Prosím o kontrolu - niečo ma spomaľuje. Vyřešeno

[Brumteles68]

Prosím o kontrolu, Ad Aware mi našiel zopár červov a trojanov, ale aj tak sa mi zdá že ma niečo spomaľuje.Prikladám log z HJT. Zatiaľ dík

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:53, on 28.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6631 bytes

[Reklama]

[Brumteles68]

Ahoj.
Nechcem zakladať nový príspevok, keď som na tento ešte nedostal odpoveď. Viem že je dovolenkové obdobie a treba si aj oddýchnuť.

Ten predchádzajúci log už nieje aktuálny. Prešiel som PC ešte niekoľkými antivirmi, pričom mi NOD aj SuperantiSpyware našiel po jednom podozrivom súbore. Takisto aj Spybot našiel niekoľko obj.
Môj problém je v tom, že mi nejde obnova systému a pri štarte win. dlho načíta nastavenia. Pritom po spustení mi beží iba zopár apl, väčšina z ních sú štíty a lebo antivíry.
Ešte akt. log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:45, on 4.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 6796 bytes


Zatiaľ ďakujem.

[Baron Prášil]

nejde zapnout obnova nebo nejde obnovit systém?
log je v pořádku. udělej sken MWAVem.

[Brumteles68]

Ahoj.
Nejde mi obnoviť systém, skúšal som 3 body obnovenia a ani jeden nenastavilo. Stále po reštarte, pri nastavovaní bodu obnovenia, nevykoná v PC žiadne zmeny na čo ma pekne upozorní a ponúkne mi vrátiť sa späť bez nejakých zmien.

Toto mi našiel MWAV:
Soubor D:\System Volume Information\_restore{F26145A0-A6A8-47AC-A272-E55146FF25CC}\RP85\A0030545.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor D:\System Volume Information\_restore{F26145A0-A6A8-47AC-A272-E55146FF25CC}\RP85\A0030549.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.

Zatiaľ dík.

[Baron Prášil]

no,s těmi body obnovy bych se asi rozloučil. nevím jak moc potřebuješ obnovu. vyzkoušel bych,jestli to obnovení systému je vůbec funkční. standardně vypnutím obnovy>restartem a opětovným zapnutím.
tím,samozřejmě ztratíš veškeré body obnovy které tam máš,ale které jsou pravděpodobně poškozeny.

[Brumteles68]

O tie body obnovy ani tak nejde, ja som sa iba chcel pokúsiť či mi prestane blbnúť comp ak ho vrátim v nastaveniach späť asi na začiatok mesiaca. A čo ďalej s tým čo mi našiel MWAV?

[Jan Pašek]

Po vypnutí obnovy systému a nové kontrole Mvav je to tam stále? Bo ty šmejdici sedí v adresáři restore. Soubory z koše jsou také odstraněny?
MNo nechávám si tu též radit raději budu zas šoupat nohama bo když si tě vzal prášil do parády by se to odemne slušelo.

[Brumteles68]

Tu obnovu mám vypnutu asi 4 dni aj kôš bol prázdny keď som spúšťal MWAV

[Baron Prášil]

to co našel mwav neni nebezpečný. spíš to tam nemá co dělat. restartoval si ten komp po vypnutí obnovy?

[Brumteles68]

jj. Ako som písal, tú obnovu mám vypnutú už asi 4 dni a pc zapínam viackrát denne alebo to mám spraviť nejak inak?

[Baron Prášil]

tak se mrknem na combofix
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Brumteles68]

Posielam ten log.

ComboFix 08-08-03.05 - Brumteles 2008-08-04 15:23:07.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.2086 [GMT 2:00]
Running from: C:\Documents and Settings\Brumteles\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\btfunc.dll
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780}
-------\Service_{DEF85C80-216A-43ab-AF70-1665EDBE2780}


((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-04 13:14 . 2008-08-04 13:14 0 --a------ C:\23990098.$$$
2008-08-04 11:59 . 2008-08-04 12:41 50 --a------ C:\WINDOWS\Lic.xxx
2008-08-04 11:58 . 2004-08-17 15:49 418,304 --a------ C:\WINDOWS\R.COM
2008-08-04 11:58 . 2004-08-17 15:49 353,280 --a------ C:\WINDOWS\system32\T.COM
2008-08-01 22:10 . 2008-08-01 22:10 <DIR> d-------- C:\Program Files\Sun
2008-08-01 22:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-01 22:09 . 2008-08-01 22:09 <DIR> d-------- C:\Program Files\Java
2008-08-01 22:08 . 2008-08-01 22:08 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-01 21:58 . 2008-08-01 21:58 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-01 21:29 . 2008-08-01 23:29 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-31 10:49 . 2008-07-31 10:49 <DIR> d-------- C:\Program Files\Piranha Bytes
2008-07-31 10:24 . 2008-07-31 10:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-31 10:23 . 2008-08-01 21:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-31 10:15 . 2008-07-31 10:15 <DIR> d-------- C:\NVIDIA
2008-07-31 10:15 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-31 10:02 . 2008-07-31 10:02 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-07-31 10:02 . 2008-07-31 10:02 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-07-29 19:23 . 2008-08-02 09:36 654 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-07-27 15:44 . 2008-07-27 15:44 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-07-24 19:00 . 2008-07-31 10:02 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-23 11:29 . 2008-07-23 11:29 <DIR> d-------- C:\Program Files\Ligos
2008-07-23 10:55 . 2008-07-23 10:55 <DIR> d-------- C:\Program Files\Intel
2008-07-23 10:55 . 2000-06-23 14:05 136,704 --a------ C:\WINDOWS\system32\iacenc.dll
2008-07-23 10:55 . 2000-06-22 13:09 56,320 --------- C:\WINDOWS\system32\iyvu9_32.dll
2008-07-23 10:51 . 2008-07-23 10:51 <DIR> d-------- C:\Program Files\Windows Media Components
2008-07-19 17:37 . 2008-07-28 16:00 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-19 17:31 . 2008-07-31 10:02 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-07-19 17:31 . 2005-12-22 15:00 15,790,080 -ra------ C:\WINDOWS\UnWSetup.exe
2008-07-19 17:27 . 2008-07-31 10:02 <DIR> d-------- C:\Program Files\Outbreak
2008-07-19 17:21 . 2008-07-23 17:59 53,248 --a------ C:\WINDOWS\unrar.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 19:45 --------- d-----w C:\Program Files\Crawler
2008-08-02 09:19 --------- d-----w C:\Program Files\totalcmd
2008-07-31 14:28 --------- d-----w C:\Program Files\ICQToolbar
2008-07-31 08:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 08:01 --------- d-----w C:\Program Files\Spyware Terminator
2008-07-31 08:01 --------- d-----w C:\Program Files\Common Files\PCCamera
2008-07-31 07:44 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-07-28 22:38 --------- d-----w C:\Program Files\ESET
2008-07-24 16:46 --------- d-----w C:\Program Files\Ahead
2008-07-23 08:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-16 13:04 --------- d-----w C:\Program Files\Transform XP to Vista
2008-07-16 12:05 --------- d-----w C:\Program Files\ICQ6
2008-07-03 21:40 --------- d-----w C:\Program Files\Yahoo!
2008-07-01 11:04 --------- d-----w C:\Program Files\IObit
2008-06-27 08:57 921,632 ----a-w C:\PA7311.DAT
2008-06-19 16:14 --------- d-----w C:\Program Files\Trend Micro
2008-06-19 15:54 --------- d-----w C:\Program Files\DVD Shrink
2008-06-19 14:01 48,675 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-06-19 14:01 1,705 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-06-19 13:28 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-06-19 13:23 --------- d-----w C:\Program Files\CCleaner
2008-06-19 10:47 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-06-17 12:56 --------- d-----w C:\Program Files\ToniArts
2008-06-16 16:00 --------- d-----w C:\Program Files\Google
2008-06-16 13:13 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-16 13:13 --------- d-----w C:\Program Files\Common Files\HP
2008-06-16 13:11 --------- d-----w C:\Program Files\HP
2008-06-16 13:11 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-16 13:10 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-06-16 13:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-16 12:24 --------- d-----w C:\Program Files\Skype
2008-06-14 17:20 --------- d-----w C:\Program Files\ROUTE66
2008-06-14 14:43 --------- d-----w C:\Program Files\IVT Corporation
2008-06-14 14:18 --------- d-----w C:\Program Files\Phenix-Q8
2008-06-14 14:00 --------- d-----w C:\Program Files\Alcohol Soft
2008-06-14 13:46 --------- d-----w C:\Program Files\WinFast
2008-06-14 13:37 --------- d-----w C:\Program Files\InterVideo
2008-06-14 13:33 --------- d-----w C:\Program Files\BillP Studios
2008-06-14 13:12 --------- d-----w C:\Program Files\Winamp
2008-06-14 13:05 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-14 12:55 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-14 12:17 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-06-14 12:17 274,432 ----a-w C:\WINDOWS\system32\imon.dll
2008-06-14 12:17 --------- d-----w C:\Program Files\Sunbelt Software
2008-06-14 11:54 --------- d-----w C:\Program Files\ASUS
2008-06-14 11:51 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-06-14 11:32 --------- d-----w C:\Program Files\Realtek AC97
2008-06-14 10:44 558,142 ----a-w C:\WINDOWS\java\Packages\UV53XR9N.ZIP
2008-06-14 10:44 155,995 ----a-w C:\WINDOWS\java\Packages\IVBXR9ZT.ZIP
2008-06-14 10:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
.

------- Sigcheck -------

2002-09-20 18:05 600064 d1a616d5337e344a0dd6c6df7733a6c3 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-17 15:49 1217024 010e00fba1d7afcc639710cdc010218c C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2004-08-17 15:49 1217024 010e00fba1d7afcc639710cdc010218c C:\WINDOWS\system32\wininet.dll

2004-08-17 15:49 1881088 3ca180b1d5bd5cc22374b2fb77491ee8 C:\WINDOWS\explorer.exe
2002-09-20 18:05 1004544 11d80755545cfb5eb9659ee88440eae2 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-17 15:49 1881088 3ca180b1d5bd5cc22374b2fb77491ee8 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-13 05:20 1314032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="C:\WINDOWS\System32\sw20.exe" [2005-06-30 08:03 200704]
"SW24"="C:\WINDOWS\System32\sw24.exe" [2005-07-04 07:29 69632]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-14 14:17 921600]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-14 14:55 1817600]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 07:38 316728]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2005-03-02 13:21 278528]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-14 14:55]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 10:21]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 23:08]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]
S3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Brumteles\Data aplikací\Mozilla\Firefox\Profiles\37n9fc8w.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 15:31:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Completion time: 2008-08-04 15:34:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-04 13:34:07

Pre-Run: Volných bajtů: 11,435,954,176
Post-Run: Volněch bajt…: 11,465,113,600

214