Ahoj prosím o radu napadl mě tento vir Win32 Injector .ATV trojský kůň a nejde odstranit.AVG anic nehlasi objevil ho az online test esetu.
Navic mi porad shazuje sdileni souboru (sluzba server) a firewall, takze pak musim vzdy restartovat pc aby to nabehlo.Mam doma 3 pc a bojim se ze se vir dostal i na ne.
Pls poradte posilam RSIT log:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 15:58:43, on 1.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\ProcessTamer\ProcessTamerTray.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
c:\CM\CM.exe
c:\CM\CM.exe
c:\CM\CM.exe
c:\CM\CM.exe
c:\CM\CM.exe
c:\CM\CM.exe
c:\CM\CM.exe
c:\CM\CM.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\WMEncAgt.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\HIJACK\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eset.cz/eset-online-skener-run?i_agree=Start
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RunRaidmon] "C:\Program Files\Lsi Logic Corp\Spy\Raidmon.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A99737BA-824B-4780-92D1-7B1D00E078AF}: NameServer = 78.24.8.150,213.192.34.214
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Spyser - Unknown owner - C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5575 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Win32 Injector .ATV trojský kůň
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Win32 Injector .ATV trojský kůň
Pokud máte počítač propojen s ostatními počítači v domácnosti, odpojte ho. Používáte AVG Internet Security nebo AVG Anti-Virus (bez firewallu) 
Tohle otestujte na http://www.virustotal.com/cs/ c:\CM\CM.exe
(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)
Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478- Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
Záložka Čistič- Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
Záložka Registry- Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano" Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna 
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte. Během skenování může být počítač restartován.
Re: Win32 Injector .ATV trojský kůň
CM.exe je můj přehrávač.
Pročitil jsem CCleanerem
Combofix:
vyhodí to tuto hlášku
Zřeknutí se práva záruky na funkčnost software
následující internetové stránky nepatří ke kombofixu
www.combofix.org
www.combofix.com
V případě, že jste se rozhodli od nich něco koupit doporučujeme objednávku zrušit.
nevím zda je to normální či ne.Určitě nechci něco spustit, aby mi to uplně shodilo OS.Mám tam nějaké důležite data i kdyz zalohy mam....
Díky za radu..
Pročitil jsem CCleanerem
Combofix:
vyhodí to tuto hlášku
Zřeknutí se práva záruky na funkčnost software
následující internetové stránky nepatří ke kombofixu
www.combofix.org
www.combofix.com
V případě, že jste se rozhodli od nich něco koupit doporučujeme objednávku zrušit.
nevím zda je to normální či ne.Určitě nechci něco spustit, aby mi to uplně shodilo OS.Mám tam nějaké důležite data i kdyz zalohy mam....
Díky za radu..
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Win32 Injector .ATV trojský kůň
zde zpráva z umístění
C:\combofix\combofix.txt
ComboFix 10-02-01.02 - Administrator 01.02.2010 22:11:22.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2044.996 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
do tohoto umisteni to nevytvorilo zadny txt soubor.Předpokládám že výše uvedený log je asi špatný...nebo se mýlím?
C:\combofix
musím jen dodat že po restartu pc mi to poskodilo ovladace virtualni zvukove karty.Musel jsem reinstalovat....
také byla nainstalovana konzola pro zotaveni systemu.
C:\combofix\combofix.txt
ComboFix 10-02-01.02 - Administrator 01.02.2010 22:11:22.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2044.996 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
do tohoto umisteni to nevytvorilo zadny txt soubor.Předpokládám že výše uvedený log je asi špatný...nebo se mýlím?
C:\combofix
musím jen dodat že po restartu pc mi to poskodilo ovladace virtualni zvukove karty.Musel jsem reinstalovat....
také byla nainstalovana konzola pro zotaveni systemu.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Win32 Injector .ATV trojský kůň
tak ani to nepomohlo.Co ted?
Re: Win32 Injector .ATV trojský kůň
projel jsem znovu esetem online scanerem a uz nic nehlasi proto posilam novy uz RSIT log, za puvodni log se omlouvam.
JEste jednou diky za jeho provereni.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-02-02 11:15:33
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 58 GB (12%) free of 477 GB
Total RAM: 2044 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:50, on 2.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\ProcessTamer\ProcessTamerTray.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
c:\CM\CM.exe
c:\CM\CM.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Components\Encoder\WMEncAgt.exe
c:\CM\CM.exe
c:\CM\CM.exe
c:\CM\CM.exe
c:\CM\CM.exe
C:\WINDOWS\system32\taskmgr.exe
c:\CM\CM.exe
c:\CM\CM.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\totalcmd\TOTALCMD.EXE
C:\totalcmd\TOTALCMD.EXE
c:\install\RSIT.exe
C:\Program Files\trend micro\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eset.cz/eset-online-skener-run?i_agree=Start
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RunRaidmon] "C:\Program Files\Lsi Logic Corp\Spy\Raidmon.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [KB955759] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5057859584
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A99737BA-824B-4780-92D1-7B1D00E078AF}: NameServer = 78.24.8.150,213.192.34.214
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: Spyser - Unknown owner - C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5457 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\!synchro.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RunRaidmon"=C:\Program Files\Lsi Logic Corp\Spy\Raidmon.exe [2005-08-26 102400]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2007-09-12 63048]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-11 2043160]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KB955759"=apphelp.dll,ShimFlushCache []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Monitor Apache Servers.lnk - C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
ProcessTamer.lnk - C:\Program Files\ProcessTamer\ProcessTamerTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-12-03 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoActiveDesktop"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 2 months======
2010-02-02 11:15:33 ----D---- C:\rsit
2010-02-02 10:42:43 ----A---- C:\WINDOWS\d.ini
2010-02-02 09:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-02 09:41:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-02 09:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-02 09:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-02 09:41:28 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-02 09:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-02 09:41:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-02 09:41:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-02 09:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-02 09:40:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-02-02 09:40:42 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-02 09:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-02 09:40:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-02 09:40:18 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-02 09:40:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-02 09:40:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-02 09:39:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-02 09:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-02 09:39:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-02 09:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-02 09:37:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-02 09:37:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-02 09:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-02 09:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-02 09:36:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-02 09:36:41 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-02 09:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-02 09:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-02 09:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-02-02 09:36:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-02-02 09:36:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-02 09:35:51 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-02 09:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-02 09:28:06 ----A---- C:\WINDOWS\system32\SET108.tmp
2010-02-02 09:27:55 ----A---- C:\WINDOWS\system32\SETE7.tmp
2010-02-01 22:28:11 ----D---- C:\WINDOWS\LastGood
2010-02-01 22:28:04 ----D---- C:\Program Files\Virtual Audio Cable
2010-02-01 22:15:55 ----D---- C:\WINDOWS\Minidump
2010-02-01 22:13:40 ----D---- C:\WINDOWS\temp
2010-02-01 22:09:10 ----A---- C:\Boot.bak
2010-02-01 22:09:05 ----RASHD---- C:\cmdcons
2010-02-01 22:07:20 ----A---- C:\WINDOWS\zip.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\SWSC.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\SWREG.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\sed.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\PEV.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\MBR.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\grep.exe
2010-02-01 22:07:14 ----D---- C:\WINDOWS\ERDNT
2010-02-01 22:07:13 ----SD---- C:\ComboFix
2010-02-01 21:59:09 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-02-01 21:26:13 ----D---- C:\Qoobox
2010-02-01 18:40:22 ----D---- C:\Program Files\CCleaner
2010-02-01 15:47:03 ----D---- C:\Program Files\HIJACK
2010-02-01 14:25:12 ----D---- C:\Program Files\Trend Micro
2009-12-22 06:42:46 ----A---- C:\WINDOWS\system32\SET173.tmp
2009-12-22 06:42:46 ----A---- C:\WINDOWS\system32\SET172.tmp
2009-12-22 06:42:45 ----A---- C:\WINDOWS\system32\SET176.tmp
2009-12-22 06:42:43 ----A---- C:\WINDOWS\system32\SET17E.tmp
2009-12-22 06:42:43 ----A---- C:\WINDOWS\system32\SET17B.tmp
2009-12-22 06:42:43 ----A---- C:\WINDOWS\system32\SET17A.tmp
2009-12-22 06:42:42 ----A---- C:\WINDOWS\system32\SET183.tmp
2009-12-22 06:42:42 ----A---- C:\WINDOWS\system32\SET180.tmp
2009-12-22 06:42:42 ----A---- C:\WINDOWS\system32\SET17F.tmp
2009-12-16 14:59:50 ----A---- C:\WINDOWS\system32\SET185.tmp
2009-12-14 17:32:53 ----D---- C:\Program Files\ESET
2009-12-08 10:13:23 ----A---- C:\WINDOWS\system32\SET175.tmp
2009-12-04 15:01:30 ----D---- C:\Program Files\OddcastV3.18
2009-12-03 13:31:09 ----HD---- C:\$AVG8.VAULT$
2009-12-03 13:21:31 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-12-03 13:21:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2009-12-03 13:21:04 ----D---- C:\Program Files\AVG
2009-12-03 13:21:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
======List of files/folders modified in the last 2 months======
2010-02-02 11:15:00 ----D---- C:\install
2010-02-02 11:14:43 ----A---- C:\WINDOWS\wincmd.ini
2010-02-02 11:14:43 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-02-02 10:42:45 ----D---- C:\totalcmd
2010-02-02 10:42:43 ----D---- C:\WINDOWS
2010-02-02 10:40:05 ----D---- C:\__RDS
2010-02-02 09:44:26 ----D---- C:\WINDOWS\Debug
2010-02-02 09:42:16 ----HD---- C:\WINDOWS\inf
2010-02-02 09:42:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-02 09:42:13 ----D---- C:\WINDOWS\system32
2010-02-02 09:41:55 ----D---- C:\Program Files\Internet Explorer
2010-02-02 09:41:41 ----D---- C:\WINDOWS\WinSxS
2010-02-02 09:41:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-02 09:41:24 ----D---- C:\WINDOWS\AppPatch
2010-02-02 09:41:21 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-02 09:37:34 ----D---- C:\Program Files\Outlook Express
2010-02-02 09:36:14 ----D---- C:\WINDOWS\system32\Setup
2010-02-02 09:36:14 ----D---- C:\WINDOWS\system32\drivers
2010-02-02 09:26:42 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-02 09:24:53 ----D---- C:\_SONGS
2010-02-02 09:24:14 ----SHD---- C:\RECYCLER
2010-02-02 09:24:14 ----D---- C:\_SPOTS
2010-02-02 01:11:48 ----D---- C:\Program Files\LogMeIn
2010-02-01 22:28:04 ----RD---- C:\Program Files
2010-02-01 22:16:42 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-01 22:15:57 ----A---- C:\WINDOWS\RaidMon.txt
2010-02-01 22:15:56 ----SHD---- C:\WINDOWS\CSC
2010-02-01 22:13:27 ----RSD---- C:\WINDOWS\Fonts
2010-02-01 22:12:44 ----D---- C:\Program Files\Common Files
2010-02-01 22:09:10 ----RASH---- C:\boot.ini
2010-02-01 21:59:12 ----D---- C:\WINDOWS\Help
2010-02-01 21:57:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-01 15:47:04 ----SHD---- C:\WINDOWS\Installer
2010-01-30 13:06:11 ----D---- C:\_LINKS
2010-01-15 10:31:01 ----D---- C:\Sepie
2010-01-04 16:17:48 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-22 06:42:44 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-12-22 06:42:44 ----A---- C:\WINDOWS\system32\mstime.dll
2009-12-22 06:42:43 ----A---- C:\WINDOWS\system32\msrating.dll
2009-12-22 06:42:43 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-12-22 06:42:43 ----A---- C:\WINDOWS\system32\inseng.dll
2009-12-22 06:42:42 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-12-22 06:42:42 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-12-22 06:42:42 ----A---- C:\WINDOWS\system32\danim.dll
2009-12-22 06:42:42 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-12-14 19:27:56 ----AD---- C:\CM
2009-12-08 10:00:06 ----SD---- C:\WINDOWS\Tasks
2009-12-05 00:25:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-03 13:17:32 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-03 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-03 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-03 108552]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-06 1431040]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2006-04-27 164352]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-27 231424]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM); C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2006-12-31 31616]
R3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS; C:\WINDOWS\system32\DRIVERS\IAMTXP.sys [2005-11-29 40448]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2;Apache2; C:\Program Files\Apache Group\Apache2\bin\Apache.exe [2005-04-16 20541]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-12-05 297752]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-28 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2007-09-12 63040]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-06-05 487424]
R2 Spyser;Spyser; C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe [2005-08-26 270336]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\PEV.cfxxe [2009-12-09 261632]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-07-27 26488]
-----------------EOF-----------------
JEste jednou diky za jeho provereni.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-02-02 11:15:33
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 58 GB (12%) free of 477 GB
Total RAM: 2044 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:50, on 2.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\ProcessTamer\ProcessTamerTray.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
c:\CM\CM.exe
c:\CM\CM.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Components\Encoder\WMEncAgt.exe
c:\CM\CM.exe
c:\CM\CM.exe
c:\CM\CM.exe
c:\CM\CM.exe
C:\WINDOWS\system32\taskmgr.exe
c:\CM\CM.exe
c:\CM\CM.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\totalcmd\TOTALCMD.EXE
C:\totalcmd\TOTALCMD.EXE
c:\install\RSIT.exe
C:\Program Files\trend micro\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eset.cz/eset-online-skener-run?i_agree=Start
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RunRaidmon] "C:\Program Files\Lsi Logic Corp\Spy\Raidmon.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [KB955759] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5057859584
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A99737BA-824B-4780-92D1-7B1D00E078AF}: NameServer = 78.24.8.150,213.192.34.214
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: Spyser - Unknown owner - C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5457 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\!synchro.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RunRaidmon"=C:\Program Files\Lsi Logic Corp\Spy\Raidmon.exe [2005-08-26 102400]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2007-09-12 63048]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-11 2043160]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KB955759"=apphelp.dll,ShimFlushCache []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Monitor Apache Servers.lnk - C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
ProcessTamer.lnk - C:\Program Files\ProcessTamer\ProcessTamerTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-12-03 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoActiveDesktop"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 2 months======
2010-02-02 11:15:33 ----D---- C:\rsit
2010-02-02 10:42:43 ----A---- C:\WINDOWS\d.ini
2010-02-02 09:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-02 09:41:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-02 09:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-02 09:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-02 09:41:28 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-02 09:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-02 09:41:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-02 09:41:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-02 09:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-02 09:40:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-02-02 09:40:42 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-02 09:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-02 09:40:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-02 09:40:18 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-02 09:40:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-02 09:40:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-02 09:39:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-02 09:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-02 09:39:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-02 09:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-02 09:37:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-02 09:37:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-02 09:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-02 09:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-02 09:36:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-02 09:36:41 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-02 09:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-02 09:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-02 09:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-02-02 09:36:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-02-02 09:36:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-02 09:35:51 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-02 09:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-02 09:28:06 ----A---- C:\WINDOWS\system32\SET108.tmp
2010-02-02 09:27:55 ----A---- C:\WINDOWS\system32\SETE7.tmp
2010-02-01 22:28:11 ----D---- C:\WINDOWS\LastGood
2010-02-01 22:28:04 ----D---- C:\Program Files\Virtual Audio Cable
2010-02-01 22:15:55 ----D---- C:\WINDOWS\Minidump
2010-02-01 22:13:40 ----D---- C:\WINDOWS\temp
2010-02-01 22:09:10 ----A---- C:\Boot.bak
2010-02-01 22:09:05 ----RASHD---- C:\cmdcons
2010-02-01 22:07:20 ----A---- C:\WINDOWS\zip.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\SWSC.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\SWREG.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\sed.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\PEV.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\MBR.exe
2010-02-01 22:07:20 ----A---- C:\WINDOWS\grep.exe
2010-02-01 22:07:14 ----D---- C:\WINDOWS\ERDNT
2010-02-01 22:07:13 ----SD---- C:\ComboFix
2010-02-01 21:59:09 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-02-01 21:26:13 ----D---- C:\Qoobox
2010-02-01 18:40:22 ----D---- C:\Program Files\CCleaner
2010-02-01 15:47:03 ----D---- C:\Program Files\HIJACK
2010-02-01 14:25:12 ----D---- C:\Program Files\Trend Micro
2009-12-22 06:42:46 ----A---- C:\WINDOWS\system32\SET173.tmp
2009-12-22 06:42:46 ----A---- C:\WINDOWS\system32\SET172.tmp
2009-12-22 06:42:45 ----A---- C:\WINDOWS\system32\SET176.tmp
2009-12-22 06:42:43 ----A---- C:\WINDOWS\system32\SET17E.tmp
2009-12-22 06:42:43 ----A---- C:\WINDOWS\system32\SET17B.tmp
2009-12-22 06:42:43 ----A---- C:\WINDOWS\system32\SET17A.tmp
2009-12-22 06:42:42 ----A---- C:\WINDOWS\system32\SET183.tmp
2009-12-22 06:42:42 ----A---- C:\WINDOWS\system32\SET180.tmp
2009-12-22 06:42:42 ----A---- C:\WINDOWS\system32\SET17F.tmp
2009-12-16 14:59:50 ----A---- C:\WINDOWS\system32\SET185.tmp
2009-12-14 17:32:53 ----D---- C:\Program Files\ESET
2009-12-08 10:13:23 ----A---- C:\WINDOWS\system32\SET175.tmp
2009-12-04 15:01:30 ----D---- C:\Program Files\OddcastV3.18
2009-12-03 13:31:09 ----HD---- C:\$AVG8.VAULT$
2009-12-03 13:21:31 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-12-03 13:21:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2009-12-03 13:21:04 ----D---- C:\Program Files\AVG
2009-12-03 13:21:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
======List of files/folders modified in the last 2 months======
2010-02-02 11:15:00 ----D---- C:\install
2010-02-02 11:14:43 ----A---- C:\WINDOWS\wincmd.ini
2010-02-02 11:14:43 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-02-02 10:42:45 ----D---- C:\totalcmd
2010-02-02 10:42:43 ----D---- C:\WINDOWS
2010-02-02 10:40:05 ----D---- C:\__RDS
2010-02-02 09:44:26 ----D---- C:\WINDOWS\Debug
2010-02-02 09:42:16 ----HD---- C:\WINDOWS\inf
2010-02-02 09:42:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-02 09:42:13 ----D---- C:\WINDOWS\system32
2010-02-02 09:41:55 ----D---- C:\Program Files\Internet Explorer
2010-02-02 09:41:41 ----D---- C:\WINDOWS\WinSxS
2010-02-02 09:41:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-02 09:41:24 ----D---- C:\WINDOWS\AppPatch
2010-02-02 09:41:21 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-02 09:37:34 ----D---- C:\Program Files\Outlook Express
2010-02-02 09:36:14 ----D---- C:\WINDOWS\system32\Setup
2010-02-02 09:36:14 ----D---- C:\WINDOWS\system32\drivers
2010-02-02 09:26:42 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-02 09:24:53 ----D---- C:\_SONGS
2010-02-02 09:24:14 ----SHD---- C:\RECYCLER
2010-02-02 09:24:14 ----D---- C:\_SPOTS
2010-02-02 01:11:48 ----D---- C:\Program Files\LogMeIn
2010-02-01 22:28:04 ----RD---- C:\Program Files
2010-02-01 22:16:42 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-01 22:15:57 ----A---- C:\WINDOWS\RaidMon.txt
2010-02-01 22:15:56 ----SHD---- C:\WINDOWS\CSC
2010-02-01 22:13:27 ----RSD---- C:\WINDOWS\Fonts
2010-02-01 22:12:44 ----D---- C:\Program Files\Common Files
2010-02-01 22:09:10 ----RASH---- C:\boot.ini
2010-02-01 21:59:12 ----D---- C:\WINDOWS\Help
2010-02-01 21:57:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-01 15:47:04 ----SHD---- C:\WINDOWS\Installer
2010-01-30 13:06:11 ----D---- C:\_LINKS
2010-01-15 10:31:01 ----D---- C:\Sepie
2010-01-04 16:17:48 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-22 06:42:44 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-12-22 06:42:44 ----A---- C:\WINDOWS\system32\mstime.dll
2009-12-22 06:42:43 ----A---- C:\WINDOWS\system32\msrating.dll
2009-12-22 06:42:43 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-12-22 06:42:43 ----A---- C:\WINDOWS\system32\inseng.dll
2009-12-22 06:42:42 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-12-22 06:42:42 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-12-22 06:42:42 ----A---- C:\WINDOWS\system32\danim.dll
2009-12-22 06:42:42 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-12-14 19:27:56 ----AD---- C:\CM
2009-12-08 10:00:06 ----SD---- C:\WINDOWS\Tasks
2009-12-05 00:25:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-03 13:17:32 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-03 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-03 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-03 108552]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-06 1431040]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2006-04-27 164352]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-27 231424]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM); C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2006-12-31 31616]
R3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS; C:\WINDOWS\system32\DRIVERS\IAMTXP.sys [2005-11-29 40448]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2;Apache2; C:\Program Files\Apache Group\Apache2\bin\Apache.exe [2005-04-16 20541]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-12-05 297752]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-28 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2007-09-12 63040]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-06-05 487424]
R2 Spyser;Spyser; C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe [2005-08-26 270336]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\PEV.cfxxe [2009-12-09 261632]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-07-27 26488]
-----------------EOF-----------------
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Win32 Injector .ATV trojský kůň
Podle návodu http://www.viry.cz/forum/viewtopic.php?f=15&t=72743 aplikujte tento skript.
Kód: Vybrat vše
:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
:Services
PEVSystemStart
:Files
C:\ComboFix\PEV.cfxxe
:Commands
[emptytemp]
[purity]
[Reboot]Start >> Spustit, zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
Stáhněte T-Cleanerhttp://sweb.cz/Marinus/T-Cleaner.exe
- Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
- Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.
Dejte nový log z RSIT http://www.viry.cz/forum/viewtopic.php?f=30&t=82744
Přispějete na provoz fóra?