neviem pohnut s trojanom

Gazdiq · Napísal **Gazdiq**: 18.01.2008 11:39

prosim pozrite sa na tento obrazok neviem s tzm pohnut.. je tento suobr dolezity_ nechcem riskovat jeho zmazanie, a do truhly sa presunut neda (neda sa spracovat) prosim poradte neviem pohnut s trojanom

brm · Napísal **brm**: 18.01.2008 11:41

Kľudne ho zmaž.. nie je dôležitý (ak pôjde)

Viem, že mne takéto súbory vznikajú, keď je občas nejaký BSOD alebo iný konflikt s pamäťou.

yaJohny · Napísal **yaJohny**: 18.01.2008 11:47

vloz sem log z hijackthis, navod: http://www.pcforum.sk/cistime-napadnuty ... 27265.html

Gazdiq · Napísal autor témy **Gazdiq**: 18.01.2008 12:11

tu to mate
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:55, on 18.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Winamp\winampa.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\BitComet\BitComet.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\TGTSoft\StyleXP\StyleXP.exe
D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashSimpl.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Gazda\Desktop\hijackthis_sfx.exe
D:\totalcmd\TOTALCMD.EXE
C:\Program Files\HijackThis\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: 217.67.31.46 manga.sk
O1 - Hosts: 217.67.31.46 www.manga.sk
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - D:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Alcohol.exe Autorun] D:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe /startup
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] D:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{16FC111E-E42F-4D59-B0CE-539F84291A2D}: NameServer = 192.168.30.2,192.168.30.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{16FC111E-E42F-4D59-B0CE-539F84291A2D}: NameServer = 192.168.30.2,192.168.30.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

yaJohny · Napísal **yaJohny**: 18.01.2008 12:27

Fixni:
O1 - Hosts: 217.67.31.46 www.manga.sk
O1 - Hosts: 217.67.31.46 manga.sk
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - Startup: PowerReg Scheduler V3.exe

potom: Stiahni si ComboFix =>
http://download.bleepingcomputer.com/sU ... mboFix.exe

Riaď sa inštrukciami na obrazovke, neklikaj, počítač môže byť reštartovaný. Vlož sem obsah súbora C:\ComboFix.txt

Gazdiq · Napísal autor témy **Gazdiq**: 18.01.2008 12:51

ComboFix 08-01-09.2 - Gazda 2008-01-18 12:47:35.1 - FAT32x86
Running from: D:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\Tomi\Application Data\FunWebProducts
D:\windows\system32\system.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-18 12:45 . 2008-01-18 12:45 1,495,667 --a------ D:\ComboFix.exe
2008-01-18 12:45 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-18 12:12 . 2008-01-18 12:12 <DIR> d-------- D:\Program Files\Trend Micro
2008-01-18 12:12 . 2008-01-18 12:12 812,344 --a------ D:\HJTInstall.exe
2008-01-17 21:47 . 2008-01-17 21:47 <DIR> d-------- D:\Documents and Settings\Gazda\Application Data\Nero
2008-01-17 21:46 . 2006-03-17 11:45 1,757,184 --a------ D:\WINDOWS\system32\imagX7.dll
2008-01-17 21:46 . 2006-03-17 11:45 802,816 --a------ D:\WINDOWS\system32\imagXRA7.dll
2008-01-17 21:46 . 2006-03-17 11:45 497,296 --a------ D:\WINDOWS\system32\imagXpr7.dll
2008-01-17 21:46 . 2006-03-17 14:49 368,640 --a------ D:\WINDOWS\system32\TwnLib4.dll
2008-01-17 21:46 . 2006-03-17 11:45 258,048 --a------ D:\WINDOWS\system32\imagXR7.dll
2008-01-17 21:45 . 2008-01-17 21:46 <DIR> d-------- D:\Program Files\Nero
2008-01-17 21:45 . 2008-01-17 21:46 <DIR> d-------- D:\Program Files\Common Files\Nero
2008-01-17 21:45 . 2008-01-17 21:46 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Nero
2008-01-16 15:19 . 2008-01-16 15:19 <DIR> d-------- D:\WINDOWS\Složka odesílání Share-to-Web
2008-01-16 15:19 . 2005-01-18 13:05 1,503 --a------ D:\Remote Assistance.lnk
2008-01-16 15:19 . 2005-01-18 13:05 206 --ahs---- D:\desktop.ini
2008-01-14 23:20 . 2008-01-14 23:20 <DIR> d--hs---- D:\FOUND.020
2008-01-14 19:59 . 2008-01-14 19:59 <DIR> d-------- D:\Documents and Settings\Ocko\Application Data\Autodesk
2008-01-14 19:56 . 2001-08-17 13:48 12,160 --a------ D:\WINDOWS\system32\drivers\mouhid.sys
2008-01-14 19:56 . 2001-08-17 13:48 12,160 --a------ D:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-14 19:56 . 2001-08-17 14:02 9,600 --a------ D:\WINDOWS\system32\drivers\hidusb.sys
2008-01-14 19:56 . 2001-08-17 14:02 9,600 --a------ D:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-14 18:02 . 2008-01-14 18:02 <DIR> d--hs---- D:\FOUND.019
2008-01-13 17:29 . 2008-01-13 17:29 <DIR> d--hs---- D:\FOUND.018
2008-01-13 17:23 . 2008-01-13 17:23 <DIR> d--hs---- D:\FOUND.017
2008-01-13 11:13 . 2008-01-13 11:13 <DIR> d--hs---- D:\FOUND.016
2008-01-12 17:52 . 2008-01-12 17:52 <DIR> d--hs---- D:\FOUND.015
2008-01-12 12:37 . 2008-01-12 12:37 <DIR> d--hs---- D:\FOUND.014
2008-01-12 11:06 . 2008-01-12 11:06 <DIR> d--hs---- D:\FOUND.013
2008-01-12 10:29 . 2008-01-12 10:32 139,264 --a------ D:\WINDOWS\War3Unin.exe
2008-01-12 10:29 . 2008-01-12 10:34 77,524 --a------ D:\WINDOWS\War3Unin.dat
2008-01-12 10:29 . 2008-01-12 10:32 2,829 --a------ D:\WINDOWS\War3Unin.pif
2008-01-12 10:26 . 2008-01-12 10:26 <DIR> d-------- D:\Program Files\Warcraft III
2008-01-12 09:34 . 2008-01-12 09:34 <DIR> d-------- D:\warcraft
2008-01-11 12:45 . 2008-01-11 12:46 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-01-09 19:59 . 2008-01-09 19:59 229 --a------ D:\Documents and Settings\Gazda\Application Data\uzivatel.dat
2008-01-09 18:51 . 2008-01-09 18:51 <DIR> d--hs---- D:\FOUND.012
2008-01-01 12:10 . 2008-01-01 12:10 4,922,104 --a------ D:\Opera_9.25_Eng_Setup.exe
2007-12-30 19:18 . 2007-12-30 19:18 <DIR> d--hs---- D:\FOUND.011
2007-12-29 19:10 . 2007-12-29 19:10 <DIR> d-------- D:\Program Files\FlatOut2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 16:22 21,840 ----a-w D:\WINDOWS\system32\SIntfNT.dll
2008-01-04 16:22 17,212 ----a-w D:\WINDOWS\system32\SIntf32.dll
2008-01-04 16:22 12,067 ----a-w D:\WINDOWS\system32\SIntf16.dll
2007-12-12 21:05 32,505,611 ----a-w D:\Documents and Settings\Gazda\2007-12 (XII).ZIP
2007-12-12 11:47 --------- d-----w D:\Program Files\Starcraft
2007-12-04 14:56 93,264 ----a-w D:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w D:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w D:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w D:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w D:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w D:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w D:\WINDOWS\system32\AVASTSS.scr
2007-11-14 07:26 450,560 ------w D:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:26 721,920 ----a-w D:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w D:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 19:42 2,801,543 ----a-w D:\Documents and Settings\Tomi\h2beta.zip
2007-10-30 17:20 360,064 ------w D:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:16 3,058,688 ------w D:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w D:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 16:39 230,912 ----a-w D:\WINDOWS\system32\wmasf.dll
2007-10-27 16:39 230,912 ------w D:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-27 16:37 2,109,440 ------w D:\WINDOWS\system32\dllcache\wmvcore.dll
2007-10-26 03:36 8,454,656 ------w D:\WINDOWS\system32\dllcache\shell32.dll
2007-09-01 09:38 57,288 ----a-w D:\Documents and Settings\Gazda\Application Data\GDIPFONTCACHEV1.DAT
2007-05-28 08:49 457,285 ----a-w D:\Documents and Settings\Gazda\lancraft_101b.zip
2005-12-18 12:14 22,536 ----a-w D:\Documents and Settings\Tomi\Application Data\GDIPFONTCACHEV1.DAT
2005-03-20 13:10 4,853,760 ----a-w D:\Documents and Settings\Gazda\mplayerc.exe
2004-06-21 09:47 327,680 ----a-w D:\Documents and Settings\Gazda\sneh.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"BitComet"="D:\Program Files\BitComet\BitComet.exe" [2006-02-13 18:02 2678784]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"STYLEXP"="D:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 00:31 67584 D:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 07:15 344064]
"Share-to-Web Namespace Daemon"="D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"CloneCDElbyCDFL"="D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 04:09 45056]
"CloneCDTray"="D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-04-15 00:12 57344]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2005-09-07 17:49 77824]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2003-10-18 13:30 12288]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"SmcService"="D:\PROGRA~1\Sygate\SPF\smc.exe" [2004-06-30 16:56 2376928]
"ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 10:37 28672]
"HydraVisionDesktopManager"="D:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 21:00 270336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]
"ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 10:37 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-27 20:12 3142236 D:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 08:24 1694208 D:\Program Files\Messenger\msmsgs.exe

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 12:49:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 12:49:57
ComboFix-quarantined-files.txt 2008-01-18 11:49:56
.
2008-01-10 16:23:35 --- E O F ---

neviem pohnut s trojanom

Podobné témy