Trojan,adirka,nuwar(vyřešeno) Vyřešeno
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
V modrý obrazovce je napsáno že máš počkat asi 10 minut, ale tolik to mě netrvalo
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Konečně to mám.Po skončení nastal restart. Nevím jestli měl.
"Admin" - 07-03-27 12:45:34 Service Pack 2
ComboFix 07-03-27.2.Dbg - Running from: "C:\Documents and Settings\Admin\Plocha"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\pfxzmtaim.dll
C:\WINDOWS\system32\pfxzmtforum.dll
C:\WINDOWS\system32\pfxzmtgtal.dll
C:\WINDOWS\system32\pfxzmticq.dll
C:\WINDOWS\system32\pfxzmtsmt.dll
C:\WINDOWS\system32\pfxzmtsmtspm.dll
C:\WINDOWS\system32\pfxzmtwbmail.dll
C:\WINDOWS\system32\pfxzmtymsg.dll
C:\WINDOWS\system32\sfxzmtforum.dll
C:\WINDOWS\system32\sfxzmtsmt.dll
C:\WINDOWS\system32\sfxzmtsmtspm.dll
C:\WINDOWS\system32\sfxzmtwbmail.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\wincom32.ini
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\arprmdg0.dll
C:\WINDOWS\system32\avload32.dll
C:\WINDOWS\system32\bt848rom.dll
C:\WINDOWS\system32\directpt.dll
C:\WINDOWS\system32\directut.dll
C:\WINDOWS\system32\docent0.dll
C:\WINDOWS\system32\docent2.dll
C:\WINDOWS\system32\dvd4free.dll
C:\WINDOWS\system32\extxerox.dll
C:\WINDOWS\system32\hpprintx.dll
C:\WINDOWS\system32\iesdl4l.dll
C:\WINDOWS\system32\ksapgh.dll
C:\WINDOWS\system32\msvcrl.dll
C:\WINDOWS\system32\obbn13t.dll
C:\WINDOWS\system32\satdll.dll
C:\WINDOWS\system32\scsiusr4.dll
C:\WINDOWS\system32\se500mdm.dll
C:\WINDOWS\system32\zopenssl.dll
((((((((((((((((((((((((((((((( Files Created from 2007-02-27 to 2007-03-27 ))))))))))))))))))))))))))))))))))
2007-03-26 23:09 <DIR> d-------- C:\avenger
2007-03-26 17:17 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-03-25 20:47 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-03-25 20:45 147,968 --a------ C:\WINDOWS\R.COM
2007-03-25 20:45 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-03-20 19:41 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-03-20 19:41 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-20 19:41 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-03-17 19:19 <DIR> d-------- C:\Program Files\Ubisoft
2007-03-17 17:26 <DIR> d-------- C:\Program Files\ClamWin
2007-03-11 19:14 <DIR> d-------- C:\Program Files\QIP
2007-03-10 19:29 <DIR> d-------- C:\Program Files\Pixarra
2007-03-05 21:18 682,855 --a------ C:\WINDOWS\Magic Kinder Cup 42SS111.scr
2007-03-05 21:18 <DIR> d-------- C:\Program Files\Magic Kinder Cup 42SS111
2007-03-03 12:08 41 ---h----- C:\WINDOWS\dsez1127.dat
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-25 13:05 62138 --a------ C:\WINDOWS\system32\perfc005.dat
2007-03-25 13:05 379568 --a------ C:\WINDOWS\system32\perfh005.dat
2007-03-15 12:38 95 --a------ C:\WINDOWS\popcinfo.dat
2007-03-11 18:54 -------- d-------- C:\Program Files\icqlite
2007-03-11 18:54 -------- d-------- C:\Program Files\icqlite
2007-03-02 16:27 -------- d--h----- C:\Program Files\installshield installation information
2007-03-02 16:27 -------- d--h----- C:\Program Files\installshield installation information
2007-02-16 22:14 -------- d-------- C:\Program Files\java
2007-02-16 22:14 -------- d-------- C:\Program Files\java
2007-02-08 18:15 542619 --a------ C:\WINDOWS\magic kinder cup 42ss107.scr
2007-02-08 18:15 -------- d-------- C:\Program Files\magic kinder cup 42ss107
2007-02-08 18:15 -------- d-------- C:\Program Files\magic kinder cup 42ss107
2007-02-07 18:05 605287 --a------ C:\WINDOWS\magic kinder cup 42ss103.scr
2007-02-07 18:05 -------- d-------- C:\Program Files\magic kinder cup 42ss103
2007-02-07 18:05 -------- d-------- C:\Program Files\magic kinder cup 42ss103
2007-02-07 17:55 513134 --a------ C:\WINDOWS\magic kinder cup 49ss059.scr
2007-02-07 17:50 549608 --a------ C:\WINDOWS\magic kinder cup 41ss019.scr
2007-02-07 17:50 -------- d-------- C:\Program Files\magic kinder cup 41ss019
2007-02-07 17:50 -------- d-------- C:\Program Files\magic kinder cup 41ss019
2007-02-07 17:24 397053 --a------ C:\WINDOWS\screen_44ss022.scr
2007-02-07 17:24 -------- d-------- C:\Program Files\screen_44ss022
2007-02-07 17:24 -------- d-------- C:\Program Files\screen_44ss022
2007-02-07 17:11 516629 --a------ C:\WINDOWS\magic kinder cup 41ss001.scr
2007-02-06 21:12 -------- d-------- C:\Program Files\magic kinder cup 41ss001
2007-02-06 21:12 -------- d-------- C:\Program Files\magic kinder cup 41ss001
2007-02-06 21:02 830049 --a------ C:\WINDOWS\magic kinder cup 45ss038.scr
2007-02-06 21:02 -------- d-------- C:\Program Files\magic kinder cup 45ss038
2007-02-06 21:02 -------- d-------- C:\Program Files\magic kinder cup 45ss038
2007-02-06 20:57 -------- d-------- C:\Program Files\magic kinder cup 49ss059
2007-02-06 20:57 -------- d-------- C:\Program Files\magic kinder cup 49ss059
2007-02-06 20:55 568222 --a------ C:\WINDOWS\magic kinder cup 49ss058.scr
2007-02-06 20:55 -------- d-------- C:\Program Files\magic kinder cup 49ss058
2007-02-06 20:55 -------- d-------- C:\Program Files\magic kinder cup 49ss058
2007-02-06 20:49 -------- d-------- C:\Program Files\magic kinder cup 50ss077
2007-02-06 20:49 -------- d-------- C:\Program Files\magic kinder cup 50ss077
2007-02-06 20:48 742333 --a------ C:\WINDOWS\magic kinder cup 50ss077.scr
2007-02-06 20:43 468428 --a------ C:\WINDOWS\magic kinder cup 45ss042.scr
2007-02-06 20:43 -------- d-------- C:\Program Files\magic kinder cup 45ss042
2007-02-06 20:43 -------- d-------- C:\Program Files\magic kinder cup 45ss042
2007-02-06 20:38 591579 --a------ C:\WINDOWS\magic kinder cup 41ss003.scr
2007-02-06 20:38 -------- d-------- C:\Program Files\magic kinder cup 41ss003
2007-02-06 20:38 -------- d-------- C:\Program Files\magic kinder cup 41ss003
2007-02-06 20:36 469974 --a------ C:\WINDOWS\magic kinder cup 44ss023.scr
2007-02-06 20:36 -------- d-------- C:\Program Files\magic kinder cup 44ss023
2007-02-06 20:36 -------- d-------- C:\Program Files\magic kinder cup 44ss023
2007-02-06 20:32 574234 --a------ C:\WINDOWS\magic kinder cup 41ss002.scr
2007-02-06 20:32 -------- d-------- C:\Program Files\magic kinder cup 41ss002
2007-02-06 20:32 -------- d-------- C:\Program Files\magic kinder cup 41ss002
2007-02-06 20:27 621395 --a------ C:\WINDOWS\magic kinder cup 45ss037.scr
2007-02-06 20:27 -------- d-------- C:\Program Files\magic kinder cup 45ss037
2007-02-06 20:27 -------- d-------- C:\Program Files\magic kinder cup 45ss037
2007-01-12 20:20 356352 --a------ C:\putty.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nTrayFw"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nTrayFw.exe"
"SoundMan"="SOUNDMAN.EXE"
@=""
"ATIPTA"="atiptaxx.exe"
"CHotkey"="mHotkey.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SpywareTerminator"="\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ElbyCheck"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\CloneCDTray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostStartTrayApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec\\Norton Ghost 2003\\GhostStartTrayApp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OverClk"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ASUS\\Ai Booster\\OverClk.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=dword:00000002
"TapiSrv"=dword:00000003
"InCDsrv"=dword:00000002
"helpsvc"=dword:00000002
"GhostStartService"=dword:00000002
"ERSvc"=dword:00000002
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-03-27 12:49:22
"Admin" - 07-03-27 12:45:34 Service Pack 2
ComboFix 07-03-27.2.Dbg - Running from: "C:\Documents and Settings\Admin\Plocha"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\pfxzmtaim.dll
C:\WINDOWS\system32\pfxzmtforum.dll
C:\WINDOWS\system32\pfxzmtgtal.dll
C:\WINDOWS\system32\pfxzmticq.dll
C:\WINDOWS\system32\pfxzmtsmt.dll
C:\WINDOWS\system32\pfxzmtsmtspm.dll
C:\WINDOWS\system32\pfxzmtwbmail.dll
C:\WINDOWS\system32\pfxzmtymsg.dll
C:\WINDOWS\system32\sfxzmtforum.dll
C:\WINDOWS\system32\sfxzmtsmt.dll
C:\WINDOWS\system32\sfxzmtsmtspm.dll
C:\WINDOWS\system32\sfxzmtwbmail.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\wincom32.ini
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\arprmdg0.dll
C:\WINDOWS\system32\avload32.dll
C:\WINDOWS\system32\bt848rom.dll
C:\WINDOWS\system32\directpt.dll
C:\WINDOWS\system32\directut.dll
C:\WINDOWS\system32\docent0.dll
C:\WINDOWS\system32\docent2.dll
C:\WINDOWS\system32\dvd4free.dll
C:\WINDOWS\system32\extxerox.dll
C:\WINDOWS\system32\hpprintx.dll
C:\WINDOWS\system32\iesdl4l.dll
C:\WINDOWS\system32\ksapgh.dll
C:\WINDOWS\system32\msvcrl.dll
C:\WINDOWS\system32\obbn13t.dll
C:\WINDOWS\system32\satdll.dll
C:\WINDOWS\system32\scsiusr4.dll
C:\WINDOWS\system32\se500mdm.dll
C:\WINDOWS\system32\zopenssl.dll
((((((((((((((((((((((((((((((( Files Created from 2007-02-27 to 2007-03-27 ))))))))))))))))))))))))))))))))))
2007-03-26 23:09 <DIR> d-------- C:\avenger
2007-03-26 17:17 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-03-25 20:47 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-03-25 20:45 147,968 --a------ C:\WINDOWS\R.COM
2007-03-25 20:45 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-03-20 19:41 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-03-20 19:41 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-20 19:41 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-03-17 19:19 <DIR> d-------- C:\Program Files\Ubisoft
2007-03-17 17:26 <DIR> d-------- C:\Program Files\ClamWin
2007-03-11 19:14 <DIR> d-------- C:\Program Files\QIP
2007-03-10 19:29 <DIR> d-------- C:\Program Files\Pixarra
2007-03-05 21:18 682,855 --a------ C:\WINDOWS\Magic Kinder Cup 42SS111.scr
2007-03-05 21:18 <DIR> d-------- C:\Program Files\Magic Kinder Cup 42SS111
2007-03-03 12:08 41 ---h----- C:\WINDOWS\dsez1127.dat
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-25 13:05 62138 --a------ C:\WINDOWS\system32\perfc005.dat
2007-03-25 13:05 379568 --a------ C:\WINDOWS\system32\perfh005.dat
2007-03-15 12:38 95 --a------ C:\WINDOWS\popcinfo.dat
2007-03-11 18:54 -------- d-------- C:\Program Files\icqlite
2007-03-11 18:54 -------- d-------- C:\Program Files\icqlite
2007-03-02 16:27 -------- d--h----- C:\Program Files\installshield installation information
2007-03-02 16:27 -------- d--h----- C:\Program Files\installshield installation information
2007-02-16 22:14 -------- d-------- C:\Program Files\java
2007-02-16 22:14 -------- d-------- C:\Program Files\java
2007-02-08 18:15 542619 --a------ C:\WINDOWS\magic kinder cup 42ss107.scr
2007-02-08 18:15 -------- d-------- C:\Program Files\magic kinder cup 42ss107
2007-02-08 18:15 -------- d-------- C:\Program Files\magic kinder cup 42ss107
2007-02-07 18:05 605287 --a------ C:\WINDOWS\magic kinder cup 42ss103.scr
2007-02-07 18:05 -------- d-------- C:\Program Files\magic kinder cup 42ss103
2007-02-07 18:05 -------- d-------- C:\Program Files\magic kinder cup 42ss103
2007-02-07 17:55 513134 --a------ C:\WINDOWS\magic kinder cup 49ss059.scr
2007-02-07 17:50 549608 --a------ C:\WINDOWS\magic kinder cup 41ss019.scr
2007-02-07 17:50 -------- d-------- C:\Program Files\magic kinder cup 41ss019
2007-02-07 17:50 -------- d-------- C:\Program Files\magic kinder cup 41ss019
2007-02-07 17:24 397053 --a------ C:\WINDOWS\screen_44ss022.scr
2007-02-07 17:24 -------- d-------- C:\Program Files\screen_44ss022
2007-02-07 17:24 -------- d-------- C:\Program Files\screen_44ss022
2007-02-07 17:11 516629 --a------ C:\WINDOWS\magic kinder cup 41ss001.scr
2007-02-06 21:12 -------- d-------- C:\Program Files\magic kinder cup 41ss001
2007-02-06 21:12 -------- d-------- C:\Program Files\magic kinder cup 41ss001
2007-02-06 21:02 830049 --a------ C:\WINDOWS\magic kinder cup 45ss038.scr
2007-02-06 21:02 -------- d-------- C:\Program Files\magic kinder cup 45ss038
2007-02-06 21:02 -------- d-------- C:\Program Files\magic kinder cup 45ss038
2007-02-06 20:57 -------- d-------- C:\Program Files\magic kinder cup 49ss059
2007-02-06 20:57 -------- d-------- C:\Program Files\magic kinder cup 49ss059
2007-02-06 20:55 568222 --a------ C:\WINDOWS\magic kinder cup 49ss058.scr
2007-02-06 20:55 -------- d-------- C:\Program Files\magic kinder cup 49ss058
2007-02-06 20:55 -------- d-------- C:\Program Files\magic kinder cup 49ss058
2007-02-06 20:49 -------- d-------- C:\Program Files\magic kinder cup 50ss077
2007-02-06 20:49 -------- d-------- C:\Program Files\magic kinder cup 50ss077
2007-02-06 20:48 742333 --a------ C:\WINDOWS\magic kinder cup 50ss077.scr
2007-02-06 20:43 468428 --a------ C:\WINDOWS\magic kinder cup 45ss042.scr
2007-02-06 20:43 -------- d-------- C:\Program Files\magic kinder cup 45ss042
2007-02-06 20:43 -------- d-------- C:\Program Files\magic kinder cup 45ss042
2007-02-06 20:38 591579 --a------ C:\WINDOWS\magic kinder cup 41ss003.scr
2007-02-06 20:38 -------- d-------- C:\Program Files\magic kinder cup 41ss003
2007-02-06 20:38 -------- d-------- C:\Program Files\magic kinder cup 41ss003
2007-02-06 20:36 469974 --a------ C:\WINDOWS\magic kinder cup 44ss023.scr
2007-02-06 20:36 -------- d-------- C:\Program Files\magic kinder cup 44ss023
2007-02-06 20:36 -------- d-------- C:\Program Files\magic kinder cup 44ss023
2007-02-06 20:32 574234 --a------ C:\WINDOWS\magic kinder cup 41ss002.scr
2007-02-06 20:32 -------- d-------- C:\Program Files\magic kinder cup 41ss002
2007-02-06 20:32 -------- d-------- C:\Program Files\magic kinder cup 41ss002
2007-02-06 20:27 621395 --a------ C:\WINDOWS\magic kinder cup 45ss037.scr
2007-02-06 20:27 -------- d-------- C:\Program Files\magic kinder cup 45ss037
2007-02-06 20:27 -------- d-------- C:\Program Files\magic kinder cup 45ss037
2007-01-12 20:20 356352 --a------ C:\putty.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nTrayFw"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nTrayFw.exe"
"SoundMan"="SOUNDMAN.EXE"
@=""
"ATIPTA"="atiptaxx.exe"
"CHotkey"="mHotkey.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SpywareTerminator"="\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ElbyCheck"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\CloneCDTray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostStartTrayApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec\\Norton Ghost 2003\\GhostStartTrayApp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OverClk"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ASUS\\Ai Booster\\OverClk.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=dword:00000002
"TapiSrv"=dword:00000003
"InCDsrv"=dword:00000002
"helpsvc"=dword:00000002
"GhostStartService"=dword:00000002
"ERSvc"=dword:00000002
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-03-27 12:49:22
A ještě ten Comboscan.
ComboScan v20070306.20 run by Admin on 2007-03-27 at 12:59:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Admin.exe) -----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:00:02, on 27.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ATITool\ATITool.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Admin\Plocha\comboscan.exe
C:\DOCUME~1\Admin\Plocha\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED3CFC8-996F-4C78-B4F7-943AFB1A5974}: NameServer = 192.168.17.254,193.179.148.42
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
-- Files created between 2007-02-27 and 2007-03-27 -----------------------------
2007-03-27 12:47:30 0 d-------- C:\WINDOWS\erdnt
2007-03-26 23:09:43 0 d-------- C:\avenger
2007-03-26 17:17:26 0 d-------- C:\Program Files\Spyware Terminator<SPYWAR~1>
2007-03-25 20:47:18 0 d-a------ C:\WINDOWS\rundl132.dll
2007-03-25 20:45:30 137216 --a------ C:\WINDOWS\system32\T.COM
2007-03-25 20:45:30 147968 --a------ C:\WINDOWS\R.COM
2007-03-20 19:41:14 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-20 19:41:14 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-03-20 19:41:14 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-03-17 19:19:32 0 d-------- C:\Program Files\Ubisoft
2007-03-17 17:26:57 0 d-------- C:\Program Files\ClamWin
2007-03-11 19:14:55 0 d-------- C:\Program Files\QIP
2007-03-10 19:29:52 0 d-------- C:\Program Files\Pixarra
2007-03-05 21:18:13 682855 --a------ C:\WINDOWS\Magic Kinder Cup 42SS111.scr<MA7A03~1.SCR>
2007-03-05 21:18:00 0 d-------- C:\Program Files\Magic Kinder Cup 42SS111<MA0F7D~1>
2007-03-03 12:08:54 41 ---h----- C:\WINDOWS\dsez1127.dat
-- Find3M Report ---------------------------------------------------------------
2007-03-27 07:14:24 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-26 19:02:49 0 d-------- C:\Documents and Settings\Admin\Data aplikací\Skype
2007-03-26 18:04:48 0 d-------- C:\Documents and Settings\Admin\Data aplikací\Free Download Manager<FREEDO~1>
2007-03-25 13:05:16 379568 --a------ C:\WINDOWS\system32\perfh005.dat
2007-03-25 13:05:16 62138 --a------ C:\WINDOWS\system32\perfc005.dat
2007-03-17 18:39:06 0 d-------- C:\Documents and Settings\Admin\Data aplikací\BSplayer
2007-03-15 12:38:21 95 --a------ C:\WINDOWS\popcinfo.dat
2007-03-11 18:54:01 0 d-------- C:\Program Files\ICQLite
2007-03-02 16:27:58 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-02 16:27:58 0 d-------- C:\Program Files\BSP Multimedia<BSPMUL~1>
2007-02-26 20:24:56 0 d-------- C:\Documents and Settings\Admin\Data aplikací\Zoner
2007-02-16 22:14:43 0 d-------- C:\Program Files\Java
2007-02-08 18:15:33 0 d-------- C:\Program Files\Magic Kinder Cup 42SS107<MA6F6D~1>
2007-02-08 18:15:31 542619 --a------ C:\WINDOWS\Magic Kinder Cup 42SS107.scr<MA960B~1.SCR>
2007-02-07 18:05:49 0 d-------- C:\Program Files\Magic Kinder Cup 42SS103<MA2F6D~1>
2007-02-07 18:05:46 605287 --a------ C:\WINDOWS\Magic Kinder Cup 42SS103.scr<MA860B~1.SCR>
2007-02-07 17:55:14 513134 --a------ C:\WINDOWS\Magic Kinder Cup 49SS059.scr<MA9121~1.SCR>
2007-02-07 17:50:46 0 d-------- C:\Program Files\Magic Kinder Cup 41SS019<MA8B75~1>
2007-02-07 17:50:44 549608 --a------ C:\WINDOWS\Magic Kinder Cup 41SS019.scr<MA9901~1.SCR>
2007-02-07 17:24:05 0 d-------- C:\Program Files\screen_44SS022<SCREEN~1>
2007-02-07 17:24:03 397053 --a------ C:\WINDOWS\screen_44SS022.scr<SCREEN~1.SCR>
2007-02-07 17:11:47 516629 --a------ C:\WINDOWS\Magic Kinder Cup 41SS001.scr<MA7501~1.SCR>
2007-02-06 21:12:25 0 d-------- C:\Program Files\Magic Kinder Cup 41SS001<MA0B65~1>
2007-02-06 21:02:31 0 d-------- C:\Program Files\Magic Kinder Cup 45SS038<MA7BA5~1>
2007-02-06 21:02:28 830049 --a------ C:\WINDOWS\Magic Kinder Cup 45SS038.scr<MA951D~1.SCR>
2007-02-06 20:57:26 0 d-------- C:\Program Files\Magic Kinder Cup 49SS059<MA8BD5~1>
2007-02-06 20:55:23 0 d-------- C:\Program Files\Magic Kinder Cup 49SS058<MA7BD5~1>
2007-02-06 20:55:21 568222 --a------ C:\WINDOWS\Magic Kinder Cup 49SS058.scr<MA912D~1.SCR>
2007-02-06 20:49:00 0 d-------- C:\Program Files\Magic Kinder Cup 50SS077<MA67DF~1>
2007-02-06 20:48:58 742333 --a------ C:\WINDOWS\Magic Kinder Cup 50SS077.scr<MA90AB~1.SCR>
2007-02-06 20:43:06 0 d-------- C:\Program Files\Magic Kinder Cup 45SS042<MA1BB5~1>
2007-02-06 20:43:05 468428 --a------ C:\WINDOWS\Magic Kinder Cup 45SS042.scr<MA7915~1.SCR>
2007-02-06 20:38:15 0 d-------- C:\Program Files\Magic Kinder Cup 41SS003<MAGICK~4>
2007-02-06 20:38:13 591579 --a------ C:\WINDOWS\Magic Kinder Cup 41SS003.scr<MAGICK~4.SCR>
2007-02-06 20:36:43 0 d-------- C:\Program Files\Magic Kinder Cup 44SS023<MAGICK~3>
2007-02-06 20:36:41 469974 --a------ C:\WINDOWS\Magic Kinder Cup 44SS023.scr<MAGICK~3.SCR>
2007-02-06 20:32:29 0 d-------- C:\Program Files\Magic Kinder Cup 41SS002<MAGICK~2>
2007-02-06 20:32:27 574234 --a------ C:\WINDOWS\Magic Kinder Cup 41SS002.scr<MAGICK~2.SCR>
2007-02-06 20:27:31 0 d-------- C:\Program Files\Magic Kinder Cup 45SS037<MAGICK~1>
2007-02-06 20:27:30 621395 --a------ C:\WINDOWS\Magic Kinder Cup 45SS037.scr<MAGICK~1.SCR>
2007-01-12 20:20:23 356352 --a------ C:\putty.exe
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nTrayFw"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nTrayFw.exe"
"SoundMan"="SOUNDMAN.EXE"
@=""
"ATIPTA"="atiptaxx.exe"
"CHotkey"="mHotkey.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SpywareTerminator"="\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ElbyCheck"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\CloneCDTray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostStartTrayApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec\\Norton Ghost 2003\\GhostStartTrayApp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OverClk"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ASUS\\Ai Booster\\OverClk.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=dword:00000002
"TapiSrv"=dword:00000003
"InCDsrv"=dword:00000002
"helpsvc"=dword:00000002
"GhostStartService"=dword:00000002
"ERSvc"=dword:00000002
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Schedule
-- End of ComboScan: finished at 2007-03-27 at 13:00:35 -
ComboScan v20070306.20 run by Admin on 2007-03-27 at 12:59:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Admin.exe) -----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:00:02, on 27.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ATITool\ATITool.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Admin\Plocha\comboscan.exe
C:\DOCUME~1\Admin\Plocha\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED3CFC8-996F-4C78-B4F7-943AFB1A5974}: NameServer = 192.168.17.254,193.179.148.42
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
-- Files created between 2007-02-27 and 2007-03-27 -----------------------------
2007-03-27 12:47:30 0 d-------- C:\WINDOWS\erdnt
2007-03-26 23:09:43 0 d-------- C:\avenger
2007-03-26 17:17:26 0 d-------- C:\Program Files\Spyware Terminator<SPYWAR~1>
2007-03-25 20:47:18 0 d-a------ C:\WINDOWS\rundl132.dll
2007-03-25 20:45:30 137216 --a------ C:\WINDOWS\system32\T.COM
2007-03-25 20:45:30 147968 --a------ C:\WINDOWS\R.COM
2007-03-20 19:41:14 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-20 19:41:14 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-03-20 19:41:14 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-03-17 19:19:32 0 d-------- C:\Program Files\Ubisoft
2007-03-17 17:26:57 0 d-------- C:\Program Files\ClamWin
2007-03-11 19:14:55 0 d-------- C:\Program Files\QIP
2007-03-10 19:29:52 0 d-------- C:\Program Files\Pixarra
2007-03-05 21:18:13 682855 --a------ C:\WINDOWS\Magic Kinder Cup 42SS111.scr<MA7A03~1.SCR>
2007-03-05 21:18:00 0 d-------- C:\Program Files\Magic Kinder Cup 42SS111<MA0F7D~1>
2007-03-03 12:08:54 41 ---h----- C:\WINDOWS\dsez1127.dat
-- Find3M Report ---------------------------------------------------------------
2007-03-27 07:14:24 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-26 19:02:49 0 d-------- C:\Documents and Settings\Admin\Data aplikací\Skype
2007-03-26 18:04:48 0 d-------- C:\Documents and Settings\Admin\Data aplikací\Free Download Manager<FREEDO~1>
2007-03-25 13:05:16 379568 --a------ C:\WINDOWS\system32\perfh005.dat
2007-03-25 13:05:16 62138 --a------ C:\WINDOWS\system32\perfc005.dat
2007-03-17 18:39:06 0 d-------- C:\Documents and Settings\Admin\Data aplikací\BSplayer
2007-03-15 12:38:21 95 --a------ C:\WINDOWS\popcinfo.dat
2007-03-11 18:54:01 0 d-------- C:\Program Files\ICQLite
2007-03-02 16:27:58 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-02 16:27:58 0 d-------- C:\Program Files\BSP Multimedia<BSPMUL~1>
2007-02-26 20:24:56 0 d-------- C:\Documents and Settings\Admin\Data aplikací\Zoner
2007-02-16 22:14:43 0 d-------- C:\Program Files\Java
2007-02-08 18:15:33 0 d-------- C:\Program Files\Magic Kinder Cup 42SS107<MA6F6D~1>
2007-02-08 18:15:31 542619 --a------ C:\WINDOWS\Magic Kinder Cup 42SS107.scr<MA960B~1.SCR>
2007-02-07 18:05:49 0 d-------- C:\Program Files\Magic Kinder Cup 42SS103<MA2F6D~1>
2007-02-07 18:05:46 605287 --a------ C:\WINDOWS\Magic Kinder Cup 42SS103.scr<MA860B~1.SCR>
2007-02-07 17:55:14 513134 --a------ C:\WINDOWS\Magic Kinder Cup 49SS059.scr<MA9121~1.SCR>
2007-02-07 17:50:46 0 d-------- C:\Program Files\Magic Kinder Cup 41SS019<MA8B75~1>
2007-02-07 17:50:44 549608 --a------ C:\WINDOWS\Magic Kinder Cup 41SS019.scr<MA9901~1.SCR>
2007-02-07 17:24:05 0 d-------- C:\Program Files\screen_44SS022<SCREEN~1>
2007-02-07 17:24:03 397053 --a------ C:\WINDOWS\screen_44SS022.scr<SCREEN~1.SCR>
2007-02-07 17:11:47 516629 --a------ C:\WINDOWS\Magic Kinder Cup 41SS001.scr<MA7501~1.SCR>
2007-02-06 21:12:25 0 d-------- C:\Program Files\Magic Kinder Cup 41SS001<MA0B65~1>
2007-02-06 21:02:31 0 d-------- C:\Program Files\Magic Kinder Cup 45SS038<MA7BA5~1>
2007-02-06 21:02:28 830049 --a------ C:\WINDOWS\Magic Kinder Cup 45SS038.scr<MA951D~1.SCR>
2007-02-06 20:57:26 0 d-------- C:\Program Files\Magic Kinder Cup 49SS059<MA8BD5~1>
2007-02-06 20:55:23 0 d-------- C:\Program Files\Magic Kinder Cup 49SS058<MA7BD5~1>
2007-02-06 20:55:21 568222 --a------ C:\WINDOWS\Magic Kinder Cup 49SS058.scr<MA912D~1.SCR>
2007-02-06 20:49:00 0 d-------- C:\Program Files\Magic Kinder Cup 50SS077<MA67DF~1>
2007-02-06 20:48:58 742333 --a------ C:\WINDOWS\Magic Kinder Cup 50SS077.scr<MA90AB~1.SCR>
2007-02-06 20:43:06 0 d-------- C:\Program Files\Magic Kinder Cup 45SS042<MA1BB5~1>
2007-02-06 20:43:05 468428 --a------ C:\WINDOWS\Magic Kinder Cup 45SS042.scr<MA7915~1.SCR>
2007-02-06 20:38:15 0 d-------- C:\Program Files\Magic Kinder Cup 41SS003<MAGICK~4>
2007-02-06 20:38:13 591579 --a------ C:\WINDOWS\Magic Kinder Cup 41SS003.scr<MAGICK~4.SCR>
2007-02-06 20:36:43 0 d-------- C:\Program Files\Magic Kinder Cup 44SS023<MAGICK~3>
2007-02-06 20:36:41 469974 --a------ C:\WINDOWS\Magic Kinder Cup 44SS023.scr<MAGICK~3.SCR>
2007-02-06 20:32:29 0 d-------- C:\Program Files\Magic Kinder Cup 41SS002<MAGICK~2>
2007-02-06 20:32:27 574234 --a------ C:\WINDOWS\Magic Kinder Cup 41SS002.scr<MAGICK~2.SCR>
2007-02-06 20:27:31 0 d-------- C:\Program Files\Magic Kinder Cup 45SS037<MAGICK~1>
2007-02-06 20:27:30 621395 --a------ C:\WINDOWS\Magic Kinder Cup 45SS037.scr<MAGICK~1.SCR>
2007-01-12 20:20:23 356352 --a------ C:\putty.exe
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nTrayFw"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nTrayFw.exe"
"SoundMan"="SOUNDMAN.EXE"
@=""
"ATIPTA"="atiptaxx.exe"
"CHotkey"="mHotkey.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SpywareTerminator"="\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ElbyCheck"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\CloneCDTray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostStartTrayApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec\\Norton Ghost 2003\\GhostStartTrayApp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OverClk"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ASUS\\Ai Booster\\OverClk.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=dword:00000002
"TapiSrv"=dword:00000003
"InCDsrv"=dword:00000002
"helpsvc"=dword:00000002
"GhostStartService"=dword:00000002
"ERSvc"=dword:00000002
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Schedule
-- End of ComboScan: finished at 2007-03-27 at 13:00:35 -
Zkoušela jsem ten nouzový režim.Naskočila modrá obrazovka Boot menu:a volba mezi Hard Disk nebo CDROM.
Do nouze jsem se dostala jen jednou.Minulý týden,když jsem zkoušela zpustit antivirák v nouzi.Jak jsem se tam dostala ani nevim,mačkala jsem všechny doporučené klávesy a taky až na několikátý pokus.A když se zpouští počítač tak na spodním řádku naskakuje,že F8 je boot menu.
Do nouze jsem se dostala jen jednou.Minulý týden,když jsem zkoušela zpustit antivirák v nouzi.Jak jsem se tam dostala ani nevim,mačkala jsem všechny doporučené klávesy a taky až na několikátý pokus.A když se zpouští počítač tak na spodním řádku naskakuje,že F8 je boot menu.
Super ComboFix odstranil šmejdy. 
Ten restart byl nutný aby combofix odstranil ty šmejdy.
Jinak ten nouzový režim má být v pořádku žádný z těch programů nic nehlásí.
To co ti to dalo za nabídku tak to vůbec nemá co dělat s NR. Je to jenom z čeho cheš nabootovat pokud se nemýlím.
Jak ti Dával Fredik ten odkaz tak tam to máš je to ten 3) bod.Jak máš mačkat F8 aby jsi se dostal do NR
Jinak v teěch logách nevím co je tohle:
C:\putty.exe
C:\Program Files\magic kinder cup 45ss037
Pokud to znáš tak je to v pořádku.
Ten restart byl nutný aby combofix odstranil ty šmejdy.
Jinak ten nouzový režim má být v pořádku žádný z těch programů nic nehlásí.
To co ti to dalo za nabídku tak to vůbec nemá co dělat s NR. Je to jenom z čeho cheš nabootovat pokud se nemýlím.
Jak ti Dával Fredik ten odkaz tak tam to máš je to ten 3) bod.Jak máš mačkat F8 aby jsi se dostal do NR
Jinak v teěch logách nevím co je tohle:
C:\putty.exe
C:\Program Files\magic kinder cup 45ss037
Pokud to znáš tak je to v pořádku.
Taky myslím že je to OK.Ten počítač takovou čistku ještě nedostal.
Díky vám se mi ho podařilo vyčistit,už jsme chtěli přeinstalovat celý Windows.Ušetřili jste nám spoustu
práce.DÍKY MOC!!!Jak píšeš ty logy tak to kinder cup znám, to má naše dcera spořiče ztažené z kinder čokolády.Putty mám nějaký věci na C i D disku.Nevím to jistě ale mohly by to být češtiny do her.Je tam ikona dvou počítačů šikmo nad sebou.A ten nouzový režim už jde.(CHyba mezi židlí a počítačem)
.Ještě mi prosím napiš jakej použít antivir.Teď tu mám na měsíc Noda a pak nevím.Všechna ta hrůza co tu byla přešla přes Avast,Nodem jsem se to snažila vyléčit.A jestli jen tak preventivně bych někdy mohla zaslat log.
Hezký den!
Díky vám se mi ho podařilo vyčistit,už jsme chtěli přeinstalovat celý Windows.Ušetřili jste nám spoustu
práce.DÍKY MOC!!!Jak píšeš ty logy tak to kinder cup znám, to má naše dcera spořiče ztažené z kinder čokolády.Putty mám nějaký věci na C i D disku.Nevím to jistě ale mohly by to být češtiny do her.Je tam ikona dvou počítačů šikmo nad sebou.A ten nouzový režim už jde.(CHyba mezi židlí a počítačem)
.Ještě mi prosím napiš jakej použít antivir.Teď tu mám na měsíc Noda a pak nevím.Všechna ta hrůza co tu byla přešla přes Avast,Nodem jsem se to snažila vyléčit.A jestli jen tak preventivně bych někdy mohla zaslat log.
Hezký den!
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Ten Putty.exe je Telnet/SSH klient pro Windows. Přes něj se můžeš připojit kryptovaně na nějaký jiný systém či počítač.
S těmi antiviry těžko něco doporučit vyzkoušej a uvidíš který ti bude líp vyhovovat. Obecně Nod si na tom stojí líp ale zas je placený tak záleží jestli chceš používat free verzi antiviru nebo komerční produkty.
Klidně si můžeš nechat jednou za čas zkontrolovat log.
S těmi antiviry těžko něco doporučit vyzkoušej a uvidíš který ti bude líp vyhovovat. Obecně Nod si na tom stojí líp ale zas je placený tak záleží jestli chceš používat free verzi antiviru nebo komerční produkty.
Klidně si můžeš nechat jednou za čas zkontrolovat log.
Mějte se hezky.A zase někdy....Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 7 hostů