.exe

F:\Program Files\Winamp\winampa.exe

F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

F:\Program Files\Gadu-Gadu\gg.exe

F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

F:\WINDOWS\system32\ctfmon.exe

F:\WINDOWS\system32\rundll32.exe

F:\Program Files\Mozilla Firefox\firefox.exe

F:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe

F:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

F:\Program Files\Softwin\BitDefender10\vsserv.exe

F:\Program Files\Internet Explorer\iexplore.exe

F:\Documents and Settings\Adnix\Ustawienia lokalne\Dane aplikacji\Trend Micro\HCMS\checkup\en-US\checkup.exe

F:\Documents and Settings\Adnix\Ustawienia lokalne\Dane aplikacji\Trend Micro\HCMS\checkup\en-US\checkupsvc.exe

F:\Documents and Settings\Adnix\Pulpit\hijackthis\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - F:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Program Files\FlashGet\getflash.dll

O4 - HKLM\..\Run: [LPManager] F:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [ACTray] F:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

O4 - HKLM\..\Run: [ACWLIcon] F:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

O4 - HKLM\..\Run: [TPHOTKEY] F:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

O4 - HKLM\..\Run: [SynTPLpr] F:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] F:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [StartCCC] F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] F:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [EZEJMNAP] F:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [PWRMGRTR] rundll32 F:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [BLOG] rundll32 F:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [TPKMAPHELPER] F:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TPFNF7] F:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [AwaySch] F:\Program Files\Lenovo\AwayTask\AwaySch.EXE

O4 - HKLM\..\Run: [cssauth] "F:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [DLA] F:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [ISUSPM Startup] F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] F:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [BDMCon] "F:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [BDAgent] "F:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [Flashget] F:\PROGRA~1\FlashGet\FlashGet.exe /min

O4 - HKLM\..\Run: [WinampAgent] "F:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "F:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe

O4 - Startup: CCC.lnk = ?

O8 - Extra context menu item: &Download All with FlashGet - F:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - F:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - F:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - F:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - F:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

O20 - Winlogon Notify: tpfnf2 - F:\Program Files\Lenovo\HOTKEY\notifyf2.dll

O20 - Winlogon Notify: tphotkey - F:\Program Files\Lenovo\HOTKEY\tphklock.dll

O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - F:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Atheros Configuration Service (acs) - Atheros - F:\WINDOWS\system32\acs.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - F:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - F:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - F:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - F:\WINDOWS\system32\IPSSVC.EXE

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: SQL Server (INSERTGT) (MSSQL$INSERTGT) - Unknown owner - F:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sINSERTGT (file missing)

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - F:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - F:\Program Files\Lenovo\System Update\SUService.exe

O23 - Service: Windows WorkGroup (svrhost) - Unknown owner - F:\Program Files\Common Files\Microsoft Shared\MSINFO\svrhost.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - F:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - F:\WINDOWS\System32\TPHDEXLG.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - F:\WINDOWS\system32\TpKmpSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - F:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - F:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - F:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - F:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - F:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - F:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Pobierz program SDFix

SDFix: Version 1.118


Run by Adnix on 2007-12-16 at 12:56


Microsoft Windows XP [Wersja 5.1.2600]


Running From: F:\SDFix


Safe Mode:

Checking Services: 



Restoring Windows Registry Values

Restoring Windows Default Hosts File


Rebooting...



Normal Mode:

Checking Files: 


Trojan Files Found:


F:\autorun.inf - Deleted





Removing Temp Files...


ADS Check:


F:\WINDOWS

No streams found. 


F:\WINDOWS\system32

No streams found. 


F:\WINDOWS\system32\svchost.exe

No streams found.


F:\WINDOWS\system32\ntoskrnl.exe

No streams found.




                                 Final Check:


catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-16 13:02:22

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden services & system hive ...


scanning hidden registry entries ...


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000054

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]

"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..


scanning hidden files ...


scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0



Remaining Services:

------------------




Authorized Application Key Export:


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"F:\\Program Files\\Gadu-Gadu\\gg.exe"="F:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"

"F:\\Program Files\\RevConnect\\DCPlusPlus.exe"="F:\\Program Files\\RevConnect\\DCPlusPlus.exe:*:Enabled:DC++"

"F:\\Program Files\\FlashGet\\flashget.exe"="F:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"

"F:\\Program Files\\Skype\\Phone\\Skype.exe"="F:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"F:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="F:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"F:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="F:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:

---------------


File Backups: - F:\SDFix\backups\backups.zip


Files with Hidden Attributes:


Mon 24 Sep 2007 657,408 ...HR --- "F:\svrhost.exe"

Mon 24 Sep 2007 657,408 ..SH. --- "F:\WINDOWS\system32\_svrhost.exe"

Mon 24 Sep 2007 657,408 ..SH. --- "F:\Program Files\Common Files\Microsoft Shared\MSInfo\svrhost.exe"

Fri 7 Dec 2007 8,679,304 ...H. --- "F:\WINDOWS\SoftwareDistribution\Download\ceaa2b3ce896551539c15c95cca7ded1\BIT3BC.tmp"


Finished!

pliki do usunięcia

Daj log z ComboFix

ComboFix 07-12-17.1 - Adnix 2007-12-17 22:36:02.1 - NTFSx86

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Wykonane. Dodatkowo zamieniłem BitDeffendera na NOD’a , który wykrył i usunął svrhosta.

Stawiam internetowe piwo. Jeszcze raz dzięki.

A Ty jak zabezpieczasz kompa?