VIRY.CZ

Zdravim,
nejdriv popisu, co mne blbnulo a jak jsem na ten vir prisel:
Mel jsem problem s pripojenim k ADSL, obcas mi to vypadlo na minutu nebo dve, ale pak to zase naskocilo a bezelo v poradku. Tak jsem to jednou sledoval, co se deje, a objevil jsem, ze kdyz sit spadne, tak modem funguje, sviti vsechny kontrolky, ale u mne v nabidce bezdratovych siti tu svoji proste nechytam. Po chvilce se tam dokonce objevi, ale stejne se nepripojim. Tak jsem rozkliknul nastaveni a zjistil jsem, ze mam prehozene overovani/sifrovani na otevrene/wep a jeste to po mne chce certifikat. Za chvilku se ale nastaveni zmenilo na predchozi a samo se automaticky pripojilo. Pritom spolubydlici s notebookem je pripojeny porad a nepada mu to.
Tak jsem updatoval avast, pustil a nasel jsem dve virove hlasky. Jedna (malware generator) v souboru WorldOfWarcraft "Documents and Settings/All Users/Data aplikací/Blizzard Entertainment/Battle.net/Cache/36/b2/36b27cd911b33c61730a8b82c8b2495fd16e8024fc3b2dde08861c77a852941c.auth", ale kdyz jsem tento soubor poslal na http://www.Jotti.com k testovani, tak to nenaslo vubec nic. Pravdepodobne false positive.
Druhy nalez byl ale v pagefile.sys na C: (na ostatnich discich ani zalohovani nemam). Tam byp prave "win32-hupigon-onx". Tak jsem chvilku googlil co s tim, to ten vir dela, jak se ho zbavit, atd. Bohuzel pagefile.sys ma 3GB, takze nejake testovani online nepripada v uvahu. Nakonec jsem ho proste smazal a zakazal zalohovani/obnovu systemu. Dalsi spusteni Avastu z nic nenaslo.
.
Googlenim jsem ale nenasel tyto odpovedi:
1- rad bych vedel, co tento vir umi, co si mam zkontrolovat, jestli taky keyloguje a musim si zmenit hesla.
2- protoze chci zase zapnout zalohovani systemu, chci mit zarucene, ze se mi zase vir nenakopiruje do pagefile.sys behem par dni. Jak zjistit, jestli neni nekde v systemu/na disku jeste schovany a ceka az budu zase mit pagefille.sys?
.
Mam winXP. Firefox updatuju, mirandu updatuju, spyware terminator a avast take updatuju a spostim zhruba jednou mesicne. Firewall comodo 5.0 (ten jsem nedavno uupdatoval z predchozi verze).
.
.
ooooooooooooooooooooooooooooo RSIT log oooooooooooooooooooooooooooooooooooooooooooo
.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Tomas at 2010-10-04 13:35:49
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (33%) free of 30 GB
Total RAM: 3070 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:36:48 PM, on 10/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Totalcmd\TOTALCMD.EXE
G:\Users\Utils\Systemove\RSIT.exe
C:\Program Files\trend micro\Tomas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cz.o2.com/welcome/cz/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=62548
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1343024091-343818398-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipamiti kategorií soueástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files\Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe

--
End of file - 8714 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-15 1230288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
KeyScramblerBHO Class - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2010-01-25 796400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-19 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-15 1230288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2010-04-15 2176512]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2005-03-02 278528]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-09-29 2500552]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"PivotSoftware"=C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2007-01-26 694008]
"LogMeIn Hamachi Ui"=C:\Program Files\Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-10-17 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=181

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-10-04 13:35:49 ----D---- C:\rsit
2010-09-30 13:20:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Motive
2010-09-29 14:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-27 18:20:28 ----A---- C:\WINDOWS\usb8023w.sys
2010-09-27 18:20:28 ----A---- C:\WINDOWS\usb8023m.sys
2010-09-27 18:20:28 ----A---- C:\WINDOWS\usb8023k.sys
2010-09-27 18:20:28 ----A---- C:\WINDOWS\unRTL.exe
2010-09-27 18:20:28 ----A---- C:\WINDOWS\rndismpw.sys
2010-09-27 18:20:28 ----A---- C:\WINDOWS\rndismpm.sys
2010-09-27 18:20:28 ----A---- C:\WINDOWS\rndismpk.sys
2010-09-27 18:20:28 ----A---- C:\WINDOWS\pnpclk.dll
2010-09-27 18:20:28 ----A---- C:\WINDOWS\autoclk.exe
2010-09-21 12:50:45 ----D---- C:\Program Files\TO2SSM
2010-09-21 12:45:04 ----D---- C:\Program Files\Common Files\Motive
2010-09-21 11:57:36 ----A---- C:\WINDOWS\system32\CapabilityTable.exe
2010-09-21 11:57:20 ----N---- C:\WINDOWS\system32\nvuide.exe
2010-09-21 11:57:17 ----RA---- C:\WINDOWS\system32\NVCOI.DLL
2010-09-21 11:57:16 ----RA---- C:\WINDOWS\system32\idecoiins.dll
2010-09-21 11:57:16 ----RA---- C:\WINDOWS\system32\idecoi.dll
2010-09-21 11:57:16 ----RA---- C:\WINDOWS\system32\drivers\nvata.sys
2010-09-21 11:56:42 ----RA---- C:\WINDOWS\system32\fdco1ins.dll
2010-09-21 11:56:42 ----RA---- C:\WINDOWS\system32\fdco1.dll
2010-09-21 11:56:42 ----RA---- C:\WINDOWS\system32\drivers\NVENETFD.sys
2010-09-21 11:56:38 ----A---- C:\WINDOWS\system32\nvunrm.exe
2010-09-21 11:56:35 ----RA---- C:\WINDOWS\system32\nvconrm.dll
2010-09-21 11:56:35 ----RA---- C:\WINDOWS\system32\drivers\nvtcp.sys
2010-09-21 11:56:35 ----RA---- C:\WINDOWS\system32\drivers\nvsnpu.sys
2010-09-21 11:56:35 ----RA---- C:\WINDOWS\system32\drivers\nvnrm.sys
2010-09-21 11:56:35 ----RA---- C:\WINDOWS\system32\bdco1ins.dll
2010-09-21 11:56:35 ----RA---- C:\WINDOWS\system32\bdco1.dll
2010-09-21 11:56:34 ----RA---- C:\WINDOWS\system32\drivers\nvnetbus.sys
2010-09-21 11:56:06 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-09-21 11:55:45 ----RA---- C:\WINDOWS\system32\raidmgmt.ini
2010-09-21 11:55:45 ----RA---- C:\WINDOWS\system32\AsusSetup.ini
2010-09-21 11:55:45 ----RA---- C:\WINDOWS\system32\AsusSetup.exe
2010-09-20 21:16:46 ----D---- C:\Program Files\Hamachi
2010-09-20 19:27:44 ----A---- C:\WINDOWS\AS_Debug.txt
2010-09-20 19:23:04 ----D---- C:\WINDOWS\OPTIONS
2010-09-20 17:14:48 ----D---- C:\Program Files\Unlocker
2010-09-15 15:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-15 15:31:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-15 15:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-15 15:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-15 15:31:04 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-15 15:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 15:28:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-11 02:32:03 ----D---- C:\WINDOWS\system32\LogFiles
2010-09-10 17:34:52 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2010-10-04 13:36:11 ----D---- C:\Program Files\trend micro
2010-10-04 13:35:28 ----D---- C:\WINDOWS\Prefetch
2010-10-04 13:34:19 ----D---- C:\Program Files\Spyware Terminator
2010-10-04 13:34:19 ----D---- C:\Documents and Settings\Tomas\Data aplikací\Spyware Terminator
2010-10-04 13:21:56 ----A---- C:\WINDOWS\wincmd.ini
2010-10-04 13:12:01 ----D---- C:\WINDOWS\Temp
2010-10-04 13:09:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-04 04:12:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-04 01:44:41 ----D---- C:\Program Files\PokerStars
2010-10-03 23:59:30 ----SHD---- C:\System Volume Information
2010-10-03 23:37:53 ----D---- C:\Program Files\Diablo II
2010-10-03 23:36:22 ----D---- C:\WINDOWS
2010-10-03 23:03:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-09-30 21:50:17 ----D---- C:\Documents and Settings\Tomas\Data aplikací\Skype
2010-09-30 20:43:22 ----D---- C:\WINDOWS\system32
2010-09-30 19:52:02 ----D---- C:\Documents and Settings\Tomas\Data aplikací\skypePM
2010-09-30 17:27:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard Entertainment
2010-09-30 17:15:51 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-09-30 14:57:07 ----RD---- C:\Program Files
2010-09-30 14:56:24 ----SHD---- C:\WINDOWS\Installer
2010-09-29 14:08:59 ----A---- C:\WINDOWS\system32\guard32.dll
2010-09-29 14:03:13 ----HD---- C:\WINDOWS\inf
2010-09-27 18:20:26 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-27 17:52:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-22 17:37:17 ----D---- C:\Documents and Settings\Tomas\Data aplikací\vlc
2010-09-22 15:11:30 ----D---- C:\Program Files\TableNinja
2010-09-21 12:45:04 ----D---- C:\Program Files\Common Files
2010-09-21 11:57:28 ----D---- C:\WINDOWS\system32\drivers
2010-09-21 11:57:16 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-09-20 21:18:55 ----D---- C:\WINDOWS\system32\config
2010-09-20 21:18:16 ----D---- C:\WINDOWS\system32\wbem
2010-09-20 21:18:11 ----D---- C:\WINDOWS\Registration
2010-09-19 16:24:21 ----D---- C:\Program Files\Mozilla Firefox
2010-09-15 15:31:34 ----A---- C:\WINDOWS\imsins.BAK
2010-09-15 15:31:31 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-15 15:31:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-15 15:29:01 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-13 22:21:51 ----D---- C:\Documents and Settings\Tomas\Data aplikací\Miranda
2010-09-12 17:12:14 ----D---- C:\WINDOWS\system32\CatRoot
2010-09-10 18:01:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-09-10 18:01:26 ----D---- C:\Program Files\RALINK
2010-09-10 01:40:56 ----D---- C:\WINDOWS\Minidump
2010-09-08 06:56:53 ----D---- C:\Program Files\Poker Tracker V2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2010-09-29 91560]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-21 105344]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-08 721904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-01-24 8704]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-09-29 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-09-29 25240]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12856]
R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2007-01-26 17465]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 UsbFltr;WayTechUSBFilterDriver; C:\WINDOWS\system32\drivers\UsbFltr.sys [2006-04-28 9291]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-10-06 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 208851]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 10324]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 34789]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-10-17 2642944]
R3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2009-10-04 115312]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
R3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys []
R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-05-04 380928]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-02-11 13824]
S3 az9qhqhm;az9qhqhm; C:\WINDOWS\system32\drivers\az9qhqhm.sys []
S3 Bridge;Most MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 USB_RNDIS_51;%USBServiceDisplayName%; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-14 12800]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-10-17 495616]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-09-29 1901056]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-19 153376]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2009-03-13 65536]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\PROGRA~1\SPYWAR~1\sp_rsser.exe [2010-04-15 488960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-10-16 593920]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\Hamachi\hamachi-2.exe [2010-03-30 1107336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

ComboFix 10-10-03.03 - Tomas 04.10.2010 20:25:34.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2411 [GMT 2:00]
Spuštěný z: d:\downloaded\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 101004-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Hamachi\hamachi-2-ui.exe
c:\program files\Hamachi\hamachi-2.exe
c:\program files\Portrait Displays\Pivot Software\wpctrl.exe
c:\program files\WinFast\WFTVFM\WFWIZ.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_Hamachi2Svc
-------\Service_Hamachi2Svc


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-04 do 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-04 11:35 . 2010-10-04 11:36 -------- d-----w- C:\rsit
2010-09-27 16:20 . 2008-06-25 09:33 458752 ----a-w- c:\windows\usb8023k.sys
2010-09-27 16:20 . 2008-06-25 09:33 32768 ----a-w- c:\windows\pnpclk.dll
2010-09-27 16:20 . 2008-06-25 09:33 29184 ----a-w- c:\windows\rndismpk.sys
2010-09-27 16:20 . 2008-06-25 09:33 27264 ----a-w- c:\windows\rndismpm.sys
2010-09-27 16:20 . 2008-06-25 09:33 27008 ----a-w- c:\windows\rndismpw.sys
2010-09-27 16:20 . 2008-06-25 09:33 135168 ----a-w- c:\windows\unRTL.exe
2010-09-27 16:20 . 2008-06-25 09:33 11264 ----a-w- c:\windows\usb8023w.sys
2010-09-27 16:20 . 2008-06-25 09:33 11136 ----a-w- c:\windows\usb8023m.sys
2010-09-27 16:20 . 2008-06-25 09:33 126976 ----a-w- c:\windows\autoclk.exe
2010-09-21 10:50 . 2010-09-30 11:20 -------- d-----w- c:\program files\TO2SSM
2010-09-21 10:45 . 2010-09-30 11:20 -------- d-----w- c:\program files\Common Files\Motive
2010-09-21 09:57 . 2006-03-23 17:53 442368 ----a-w- c:\windows\system32\CapabilityTable.exe
2010-09-21 09:57 . 2006-08-18 02:28 208896 ------w- c:\windows\system32\nvuide.exe
2010-09-21 09:57 . 2006-08-18 02:28 35840 ----a-r- c:\windows\system32\NVCOI.DLL
2010-09-21 09:57 . 2006-08-21 10:24 363008 ----a-r- c:\windows\system32\idecoiins.dll
2010-09-21 09:57 . 2006-08-21 10:24 363008 ----a-r- c:\windows\system32\idecoi.dll
2010-09-21 09:57 . 2006-08-21 10:24 105344 ----a-r- c:\windows\system32\drivers\nvata.sys
2010-09-21 09:56 . 2006-09-11 11:45 57856 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2010-09-21 09:56 . 2006-09-11 11:43 201728 ----a-r- c:\windows\system32\fdco1ins.dll
2010-09-21 09:56 . 2006-09-11 11:43 201728 ----a-r- c:\windows\system32\fdco1.dll
2010-09-21 09:56 . 2006-09-11 09:06 356352 ----a-w- c:\windows\system32\nvunrm.exe
2010-09-21 09:56 . 2006-09-11 11:45 110592 ----a-r- c:\windows\system32\drivers\nvtcp.sys
2010-09-21 09:56 . 2006-09-11 11:45 1161088 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2010-09-21 09:56 . 2006-09-11 11:44 261632 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2010-09-21 09:56 . 2006-09-11 11:43 11264 ----a-r- c:\windows\system32\bdco1ins.dll
2010-09-21 09:56 . 2006-09-11 11:43 11264 ----a-r- c:\windows\system32\bdco1.dll
2010-09-21 09:56 . 2006-09-11 09:06 35840 ----a-r- c:\windows\system32\nvconrm.dll
2010-09-21 09:56 . 2006-09-11 11:45 19968 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2010-09-21 09:56 . 2006-03-23 17:51 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-09-21 09:55 . 2006-02-21 11:38 486400 ----a-r- c:\windows\system32\AsusSetup.exe
2010-09-20 19:18 . 2010-09-20 19:18 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-20 19:16 . 2010-10-04 18:31 -------- d-----w- c:\program files\Hamachi
2010-09-20 17:28 . 2006-08-14 04:09 1428 ----a-r- c:\windows\system32\drivers\nvphy.bin
2010-09-20 17:23 . 2010-09-20 17:23 -------- d-----w- c:\windows\OPTIONS
2010-09-20 15:14 . 2010-09-20 19:17 -------- d-----w- c:\program files\Unlocker
2010-09-11 00:32 . 2010-09-11 00:32 -------- d-----w- c:\windows\system32\LogFiles
2010-09-10 15:52 . 2006-04-06 11:15 8192 ----a-w- c:\windows\system32\drivers\RT2661.bin
2010-09-10 15:52 . 2006-04-06 11:15 8192 ----a-w- c:\windows\system32\drivers\RT2561s.bin
2010-09-10 15:52 . 2006-04-06 11:15 8192 ----a-w- c:\windows\system32\drivers\RT2561.bin
2010-09-10 10:13 . 2006-11-30 17:30 8192 ----a-w- c:\windows\system32\rt2661.bin
2010-09-10 10:13 . 2006-11-30 17:30 8192 ----a-w- c:\windows\system32\rt2561s.bin
2010-09-10 10:13 . 2006-11-30 17:30 8192 ----a-w- c:\windows\system32\rt2561.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 15:57 . 2009-10-06 21:00 -------- d-----w- c:\program files\PokerStars
2010-10-04 11:36 . 2010-03-23 18:44 -------- d-----w- c:\program files\trend micro
2010-10-04 11:34 . 2010-01-25 23:05 -------- d-----w- c:\program files\Spyware Terminator
2010-10-03 21:37 . 2009-10-24 23:41 -------- d-----w- c:\program files\Diablo II
2010-09-30 15:15 . 2010-06-04 11:00 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-29 12:08 . 2010-06-01 17:00 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-29 12:08 . 2010-06-01 17:00 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-29 12:08 . 2010-06-04 09:55 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-29 12:08 . 2010-06-01 17:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-29 12:08 . 2010-06-01 17:00 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-27 16:20 . 2009-10-06 13:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-27 15:52 . 2001-10-25 14:00 77984 ----a-w- c:\windows\system32\perfc005.dat
2010-09-27 15:52 . 2001-10-25 14:00 429078 ----a-w- c:\windows\system32\perfh005.dat
2010-09-22 13:11 . 2009-11-09 14:37 -------- d-----w- c:\program files\TableNinja
2010-09-10 16:01 . 2009-10-06 13:47 -------- d-----w- c:\program files\RALINK
2010-09-08 04:56 . 2009-10-07 13:01 -------- d-----w- c:\program files\Poker Tracker V2
2010-09-01 11:30 . 2010-09-01 11:30 62009 ----a-w- c:\windows\system32\wpfb_ati2dvag.dll
2010-09-01 11:30 . 2010-09-01 11:30 -------- d-----w- c:\program files\Portrait Displays
2010-08-19 14:18 . 2009-10-07 14:44 -------- d-----w- c:\program files\Holdem Manager
2010-08-19 13:41 . 2010-08-19 13:41 -------- d-----w- c:\program files\Common Files\Java
2010-08-19 13:40 . 2010-08-19 13:41 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-19 13:40 . 2010-08-19 13:40 -------- d-----w- c:\program files\Java
2010-08-19 13:40 . 2010-08-19 13:40 79488 ----a-w- c:\documents and settings\Tomas\Data aplikací\Sun\Java\jre1.6.0_21\gtapi.dll
2010-08-19 13:40 . 2010-08-19 13:40 152576 ----a-w- c:\documents and settings\Tomas\Data aplikací\Sun\Java\jre1.6.0_21\lzma.dll
2010-08-17 13:17 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-07 22:30 . 2010-08-07 22:30 -------- d-----w- c:\program files\MSECache
2010-08-02 21:29 . 2010-08-02 21:29 503808 ----a-w- c:\documents and settings\Tomas\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-191123db-n\msvcp71.dll
2010-08-02 21:29 . 2010-08-02 21:29 499712 ----a-w- c:\documents and settings\Tomas\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-191123db-n\jmc.dll
2010-08-02 21:29 . 2010-08-02 21:29 348160 ----a-w- c:\documents and settings\Tomas\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-191123db-n\msvcr71.dll
2010-08-02 21:29 . 2010-08-02 21:29 61440 ----a-w- c:\documents and settings\Tomas\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1d97d443-n\decora-sse.dll
2010-08-02 21:29 . 2010-08-02 21:29 12800 ----a-w- c:\documents and settings\Tomas\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1d97d443-n\decora-d3d.dll
2010-07-22 15:46 . 2004-08-17 13:49 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2010-04-14 2176512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-29 2500552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.4.2010 15:11 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4.6.2010 11:55 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1.6.2010 19:00 25240]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [6.10.2009 15:46 12856]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [26.1.2010 1:06 142592]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [6.10.2009 15:46 9291]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.4.2010 15:11 20560]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [13.3.2009 5:50 65536]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [8.4.2010 13:34 208851]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [8.4.2010 13:34 10324]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [8.4.2010 13:34 34789]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [6.10.2009 19:55 115312]
S3 USB_RNDIS_51;%USBServiceDisplayName%;c:\windows\system32\drivers\usb8023.sys [3.8.2004 23:04 12800]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [8.4.2010 13:20 9446]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.10.2009 14:51 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\i1cd4w7i.default\
FF - prefs.js: browser.search.selectedEngine - SluneÄŤnice
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\documents and settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\i1cd4w7i.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-WinFast Schedule - c:\program files\WinFast\WFTVFM\WFWIZ.exe
HKLM-Run-PivotSoftware - c:\program files\Portrait Displays\Pivot Software\wpctrl.exe
HKLM-Run-LogMeIn Hamachi Ui - c:\program files\Hamachi\hamachi-2-ui.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_09da&Pid_8090&MI_00\7&6d72a78&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(936)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\SPYWAR~1\sp_rsser.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\wdfmgr.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-10-04 20:35:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-04 18:35

Před spuštěním: Volných bajtů: 10 274 881 536
Po spuštění: Volných bajtů: 10 640 244 736

- - End Of File - - 72344755346EA3627AA32D2C1CB9DCB6

5 položek bylo smazáno, zbytek logu vypadá čistý. Nastala nějaká změna?

Tak uz to vypada v poradku, sit nepada a ani spyware terminator ani avast nenasli nakazu.
Zapnu si ted zase zalohovani/obnoveni systemu a uvidim.
Zajimave je, ze smazane polozky jsou Hamachi - pro vytvoreni LAN pres internet, ktere mam na kompu uz dlouho a nikdy nedelalo problem, dale pivotsoft, ktery byl dodany spolu s monitorem, a pak WFwiz, ktery je zase od me televizni karty winfast.

Hamachi je P2P sít, což je potenciální hrozba. To ostatní nevím, proč CF vyhodnotil jako šmejd.