Pc se zasekává a je velmi pomalé

Zpráva

DavidHron · #1 Příspěvek od **DavidHron** » 09 zář 2010 17:34

Dobrý den Pc se zasekává a je velmi pomalé Avira Guard hlásí ,že detekoval 5 virusů nebo unwanted programů ale nic víc.
Nedefinoval které nebo popřípadě mi dal možnost je smazat proto prosím o pomoc
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-09-09 18:24:57
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (7%) free of 238 GB
Total RAM: 2046 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:25:41, on 9.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Nth.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\Plocha\Downloads\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\trend micro\Administrator.exe
C:\Documents and Settings\Administrator\Plocha\Downloads\Rapget.RS_Public_v1.0.9.0_cz\RapgetRS.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [XBV6RD5SZF] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Nth.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8872 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1123561945-725345543-500.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1123561945-725345543-500.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-07-02 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2009-12-27 2166784]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-07-02 202256]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2010-06-21 2528584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe [2009-12-27 3037696]
"SpeedItUpEX"=C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"XBV6RD5SZF"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Nth.exe [2010-09-05 187392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-03-18 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe [2010-03-13 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-03 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPSStartup]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-07-02 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-12-18 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WINDOW~3\WINDOW~1.EXE [2008-05-26 123904]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-21 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSecCpl"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0
"NoDispCpl"=0
"NoDispScrSavPage"=0
"NoDispAppearancePage"=0
"NoDispSettingsPage"=0
"NoVisualStyleChoice"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"NoStartMenuSubFolders"=0
"NoCommonGroups"=0
"NoPrinterTabs"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinters"=0
"NoFavoritesMenu"=0
"NoRecentDocsNetHood"=0
"NoChangeAnimation"=0
"NoChangeKeyboardNavigationIndicators"=0
"HideClock"=0
"StartmenuLogoff"=0
"NoClose"=0
"NoSetFolders"=0
"NoViewContextMenu"=0
"NoToolbarCustomize"=0
"NoThemesTab"=0
"NoDesktop"=0
"NoActiveDesktop"=0
"NoRun"=0
"NoFind"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\Prince of Persia.exe"="C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\Prince of Persia.exe:*:Enabled:Prince of Persia Zapomenuté písky"
"C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\GameSettings.exe"="C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\GameSettings.exe:*:Enabled:Prince of Persia Zapomenuté písky Settings"
"C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\gu.exe"="C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\gu.exe:*:Enabled:Prince of Persia Zapomenuté písky Update"
"C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\UPlayBrowser.exe:*:Enabled:Prince of Persia Zapomenuté písky UPlay"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-09-05 21:16:41 ----D---- C:\My Movie
2010-09-05 20:13:24 ----D---- C:\Program Files\Apowersoft
2010-09-05 20:00:08 ----D---- C:\Program Files\PC Video Converter Studio
2010-09-05 20:00:08 ----D---- C:\Program Files\Common Files\Program4Pc
2010-09-05 19:45:18 ----D---- C:\Program Files\Aiseesoft Studio
2010-09-05 14:52:36 ----A---- C:\Cucu_Video_log.txt
2010-09-05 14:36:45 ----A---- C:\Documents and Settings\Administrator\Data aplikací\ezpinst.exe
2010-09-05 14:36:31 ----D---- C:\Program Files\Media Convert Master
2010-09-05 14:23:42 ----D---- C:\WINDOWS\system32\oodag
2010-09-05 10:44:32 ----D---- C:\Program Files\Dicsoft
2010-09-05 10:18:10 ----D---- C:\Documents and Settings\Administrator\Data aplikací\mkvtoolnix
2010-09-05 09:28:01 ----A---- C:\WINDOWS\system32\vbzip11.dll
2010-09-05 09:28:01 ----A---- C:\WINDOWS\system32\vbuzip10.dll
2010-09-05 09:28:00 ----D---- C:\Program Files\Clean Disk 2010
2010-09-05 09:07:30 ----D---- C:\Documents and Settings\Administrator\Data aplikací\AVS4YOU
2010-09-05 09:03:53 ----D---- C:\Program Files\Common Files\AVSMedia
2010-09-05 09:03:20 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2010-09-05 09:03:16 ----D---- C:\Program Files\AVS4YOU
2010-09-05 09:03:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVS4YOU
2010-09-04 21:43:36 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Apowersoft
2010-09-04 20:48:35 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Broad Intelligence
2010-08-28 09:41:39 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-08-28 09:41:39 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-08-28 09:41:38 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-08-28 09:41:38 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-08-28 09:13:02 ----D---- C:\Documents and Settings\Administrator\Data aplikací\IObit
2010-08-14 20:37:32 ----A---- C:\WINDOWS\RegDefrag.ini
2010-08-10 14:59:28 ----A---- C:\WINDOWS\system32\drivers\usbser.sys
2010-08-10 14:58:21 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$

======List of files/folders modified in the last 1 months======

2010-09-09 18:25:30 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2010-09-09 18:25:05 ----D---- C:\Program Files\trend micro
2010-09-09 18:24:35 ----SD---- C:\WINDOWS\Tasks
2010-09-09 18:23:44 ----SHD---- C:\WINDOWS\Installer
2010-09-09 18:23:44 ----D---- C:\Program Files\Mozilla Firefox
2010-09-09 18:21:15 ----D---- C:\WINDOWS\temp
2010-09-09 15:36:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-09 15:30:02 ----D---- C:\WINDOWS\Prefetch
2010-09-09 15:28:24 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-09 15:25:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-09-08 18:49:51 ----D---- C:\WINDOWS\system32\NtmsData
2010-09-08 18:49:32 ----D---- C:\WINDOWS
2010-09-08 18:49:05 ----D---- C:\WINDOWS\Registration
2010-09-06 20:09:33 ----D---- C:\Program Files\uTorrent
2010-09-06 20:01:58 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Search Settings
2010-09-06 20:01:35 ----D---- C:\Program Files\SpeedItUpFree
2010-09-06 20:01:00 ----RD---- C:\Program Files
2010-09-05 20:19:02 ----D---- C:\WINDOWS\system32
2010-09-05 20:00:08 ----D---- C:\Program Files\Common Files
2010-09-05 14:41:41 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-09-05 14:37:21 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Vso
2010-09-05 14:37:19 ----D---- C:\WINDOWS\system32\drivers
2010-09-05 14:37:05 ----HD---- C:\WINDOWS\inf
2010-09-05 13:54:03 ----A---- C:\WINDOWS\win.ini
2010-09-05 13:47:26 ----D---- C:\Program Files\OO Software
2010-09-05 12:53:09 ----D---- C:\Program Files\NVIDIA Corporation
2010-09-05 09:33:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-09-05 09:33:44 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2010-09-05 09:31:59 ----D---- C:\Program Files\WinRAR
2010-09-04 17:48:32 ----A---- C:\WINDOWS\AviSplitter.INI
2010-08-28 09:41:50 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-28 09:41:50 ----D---- C:\Program Files\Ubisoft
2010-08-28 09:41:40 ----D---- C:\WINDOWS\system32\DirectX
2010-08-28 09:40:15 ----RSD---- C:\WINDOWS\assembly
2010-08-22 00:57:15 ----D---- C:\Documents and Settings\Administrator\Data aplikací\vlc
2010-08-14 20:32:48 ----D---- C:\WINDOWS\Debug
2010-08-14 16:19:05 ----D---- C:\Documents and Settings\Administrator\Data aplikací\dvdcss
2010-08-13 15:16:24 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2010-08-12 17:27:59 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
2010-08-12 12:17:57 ----D---- C:\Program Files\Microsoft Silverlight
2010-08-12 11:15:12 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-08-10 14:59:48 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2005-02-11 89856]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver; C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-01-03 715248]
R0 Vax347b;Vax347b; C:\WINDOWS\system32\DRIVERS\Vax347b.sys [2005-04-25 159616]
R0 Vax347s;Vax347s; C:\WINDOWS\System32\Drivers\Vax347s.sys [2004-04-30 5248]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2005-01-12 96384]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2010-03-18 5632]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/24 00:21:13]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-14 88192]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-21 3565056]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-04-16 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-02-24 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-02-24 12928]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-26 47360]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S3 a3xs18zx;a3xs18zx; C:\WINDOWS\system32\drivers\a3xs18zx.sys []
S3 AsAudioDevice_351;AsAudioDevice_351; C:\WINDOWS\system32\drivers\AsAudioDevice_351.sys [2009-01-08 16640]
S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\system32\DRIVERS\atinevxx.sys [2005-09-15 166400]
S3 azqx7lbn;azqx7lbn; C:\WINDOWS\system32\drivers\azqx7lbn.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 ivusb;Initio Driver for USB Default Controller; C:\WINDOWS\system32\DRIVERS\ivusb.sys [2010-03-10 24216]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2005-09-15 15360]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-23 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-02-19 380928]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-21 602112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-02-24 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-12 233472]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-02-24 131133]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-02-24 57409]
R2 OODefragAgent;O&O Defrag Agent; C:\Program Files\OO Software\Defrag\oodag.exe [2010-06-21 1619272]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-10-15 243056]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-12-27 488960]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-21 593920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-03-06 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 Nellvse;Nellvse; C:\WINDOWS\system32\drivers\fdc.sys [2008-04-14 27392]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 09 zář 2010 17:41

Zdravim a pekny vecer preji

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

DavidHron · #3 Příspěvek od **DavidHron** » 09 zář 2010 18:41

Prosím o pomoc nemohu na C:\ComboFix.txt tento dokument najít pokusil jsem dát i prohledat celé pc aby našlo ComboFix.txt ale také nic.
Poprvé mi program napsal že potřebuje znaova restartovat nebot narazil na Rootkit tak jsem to povolil a když se restartoval podruhé žádný log také neukázal

#4 Příspěvek od **vyosek** » 09 zář 2010 18:50

Podivejte se jestli mate vytvorenou tuto slozku C:\Qoobox pokud ano, obsah zabalte a uploadnete na LP http://leteckaposta.cz/ - link mi poslete pres SZ

DavidHron · #5 Příspěvek od **DavidHron** » 09 zář 2010 19:00

http://leteckaposta.cz/553572595

#6 Příspěvek od **vyosek** » 09 zář 2010 19:23

Bohuzel ze slozky se nic rozumneho vycist neda

Prejmenujte CF treba na Beruska.com

Aplikujte CF v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

DavidHron · #7 Příspěvek od **DavidHron** » 09 zář 2010 20:06

Opět dvakrát restart z důvodu nalezení Rootkit

ComboFix 10-09-08.03 - Administrator 09.09.2010 20:51:58.7.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1760 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\Beruska.com.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Data aplikací\.#
c:\documents and settings\Administrator\Data aplikací\inst.exe
c:\program files\Search Settings
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\windows\settings.reg
c:\windows\system32\kr_done1
c:\windows\system32\vbzlib1.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-09 do 2010-09-09 )))))))))))))))))))))))))))))))
.

2010-09-05 19:16 . 2010-09-05 19:19 -------- d-----w- C:\My Movie
2010-09-05 18:13 . 2010-09-05 18:13 -------- d-----w- c:\program files\Apowersoft
2010-09-05 18:00 . 2010-09-06 17:57 -------- d-----w- c:\program files\PC Video Converter Studio
2010-09-05 18:00 . 2010-09-06 17:57 -------- d-----w- c:\program files\Common Files\Program4Pc
2010-09-05 17:45 . 2010-09-05 17:45 -------- d-----w- c:\program files\Aiseesoft Studio
2010-09-05 12:36 . 2010-09-05 12:37 -------- d-----w- c:\program files\Media Convert Master
2010-09-05 12:23 . 2010-09-05 12:23 -------- d-----w- c:\windows\system32\oodag
2010-09-05 09:14 . 2010-09-05 09:17 1510 ----a-w- c:\documents and settings\Administrator\05_09_10;11-13-49 (AM).reg
2010-09-05 08:44 . 2010-09-05 08:44 -------- d-----w- c:\program files\Dicsoft
2010-09-05 07:28 . 2003-01-26 13:48 147456 ----a-w- c:\windows\system32\vbzip11.dll
2010-09-05 07:28 . 1998-12-02 07:11 143360 ----a-w- c:\windows\system32\vbuzip10.dll
2010-09-05 07:28 . 2010-09-05 07:28 -------- d-----w- c:\program files\Clean Disk 2010
2010-09-05 07:03 . 2010-09-05 09:12 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-09-05 07:03 . 2010-06-22 14:05 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-09-05 07:03 . 2010-09-05 09:12 -------- d-----w- c:\program files\AVS4YOU
2010-09-04 20:03 . 2010-09-04 20:03 930 ----a-w- c:\documents and settings\Administrator\04_09_10;10-01-53 (PM).reg
2010-08-28 15:22 . 2010-08-28 15:22 -------- d-----w- c:\documents and settings\Administrator\WINDOWS
2010-08-28 07:41 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-08-28 07:41 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-08-28 07:41 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-08-28 07:41 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-08-20 19:37 . 2010-08-20 19:37 416 ----a-w- c:\documents and settings\Administrator\20_08_10;09-36-27 (PM).reg
2010-08-14 18:14 . 2010-08-14 18:14 449 ----a-w- c:\documents and settings\Administrator\14_08_10;08-14-20 (PM).reg
2010-08-14 18:14 . 2010-08-14 18:14 3267 ----a-w- c:\documents and settings\Administrator\14_08_10;08-13-13 (PM).reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 16:25 . 2009-09-30 07:14 -------- d-----w- c:\program files\trend micro
2010-09-06 18:09 . 2009-09-18 20:41 -------- d-----w- c:\program files\uTorrent
2010-09-06 18:01 . 2010-07-11 12:24 -------- d-----w- c:\program files\SpeedItUpFree
2010-09-05 11:47 . 2010-05-18 15:07 -------- d-----w- c:\program files\OO Software
2010-09-05 10:53 . 2009-09-18 17:45 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-28 07:41 . 2009-10-04 17:27 -------- d-----w- c:\program files\Ubisoft
2010-08-28 07:41 . 2009-09-18 16:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-12 10:17 . 2010-01-03 16:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-10 12:58 . 2010-08-10 12:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-08-10 12:58 . 2010-08-10 12:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-08-08 15:58 . 2009-09-22 21:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-07 13:58 . 2010-08-04 21:31 -------- d-----w- c:\program files\Activision
2010-08-07 13:41 . 2010-08-07 13:17 -------- d-----w- c:\program files\Call of Duty
2010-08-07 11:20 . 2010-08-07 11:20 -------- d-----w- c:\program files\EA GAMES
2010-08-04 22:08 . 2010-08-04 21:59 -------- d-----w- c:\program files\Hunting Unlimited 2011
2010-08-04 21:05 . 2009-09-29 20:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-04 21:02 . 2010-08-04 21:02 -------- d-----w- c:\program files\Kalypso
2010-08-04 20:49 . 2010-08-04 20:49 -------- d-----w- c:\program files\Activision Value
2010-07-28 10:42 . 2010-07-28 10:42 -------- d-----w- c:\program files\PhotoScape
2010-07-27 08:55 . 2010-07-27 08:55 -------- d-----w- c:\program files\City Interactive
2010-07-27 00:45 . 2010-07-26 22:34 -------- d-----w- c:\program files\Dragon Age
2010-07-26 22:59 . 2009-12-14 20:25 -------- d-----w- c:\program files\Common Files\BioWare
2010-07-26 17:56 . 2009-12-27 15:33 -------- d-----w- c:\program files\Spyware Terminator
2010-07-26 17:55 . 2010-02-16 21:15 -------- d-----w- c:\program files\DivX
2010-07-26 16:19 . 2010-07-26 16:19 4163 ----a-w- c:\documents and settings\Administrator\26_07_10;06-17-58 (PM).reg
2010-07-25 18:32 . 2010-07-25 18:32 -------- d-----w- c:\program files\Live Billiards
2010-07-25 18:32 . 2010-07-25 18:32 -------- d-----w- c:\program files\ReflexiveArcade
2010-07-19 15:25 . 2009-10-23 14:01 -------- d-----w- c:\program files\Total Video Converter
2010-07-19 12:22 . 2010-06-30 19:33 -------- d-----w- c:\program files\JDownloader
2010-07-11 12:24 . 2010-07-11 12:24 724992 ----a-w- c:\windows\iun6002.exe
2010-06-23 06:51 . 2010-06-23 06:51 33019 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe
2010-06-22 14:05 . 2009-09-24 22:07 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-06-21 20:38 . 2010-06-21 20:38 1254728 ----a-w- c:\windows\system32\ooscrsav.scr
2010-06-21 20:37 . 2010-06-21 20:37 200008 ----a-w- c:\windows\system32\oodbs.exe
2010-06-21 20:33 . 2010-06-21 20:33 546120 ----a-w- c:\windows\system32\oodssrs.dll
2010-06-21 20:32 . 2010-06-21 20:32 10056 ----a-w- c:\windows\system32\oodbsrs.dll
2010-06-17 14:53 . 2010-06-17 14:53 311 ----a-w- c:\documents and settings\Administrator\17_06_10;04-52-52 (PM).reg
2009-11-28 07:32 . 2009-11-28 07:32 18 ----a-w- c:\program files\XP Repair Pro 2007ERR_Item5-11-28-2009_8-28-11_1813140.dnp
2009-11-28 07:31 . 2009-11-28 07:31 18 ----a-w- c:\program files\XP Repair Pro 2007ERR_Item5-11-28-2009_8-28-11_670033.dnp
2009-09-18 19:03 . 2009-09-18 19:03 5866152 ----a-w- c:\program files\FirefoxSetup2.0.0.20.exe
2009-09-18 19:00 . 2009-09-18 19:00 6679224 ----a-w- c:\program files\Thunderbird Setup 2.0.0.23.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\progra~1\SPYWAR~1\SpywareTerminatorUpdate.exe" [2009-12-27 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-12-27 2166784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-01 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-06-21 2528584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-03-18 16:02 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 10:58 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-01-03 13:54 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 10:06 62760 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-10-28 07:35 72736 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-01 22:30 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-18 00:30 39424 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\Prince of Persia.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\GameSettings.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\gu.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [11.2.2005 18:11 16640]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [19.11.2009 11:36 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [19.11.2009 11:36 5248]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [20.12.2009 14:14 270888]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [20.12.2009 14:14 65576]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [27.12.2009 17:33 142592]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/24 00:21];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 12:58 87536]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29.3.2010 7:06 135336]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [19.2.2010 19:43 380928]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [18.3.2010 17:38 233472]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [21.6.2010 22:37 1619272]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
S3 AsAudioDevice_351;AsAudioDevice_351;c:\windows\system32\drivers\AsAudioDevice_351.sys [16.2.2010 23:22 16640]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [27.7.2010 0:50 25832]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [18.3.2010 17:38 36608]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10.3.2010 8:18 24216]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [20.1.2010 22:23 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.9.2009 1:26 715248]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-09-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1123561945-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-09-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1123561945-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\nc52e2xk.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-SpeedItUpEX - c:\program files\SpeedItUpFree\SpeedItUp.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-09 20:57
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A608800]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf7587cb8
\Driver\atapi -> atapi.sys @ 0xf7479852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7858bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7865a21
SendHandler -> NDIS.sys @ 0xf784387b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-796845957-1123561945-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,60,4d,93,ad,20,3a,4e,8b,25,c3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,d8,be,bb,cd,12,84,46,89,b5,d2,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,60,4d,93,ad,20,3a,4e,8b,25,c3,\

[HKEY_USERS\S-1-5-21-796845957-1123561945-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ba,1e,01,db,c8,95,2c,c7,7f,e4,27,75,1d,9b,22,22,06,14,69,43,c0,a9,0d,
9e,d6,f0,e3,52,ce,24,e0,19,d6,d5,32,00,7c,62,7d,f5,06,e5,b1,41,4c,f4,0b,c6,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-796845957-1123561945-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:cf,57,c2,8c,00,71,25,c8,33,24,20,7b,ab,9d,49,bb,7a,ba,5f,ef,95,
d0,11,b0,ba,5d,4f,e3,b0,93,f6,81,50,43,f4,c3,9e,c8,a6,bb,14,55,93,2c,95,75,\
"rkeysecu"=hex:f3,8a,54,3a,eb,1a,78,92,d8,b5,bf,af,e2,b3,b3,4b

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="F189495CBD51A32599E873B1C43B3AFB88797EE0559001BAEBFBD7F5455DB209AE7D67A5C81E0F1FE0365E4FDA8A6C741F3C9C5935B467BF168E23D8D2F01D4C10E3150D0A9AF3128F514A1F3018F63005BE74C655BABFA484AB4DA9816C74631DC25D9515A94B30303F4B8BAAD1ABD76421C0980BBF562622B1DAF8B8B61DC023572D17842134400F3957D0B21C03252C3A218DB1D319931EB2332FE4AD21E9B10ED6BEF2C9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D67946D351BDE70A4938EC30C2FF471B21B233F2BCA1B5B91AC79E938450008F25BD01586B7165A0895EADCA752287D34790AA84DB13AB71B38BC4E7B55444E7615FAB5029A3275BD639198D5CAB855A122604AAB3AFC99CE9F6412EBF784190E3396176F8AFC02A7FE17D813C04F211E4B293E970D8633B369022852757F43C6ACE1A4AA13F3A577F004A3F0214671A2ACD942F617AF1A279E17A708DB2E0D81FC8BEE25034AE63344D61F939AADB57A83DDB7450985C95A4C9ACBFEFDB719F5A239A9E1EDE63337097F1AB6A34943441012A58F5A481FD08479F1B8727A6FAC2000ACF92B64DB3052E38525F18F547697C8B47841EBDE655D901FCC1208F983FBEEF399549013A139DAF4C1822D06D66247B4B5BD19ADC270B3F7667C258AAB4085A080CA6FF36358B3230116805981BCC995938EAD16EADAAA49C5124B52ACFCB6F304AFB5F8204FAFEAEBB09EB36678FBED6E39B807B23FAF803CFA2AE95E446A570BEBCE02554181CE2199CDDFC96801783988FE52C2437132B39FA1CCEF2C7D5713A85955565754F3505D8989C2E66E11F9887AAF170F9494252FC65AE250BFA32C57A61A4ABCC3A1BF4D0342BC4F4E3CCB8955B702502E81211CE3D40D4E750EF9A8405D2CA06245C87C1C0178031F1D5CA27269263AC979CA1B76E41848D511B416DC8FC9B53470D842EB1D0967D1806D2BE3A8FD82E61ED728B09580E70DC7295AED844636B1586FBC40D557E3CE52D54174395561F8B6967FF6D51AD43CF038F294741ADBC8D4A4C917CA1D646DA500C51F484E15E52E63A4627989BE77F15525A87C8DE5DA641F1023036C5C7D2FE9DD9562DB5F0A93335DC138C858C4D209F5321EBF9ABBA59D764E67A73DBF492673BB7A4986331A0DB316AC2658223E6FB271BA253E365E71A832450703EBF15AB2A966B053A4180CF515D742797E84B8685A9C039F84F7FE971E4D16A7AA4B420C2D6183939509DE36A71B94F83F1A29EB10F0F50B5A00BFF69616352C1A1BAAB7C50A0898B10B494BEC3F659CB99699536F466A575C25C23FD31896964CCAF52BA7E156B91762A24EB46ED2A7BCB6F5FA079224DAA13FA6"
"OODEFRAG12.00.00.01PROFESSIONAL"="C1AD42D8C3B4D265E8E664997497E52A11BB5C23FABFE4C4F8E1C193CFB9C873E50A0508C592D5A9CAE2F3207C039C7D0C65C2CC636814E03F792D7CC60942B08CE5260D7C336D93188F140C8D9FE61FFA0A1FD2FC2C5F5C4DF8916297E54E0FC340C6A05BDD68D4D503A65662572590FCF5B487ECBBD626FA01B414EF614F0938AC4D31B72B99172A6353A91B6BBAC651FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A9C6AECB7A5D1407BA7FD869164D679447BCA210D4E4BDE055F708C1A3A6E2E7D17459AC2745CE8B7EDB40ECB7917E104B287DA34178A37210E3B521A54D4E62A0797DAB7A1F6D482C0EC3500C209367ED740547BC1B9C7F2D2ACBE2A7F89310906409971B5CF19CB9AFBB8662C0AB0A391F5D2A5A368B87CD09AC7FE026DF8AF6D6BDCE07AA7759D264E4F99972EBA34DEAE2DF003B422EA6046FD3DCD4548EBDB48E980D3A0AF3358F2DF669B5F002DDDC20DFE69A0BBB7F625FA0F907057CE127219E50BFAE0732DA3B325811C898B14158861D4B209BB42F7A086AC57BD9749853EBC8735850B234E641C30E76FE2425809183C8B15EB5B8F194359BB5501B3AB37443927331AE4CBD1FDCB970EF24D9C1A4D11264378793AEB23599A3AA0E7F860DDD5D5C303597FE29A7A5A3C836F5FA488FA8507E4317C9311AD1AADB1B22426E8E19657668D09F227E686D8E70553CE61C1401AF14DC91C6645D24F6241D92361B8ED5D2FEF2C7B00C9B2166FD134BD0A7DE776CBAC30A09EDD75CB69E305767A089E5B74241D45F52DC869C1E9423B83A96A5F50BF068F65F5F9476135FA4640E5BC5391240561C264CD79EA57CEF35AB4E75B56D4B96EF379803381EF3C0F7A7571513DE38923A3091440179B813C3AA9D43385E7C3538C92C4FA073F929CF84586B21B036FEEEEB556E7917F42242391F5C2BEEF41577BC431677D5C08AFD1239D267A08C4BD42DC46EE38CA36774AC70086542673DBB8B906AAB9F5DCA760E5B48895CD0D66B9592CF3EFD7C6002AF357D5C10CAE7F404454ECC3D2801148D24BE54A85A35939F740FAA22F63EF5BD92662C27D98476C999BE10B1BA7712787A9BB359C7AF15962321F243D2E6BFAA35E596E41535FA54C9A4CE90F82F9488CCB9B9D9F944199DDCECFE4213F2339B4A0EFD3F3F501CEC1664840484DB9ED00AE69B2895A02FA7E24C5F92FCAF078A05E7EA3E5E5F5B3240D0D449C6E21B32A86435D5032BC97EFB1046391AA058451D6F887DBE241D19903381B16AE157E51F69030B71FB3E3EF0F90BD3B8F9A3EC4B93A7AEEF0DAAE5D44A7423612784F76C1EA78051DFC7D60F422991EBA44EF84F393B94C3432FB559C53C94DDB7B7478F2269055657048FA791"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-09-09 20:59:30
ComboFix-quarantined-files.txt 2010-09-09 18:59
ComboFix2.txt 2010-03-01 07:30

Před spuštěním: Volných bajtů: 15 985 344 512
Po spuštění: Volných bajtů: 15 936 999 424

- - End Of File - - 3018A178ABAAC1EB81A6956A4CE6FF5F

#8 Příspěvek od **vyosek** » 09 zář 2010 20:15

Chce to cist navod, jeste jsem to psal cervene - mel byt vypnuty antivir a jeho rezidentni stit (AV: AntiVir Desktop *On-access scanning enabled)

Odinstalujte NVIDIA Firewall nebo se Vam bude hadat s Keriem (coz je kvalitnejsi)

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

c:\windows\system32\drivers\Vax347b.sys
c:\windows\system32\drivers\Vax347s.sys
c:\windows\system32\drivers\SbFw.sys
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
Kliknete na Otestovat soubor
Vysledek analyzy sem vlozte (jako odkaz)

DavidHron · #9 Příspěvek od **DavidHron** » 09 zář 2010 20:30

Já se strašně moc omlouvám nemohl byste mi prosím napsat jak ten AntiVir Desktop vynout kde ho v té aviře najdu?Snažím se ten program projít ale záložku kde by byl AntiVir Desktop nemohu v programu najit.
A ještě k tomu NVIDIA Firewall v přidat nebo odebrat programy NVIDIA Firewall nemohu najít mám tam jen NVIDIA Drivers,NVIDIA ForceWare Network Access Manager,NVIDIA PhysX a nevím který mám odinstalovat
Mockrát děkuji

#10 Příspěvek od **vyosek** » 09 zář 2010 20:36

V navodu na CF http://www.bleepingcomputer.com/combofi ... t-combofix je odkaz na vypnuti antiviru http://www.bleepingcomputer.com/forums/topic114351.html zde je prelozeny googlem - jde o strojovy preklad http://translate.google.cz/translate?js ... 14351.html Vas samozrejme zajima jen Vas antivir, coz je Avira.
Sken ComboFixem znovu nedelejte, ale Aviru vypnete az pred mazanim pomoci ComboFixu se skriptem - k tomu se dostaneme.

Nyni mi sem dejte odkazy na analyzu tech 3 souboru a vrhnem se na mazani...

DavidHron · #11 Příspěvek od **DavidHron** » 09 zář 2010 20:42

1)c:\windows\system32\drivers\Vax347b.sys
VT Community Sign in ▼ My account ▼ Sign out Signing out... Languages ▼
VirusTotal's website has changed, we need new translations, do you feel like helping the community?
info@virustotal.com
Sign in to VT Community

Safety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.
email
password
Keep me logged in

Sign in
Signing in, please wait...
Login failed, please try again
Forgot your password? Create an account
Edit my profile
View my profile
Inbox
Virus Total
Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
Vax347b.sys
Submission date:
2010-09-09 19:36:38 (UTC)
Current status:
queued (#2) queued (#2) analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.09.09.01 2010.09.09 -
AntiVir 8.2.4.50 2010.09.09 -
Antiy-AVL 2.0.3.7 2010.09.09 -
Authentium 5.2.0.5 2010.09.09 -
Avast 4.8.1351.0 2010.09.09 -
Avast5 5.0.594.0 2010.09.09 -
AVG 9.0.0.851 2010.09.09 -
BitDefender 7.2 2010.09.09 -
CAT-QuickHeal 11.00 2010.09.09 -
ClamAV 0.96.2.0-git 2010.09.09 -
Comodo 6027 2010.09.09 -
DrWeb 5.0.2.03300 2010.09.09 -
Emsisoft 5.0.0.37 2010.09.09 -
eSafe 7.0.17.0 2010.09.07 -
eTrust-Vet 36.1.7844 2010.09.09 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.09 -
Fortinet 4.1.143.0 2010.09.09 -
GData 21 2010.09.09 -
Ikarus T3.1.1.88.0 2010.09.09 -
Jiangmin 13.0.900 2010.09.09 -
K7AntiVirus 9.63.2483 2010.09.09 -
Kaspersky 7.0.0.125 2010.09.09 -
McAfee 5.400.0.1158 2010.09.09 -
McAfee-GW-Edition 2010.1B 2010.09.09 -
Microsoft 1.6103 2010.09.09 -
NOD32 5438 2010.09.09 -
Norman 6.06.06 2010.09.09 -
nProtect 2010-09-09.03 2010.09.09 -
Panda 10.0.2.7 2010.09.09 -
PCTools 7.0.3.5 2010.09.09 -
Prevx 3.0 2010.09.09 -
Rising 22.64.03.01 2010.09.09 -
Sophos 4.57.0 2010.09.09 -
Sunbelt 6853 2010.09.09 -
SUPERAntiSpyware 4.40.0.1006 2010.09.09 -
Symantec 20101.1.1.7 2010.09.09 -
TheHacker 6.7.0.0.012 2010.09.09 -
TrendMicro 9.120.0.1004 2010.09.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.09 -
VBA32 3.12.14.0 2010.09.08 -
ViRobot 2010.9.8.4031 2010.09.09 -
VirusBuster 12.64.26.0 2010.09.09 -
Additional information
Show all
MD5 : cb3400d696bee266c38cae330c2b4337
SHA1 : 9d9896c5f6eaf3b2dfc227f5baf9fb98a54ccc44
SHA256: 6b08f141f1ccac66ded18bcb820d5c3dec8a1c383685dd615a24c31b2a6e3d16
ssdeep: 3072:IcTh2ZenZeAbyeWDl+u1cMoLbJ8KSeIP70h8P/MzWqr2mR:IcTh26bbyxJ+u1NCjSR70WP
wWUz
File size : 159616 bytes
First seen: 2009-02-16 19:39:33
Last seen : 2010-09-09 19:36:38
TrID:
Win32 Executable Generic (51.1%)
Win16/32 Executable Delphi generic (12.4%)
Clipper DOS Executable (12.1%)
Generic Win/DOS Executable (12.0%)
DOS Executable Generic (12.0%)
sigcheck:
publisher....:
copyright....: Copyright (C) 2002-2004
product......:
description..: Plug and Play BIOS Extension
original name:
internal name:
file version.: 3.47.0.0 built by: WinDDK
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x20BA4
timedatestamp....: 0x426C9FBC (Mon Apr 25 07:43:56 2005)
machinetype......: 0x14c (I386)

[[ 7 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x480, 0x17531, 0x17580, 6.72, bc0d1d0b850d4ef31acf764ecba5e75c
.rdata, 0x17A00, 0x2D0, 0x300, 4.78, 795296d437ab0b972bfcc9edbef5ea99
.data, 0x17D00, 0x4ABC, 0x4B00, 6.13, a8a032c7d6e4c0fd8f48920866150cbc
PAGE, 0x1C800, 0x4327, 0x4380, 6.56, 67f65a2056fff0e43b2769a6397e003c
INIT, 0x20B80, 0x45CC, 0x4600, 6.76, 42384e610b28a2824d03b3f5e91094bf
.rsrc, 0x25180, 0x318, 0x380, 2.96, 16c875ff4acae54feeac9dab6034911c
.reloc, 0x25500, 0x1A50, 0x1A80, 6.62, 9626d28e1d194a5addf7333316ee0313

[[ 2 import(s) ]]
ntoskrnl.exe: RtlAnsiStringToUnicodeString, RtlUnicodeStringToAnsiString, RtlAppendUnicodeStringToString, ZwClose, ZwCreateKey, ZwOpenKey, IofCompleteRequest, KeClearEvent, IofCallDriver, ObfReferenceObject, IoRegisterShutdownNotification, IoDeleteDevice, IoDeleteSymbolicLink, IoCreateSymbolicLink, IoCreateDevice, ZwQueryValueKey, RtlInitAnsiString, RtlCopyUnicodeString, RtlCompareMemory, RtlEqualUnicodeString, RtlInitUnicodeString, KeLeaveCriticalRegion, KeEnterCriticalRegion, IoAttachDeviceToDeviceStack, KeInitializeEvent, KeWaitForSingleObject, IoDetachDevice, RtlWriteRegistryValue, RtlDeleteRegistryValue, swprintf, ObfDereferenceObject, IoBuildSynchronousFsdRequest, KeSynchronizeExecution, _wcsnicmp, MmIsAddressValid, MmProbeAndLockPages, ZwQuerySystemInformation, KeGetCurrentThread, ObReferenceObjectByHandle, ExGetPreviousMode, _strnicmp, _stricmp, IoDriverObjectType, IoWriteErrorLogEntry, RtlFreeUnicodeString, IoGetAttachedDevice, MmMapLockedPages, ExInitializeNPagedLookasideList, ExDeleteNPagedLookasideList, KeCancelTimer, KeSetTimer, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, IoFreeMdl, MmUnlockPages, IoAllocateIrp, MmBuildMdlForNonPagedPool, IoAllocateMdl, _alldiv, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, KeResetEvent, ZwSetValueKey, wcslen, KeDelayExecutionThread, IoFreeIrp, ExReleaseResourceLite, ExAcquireResourceExclusiveLite, KeInitializeDpc, ExfInterlockedRemoveHeadList, KeReleaseSemaphore, ExfInterlockedInsertTailList, _allmul, _allshr, memmove, ExDeleteResourceLite, PsGetVersion, KeInitializeSpinLock, RtlQueryRegistryValues, ExInitializeResourceLite, IoGetConfigurationInformation, _allrem, MmUnmapIoSpace, MmMapIoSpace, RtlFreeAnsiString, strstr, KeInitializeSemaphore, KeInitializeTimer, RtlUnwind, strncpy, sprintf, KeSetEvent, ExFreePool, ExAllocatePoolWithTag, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, IoAllocateErrorLogEntry, PsGetCurrentProcessId
HAL.dll: KfReleaseSpinLock, KeStallExecutionProcessor, KeQueryPerformanceCounter, KfRaiseIrql, KfLowerIrql, ExAcquireFastMutex, ExReleaseFastMutex, KfAcquireSpinLock

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
You can add basic styles to your comments using the following accepted bbcode tags:

text -- bold
text -- italics
text -- underline
[s]text[/s] -- strikethrough

Kód: Vybrat vše

text

-- preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.

Goodware
Malware
Spam attachment/link

P2P download
Propagating via IM
Network worm

Drive-by-download

Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review.
Preview comment Edit comment
Post comment
Posting comment...
Comment successfully posted

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
VirusTotal © Hispasec Sistemas - Blog - Twitter - Contact: info@virustotal.com - Terms of Service & Privacy Policy

2)c:\windows\system32\drivers\Vax347s.sys

VT Community Sign in ▼ My account ▼ Sign out Signing out... Languages ▼
VirusTotal's website has changed, we need new translations, do you feel like helping the community?
info@virustotal.com
Sign in to VT Community

Safety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.
email
password
Keep me logged in

Sign in
Signing in, please wait...
Login failed, please try again
Forgot your password? Create an account
Edit my profile
View my profile
Inbox
Virus Total
Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
Vax347s.sys
Submission date:
2010-09-09 19:39:10 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.09.09.01 2010.09.09 -
AntiVir 8.2.4.50 2010.09.09 -
Antiy-AVL 2.0.3.7 2010.09.09 -
Authentium 5.2.0.5 2010.09.09 -
Avast 4.8.1351.0 2010.09.09 -
Avast5 5.0.594.0 2010.09.09 -
AVG 9.0.0.851 2010.09.09 -
BitDefender 7.2 2010.09.09 -
CAT-QuickHeal 11.00 2010.09.09 -
ClamAV 0.96.2.0-git 2010.09.09 -
Comodo 6027 2010.09.09 -
DrWeb 5.0.2.03300 2010.09.09 -
Emsisoft 5.0.0.37 2010.09.09 -
eSafe 7.0.17.0 2010.09.07 -
eTrust-Vet 36.1.7845 2010.09.09 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.09 -
Fortinet 4.1.143.0 2010.09.09 -
GData 21 2010.09.09 -
Ikarus T3.1.1.88.0 2010.09.09 -
Jiangmin 13.0.900 2010.09.09 -
K7AntiVirus 9.63.2483 2010.09.09 -
Kaspersky 7.0.0.125 2010.09.09 -
McAfee 5.400.0.1158 2010.09.09 -
McAfee-GW-Edition 2010.1B 2010.09.09 -
Microsoft 1.6103 2010.09.09 -
NOD32 5438 2010.09.09 -
Norman 6.06.06 2010.09.09 -
nProtect 2010-09-09.03 2010.09.09 -
Panda 10.0.2.7 2010.09.09 -
PCTools 7.0.3.5 2010.09.09 -
Prevx 3.0 2010.09.09 -
Rising 22.64.03.01 2010.09.09 -
Sophos 4.57.0 2010.09.09 -
Sunbelt 6853 2010.09.09 -
SUPERAntiSpyware 4.40.0.1006 2010.09.09 -
Symantec 20101.1.1.7 2010.09.09 -
TheHacker 6.7.0.0.012 2010.09.09 -
TrendMicro 9.120.0.1004 2010.09.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.09 -
VBA32 3.12.14.0 2010.09.08 -
ViRobot 2010.9.8.4031 2010.09.09 -
VirusBuster 12.64.26.0 2010.09.09 -
Additional information
Show all
MD5 : 113e4b318bbaa7483ca4e582a4d63f49
SHA1 : f313639ffca1add416c2a79182f9c009d8121653
SHA256: 049b3963306cbf351a1a864779e89b67404c8629d816c5a3ac3a18c48706953c
ssdeep: 96:jQubCInNuDvIRu3+1/ix/aEzsmgJVyyzcTVu6GiEFj:91NuzIRu3Nx/sJAyUPcj
File size : 5248 bytes
First seen: 2008-01-07 15:01:45
Last seen : 2010-09-09 19:39:10
TrID:
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....:
copyright....: Copyright (C) 2002-2004
product......:
description..: SCSI miniport
original name:
internal name:
file version.: 3.47.0.0 built by: WinDDK
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0xC00
timedatestamp....: 0x4091F31A (Fri Apr 30 06:32:58 2004)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x300, 0x6DA, 0x700, 6.18, 2e3ca1dc2ed74699c2902e92d071650d
.rdata, 0xA00, 0xA0, 0x100, 2.65, 75d14a4cf2e897f4d36d3e8dbbe8790c
.data, 0xB00, 0xA8, 0x100, 0.32, f5c844d1e48cd5b745a6c4938887fcc8
INIT, 0xC00, 0x3FE, 0x400, 5.69, a999d7cf5ec878e43f00e0b4ca0cd99e
.rsrc, 0x1000, 0x2F8, 0x300, 3.19, 02124b3421246dc82de75d265aa416bb
.reloc, 0x1300, 0x10E, 0x180, 4.21, acbd5c278608570f075b42e0317db19b

[[ 3 import(s) ]]
ntoskrnl.exe: IoBuildDeviceIoControlRequest, KeInitializeEvent, ObfReferenceObject, IoGetDeviceObjectPointer, IofCallDriver, RtlInitAnsiString, IoBuildSynchronousFsdRequest, PsGetVersion, KeInitializeSpinLock, KeWaitForSingleObject, ObfDereferenceObject, IoAllocateErrorLogEntry, IoWriteErrorLogEntry, ExFreePool, RtlAnsiStringToUnicodeString, ExAllocatePoolWithTag
HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock
SCSIPORT.SYS: ScsiPortNotification, ScsiPortGetLogicalUnit, ScsiPortInitialize

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
You can add basic styles to your comments using the following accepted bbcode tags:

text -- bold
text -- italics
text -- underline
[s]text[/s] -- strikethrough

Kód: Vybrat vše

text

-- preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.

Goodware
Malware
Spam attachment/link

P2P download
Propagating via IM
Network worm

Drive-by-download

Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review.
Preview comment Edit comment
Post comment
Posting comment...
Comment successfully posted

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
VirusTotal © Hispasec Sistemas - Blog - Twitter - Contact: info@virustotal.com - Terms of Service & Privacy Policy

3)c:\windows\system32\drivers\SbFw.sys

VT Community Sign in ▼ My account ▼ Sign out Signing out... Languages ▼
VirusTotal's website has changed, we need new translations, do you feel like helping the community?
info@virustotal.com
Sign in to VT Community

Safety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.
email
password
Keep me logged in

Sign in
Signing in, please wait...
Login failed, please try again
Forgot your password? Create an account
Edit my profile
View my profile
Inbox
Virus Total
Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
SbFw.sys
Submission date:
2010-09-09 19:41:26 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.09.09.01 2010.09.09 -
AntiVir 8.2.4.50 2010.09.09 -
Antiy-AVL 2.0.3.7 2010.09.09 -
Authentium 5.2.0.5 2010.09.09 -
Avast 4.8.1351.0 2010.09.09 -
Avast5 5.0.594.0 2010.09.09 -
AVG 9.0.0.851 2010.09.09 -
BitDefender 7.2 2010.09.09 -
CAT-QuickHeal 11.00 2010.09.09 -
ClamAV 0.96.2.0-git 2010.09.09 -
Comodo 6027 2010.09.09 -
DrWeb 5.0.2.03300 2010.09.09 -
Emsisoft 5.0.0.37 2010.09.09 -
eSafe 7.0.17.0 2010.09.07 -
eTrust-Vet 36.1.7845 2010.09.09 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.09 -
Fortinet 4.1.143.0 2010.09.09 -
GData 21 2010.09.09 -
Ikarus T3.1.1.88.0 2010.09.09 -
Jiangmin 13.0.900 2010.09.09 -
K7AntiVirus 9.63.2483 2010.09.09 -
Kaspersky 7.0.0.125 2010.09.09 -
McAfee 5.400.0.1158 2010.09.09 -
McAfee-GW-Edition 2010.1B 2010.09.09 -
Microsoft 1.6103 2010.09.09 -
NOD32 5438 2010.09.09 -
Norman 6.06.06 2010.09.09 -
nProtect 2010-09-09.03 2010.09.09 -
Panda 10.0.2.7 2010.09.09 -
PCTools 7.0.3.5 2010.09.09 -
Prevx 3.0 2010.09.09 -
Rising 22.64.03.01 2010.09.09 -
Sophos 4.57.0 2010.09.09 -
Sunbelt 6853 2010.09.09 -
SUPERAntiSpyware 4.40.0.1006 2010.09.09 -
Symantec 20101.1.1.7 2010.09.09 -
TheHacker 6.7.0.0.012 2010.09.09 -
TrendMicro 9.120.0.1004 2010.09.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.09 -
VBA32 3.12.14.0 2010.09.08 -
ViRobot 2010.9.8.4031 2010.09.09 -
VirusBuster 12.64.26.0 2010.09.09 -
Additional information
Show all
MD5 : 419883201ca9ad697ccfb8fc46dd6f78
SHA1 : 8502c5f6ca93f203e3fdc97b072bfcf95323a33e
SHA256: 477428d8abff751016f5077a3fb4c8a25cda4eba7cad8e33c36d5439a995d7f1
ssdeep: 3072:qeiF4a4/g72jQidg++WNhBn1RflD+EGNwM7SVyd:Za4O8mvmXjfoxL7J
File size : 270888 bytes
First seen: 2009-04-25 09:57:35
Last seen : 2010-09-09 19:41:26
TrID:
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
sigcheck:
publisher....: Sunbelt Software, Inc.
copyright....: Copyright (c) 2002-2008 Sunbelt Software, Inc. All rights reserved.
product......: Sunbelt Personal Firewall
description..: Sunbelt Personal Firewall driver
original name: SbFw.sys
internal name: SbFw.sys
file version.: 4.6.1860.0
comments.....: n/a
signers......: SUNBELT SOFTWARE DISTRIBUTION
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 12:22 PM 10/31/2008
verified.....: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x3D605
timedatestamp....: 0x490ADC0E (Fri Oct 31 10:21:02 2008)
machinetype......: 0x14c (I386)

[[ 7 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x480, 0x1F9E5, 0x1FA00, 6.57, f89229eb721a532c0609e8c08eae423f
.rdata, 0x1FE80, 0xF90, 0x1000, 3.73, 13b78e19925bc113b0a903cfbb0db7c8
.data, 0x20E80, 0x1C0C4, 0x1C100, 0.12, 201593d8def0c38aaf089c45450eaeab
PAGE, 0x3CF80, 0x61A, 0x680, 5.86, a1ca50d250a24edf0280b2327334ea7b
INIT, 0x3D600, 0xEF4, 0xF00, 5.66, 134bbd5d884becb284e07901d51a9bd5
.rsrc, 0x3E500, 0x588, 0x600, 3.23, 28f49ee8d77caf9a7fea31f1e78a723f
.reloc, 0x3EB00, 0x21A4, 0x2200, 6.36, cb8fe2156d05f9a53c53182cd6828a2d

[[ 4 import(s) ]]
ntoskrnl.exe: ZwCreateEvent, RtlAppendUnicodeToString, RtlCopyUnicodeString, ExFreePoolWithTag, ExAllocatePoolWithTag, KeNumberProcessors, KeClearEvent, KeWaitForMultipleObjects, KeSetEvent, KeCancelTimer, KeSetTimerEx, KeInitializeDpc, KeInitializeTimer, ZwWaitForSingleObject, ZwSetEvent, KeReadStateEvent, KeSetPriorityThread, KeGetCurrentThread, strncat, strrchr, strncpy, MmIsAddressValid, _wcsicmp, IoWMIWriteEvent, MmGetSystemRoutineAddress, RtlFreeUnicodeString, RtlStringFromGUID, RtlQueryRegistryValues, RtlCompareMemory, IoWMIRegistrationControl, IofCallDriver, IofCompleteRequest, IoDeleteDevice, IoCreateDevice, IoRegisterShutdownNotification, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, IoFreeMdl, MmUnlockPages, MmProbeAndLockPages, IoAllocateMdl, ZwCreateFile, ZwQueryInformationFile, ZwReadFile, ZwWriteFile, ZwQuerySystemInformation, ZwOpenKey, ZwQueryValueKey, ZwFlushKey, ZwSetValueKey, MmQuerySystemSize, KeQuerySystemTime, IoFreeWorkItem, IoQueueWorkItem, IoAllocateWorkItem, RtlUnicodeStringToInteger, PsGetVersion, ObReferenceObjectByHandle, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, memmove, strchr, IoGetCurrentProcess, wcschr, wcsrchr, wcsncat, ZwEnumerateValueKey, wcsncpy, ZwQueryDirectoryFile, ZwOpenFile, _stricmp, ExGetPreviousMode, ObQueryNameString, ProbeForWrite, ProbeForRead, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwQueryVolumeInformationFile, _snprintf, ZwQueryInformationProcess, ZwFsControlFile, ZwClearEvent, ZwDeviceIoControlFile, MmSectionObjectType, IoQueryFileInformation, ZwOpenThread, ZwOpenProcess, ZwTerminateProcess, PsThreadType, KeServiceDescriptorTable, IoFileObjectType, RtlRandom, ZwDeleteValueKey, ZwDeleteKey, ZwDeleteFile, ZwSetInformationFile, ZwCreateKey, ZwResetEvent, PsSetCreateThreadNotifyRoutine, PsSetCreateProcessNotifyRoutine, ExInterlockedPopEntrySList, ExInterlockedPushEntrySList, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, IoFreeIrp, MmBuildMdlForNonPagedPool, IoAllocateIrp, KeResetEvent, MmMapLockedPagesSpecifyCache, IoDetachDevice, IoAttachDeviceToDeviceStack, IoGetRelatedDeviceObject, KeTickCount, KeBugCheckEx, IoCreateSymbolicLink, ZwCreateSection, ZwMapViewOfSection, KeInitializeEvent, KeWaitForSingleObject, ZwUnmapViewOfSection, swprintf, RtlInitUnicodeString, IoDeleteSymbolicLink, ZwClose, ObfDereferenceObject, memset, memcpy, RtlUnwind, RtlTimeToTimeFields, ExSystemTimeToLocalTime, _vsnprintf, KeQueryTimeIncrement, _aulldiv, _allmul, DbgPrint, RtlAnsiCharToUnicodeChar
HAL.dll: KfReleaseSpinLock, KfAcquireSpinLock, KfRaiseIrql, KeGetCurrentIrql, KfLowerIrql
NDIS.SYS: NdisInitializeTimer, NdisSetTimer
TDI.SYS: TdiCopyMdlToBuffer, TdiCopyBufferToMdl, TdiMapUserRequest

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
You can add basic styles to your comments using the following accepted bbcode tags:

text -- bold
text -- italics
text -- underline
[s]text[/s] -- strikethrough

Kód: Vybrat vše

text

-- preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.

Goodware
Malware
Spam attachment/link

P2P download
Propagating via IM
Network worm

Drive-by-download

Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review.
Preview comment Edit comment
Post comment
Posting comment...
Comment successfully posted

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
VirusTotal © Hispasec Sistemas - Blog - Twitter - Contact: info@virustotal.com - Terms of Service & Privacy Policy

#12 Příspěvek od **vyosek** » 09 zář 2010 20:51

Odkaz vypada sice jinak, vy jste to zkopiroval cele, ale nevadi, ja z toho info co jsem chtel vycetl....

Pokud nemate, tak presunte Combofix na plochu

Vypnete rezidentni stit antiviru
Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Collect::
c:\windows\system32\vbzip11.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"=-
"TkBellExe"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

File::
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\Adobe Gamma Loader.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

DavidHron · #13 Příspěvek od **DavidHron** » 09 zář 2010 21:22

Tak jsem se snažil držet imstrukcí,když byl sken ComboFix tak v 50% naskočila modrá obrazovka pc se restarovalo Windows nabehl ale log nevyskočil

#14 Příspěvek od **vyosek** » 09 zář 2010 21:26

Nevadi, smazeme to jinak...

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"=-
"TkBellExe"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

:files
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
c:\windows\system32\vbzip11.dll
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1123561945-725345543-500.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1123561945-725345543-500.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Sem pote dejte obsah okna Results (pod zelenou carou)
Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles

DavidHron · #15 Příspěvek od **DavidHron** » 09 zář 2010 21:36

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdate not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminator not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TkBellExe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM not found.
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent\ not found.
========== FILES ==========
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\vbzip11.dll
c:\windows\system32\vbzip11.dll moved successfully.
C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1123561945-725345543-500.job moved successfully.
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1123561945-725345543-500.job moved successfully.
File/Folder C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File/Folder C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder moved successfully.
C:\WINDOWS\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP16B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP247.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F6.tmp folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 338947 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 76236805 bytes
->Flash cache emptied: 2444 bytes

User: All Users

User: David xxx
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 592 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 73,00 mb

OTM by OldTimer - Version 3.1.15.0 log created on 09092010_223119

VIRY.CZ

Pc se zasekává a je velmi pomalé

Pc se zasekává a je velmi pomalé

Re: Pc se zasekává a je velmi pomalé

Re: Pc se zasekává a je velmi pomalé

Re: Pc se zasekává a je velmi pomalé

Re: Pc se zasekává a je velmi pomalé

Re: Pc se zasekává a je velmi pomalé

Re: Pc se zasekává a je velmi pomalé

Re: Pc se zasekává a je velmi pomalé

Re: Pc se zasekává a je velmi pomalé

Re: Pc se zasekává a je velmi pomalé

Re: Pc se zasekává a je velmi pomalé

Re: Pc se zasekává a je velmi pomalé

Re: Pc se zasekává a je velmi pomalé

Re: Pc se zasekává a je velmi pomalé

Re: Pc se zasekává a je velmi pomalé