Logfile of random's system information tool 1.07 (written by random/random)
Run by ADMIN at 2010-05-26 22:49:19
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (17%) free of 30 GB
Total RAM: 511 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:49:58, on 26.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ADMIN\Plocha\RSIT.exe
C:\Program Files\trend micro\ADMIN.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: (no name) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Internet Antivirus Pro] "C:\Program Files\Internet Antivirus Pro\IAPro.exe" /s
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S6A.tmp" /EF "HKCU"
O4 - HKCU\..\Policies\Explorer\Run: [inthethe] "C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\TomTom\HOME\TomTom HOME 2\xul\updates\0\inthethe.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{613CB2F6-35C6-450B-8A9B-1E47D44DCE5D}: NameServer = 194.228.41.113 160.218.161.54
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Guard Service (ITGrdEngine) - Unknown owner - C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Microsoft\Windows\services.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Chráněné úložiště ProtectedStoragenSvcLog (ProtectedStoragenSvcLog) - Unknown owner - C:\WINDOWS\system32\adsntr.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sukoku Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\Sukoku\sukoku125.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 10299 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\User_Feed_Synchronization-{A00810C2-6A4E-422C-8E3F-49BE46D4CFFC}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]
{D5D47440-0750-463D-BAEF-A47D02414806}
{E9FAB13D-4600-49E1-90D1-EE961C859D39}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-04-22 5898240]
"nwiz"=nwiz.exe /install []
"SW20"=C:\WINDOWS\system32\sw20.exe [2005-06-30 200704]
"SW24"=C:\WINDOWS\system32\sw24.exe [2005-07-04 69632]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-04-22 86016]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-04-29 266240]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-07-12 81920]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"Logitech Utility"=C:\WINDOWS\LOGI_MWX.EXE [2003-12-11 20992]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2009-08-05 199264]
"F-Secure TNB"=C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [2009-08-05 2349664]
"services"=C:\WINDOWS\services.exe []
"Internet Connection Wizard Setup Tool"=C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-04-24 2064736]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe []
"9xadiras"=9xadiras.exe []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
"Internet Antivirus Pro"=C:\Program Files\Internet Antivirus Pro\IAPro.exe /s []
"EPSON SX100 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE [2008-02-05 188928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"inthethe"=C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\TomTom\HOME\TomTom HOME 2\xul\updates\0\inthethe.exe []
C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
DSLMON.lnk - C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Documents and Settings\ADMIN\Nabídka Start\Programy\Po spuštění
Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-13 12464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Disabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Relook PCEditor\PCEditorU.exe"="C:\Program Files\Relook PCEditor\PCEditorU.exe:*:Enabled:PCEditorU"
"C:\Program Files\Relook PCEditor\PCEditor.exe"="C:\Program Files\Relook PCEditor\PCEditor.exe:*:Enabled:PCEditor"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f05a598-8865-11dc-9cdc-0013d4de5ec9}]
shell\AutoRun\command - F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{406a47ca-23f6-11dc-9c1d-0013d4de5ec9}]
shell\AutoRun\command - F:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "Crypted"
shell\dismount\command - F:\TrueCrypt\TrueCrypt.exe /q /d
shell\mount\command - F:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "Crypted"
shell\open\command - F:\TrueCrypt\TrueCrypt.exe /e /m rm /v "Crypted"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{727a6b53-6245-11d9-8620-806d6172696f}]
shell\AutoRun\command - F:\ASUSACPI.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7aa8cd8-d69a-11dd-9ee6-4d6564696130}]
shell\AutoRun\command - F:\InstallTomTomHOME.exe
======List of files/folders created in the last 1 months======
2010-05-26 13:23:28 ----SHD---- C:\Config.Msi
2010-05-26 12:24:24 ----D---- C:\Program Files\trend micro
2010-05-26 12:24:23 ----D---- C:\rsit
2010-05-23 08:45:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-05-23 08:36:47 ----A---- C:\WINDOWS\system32\javaws.exe
2010-05-23 08:36:46 ----A---- C:\WINDOWS\system32\javaw.exe
2010-05-23 08:36:46 ----A---- C:\WINDOWS\system32\java.exe
2010-05-23 08:32:26 ----D---- C:\Program Files\Java
2010-05-23 08:31:59 ----D---- C:\Program Files\Common Files\Java
2010-05-19 15:16:37 ----A---- C:\WINDOWS\adidsl.ini
2010-05-19 15:16:09 ----A---- C:\WINDOWS\system32\IPDETECT.EXE
2010-05-19 15:16:09 ----A---- C:\WINDOWS\system32\AdADIx32.dll
2010-05-19 15:16:09 ----A---- C:\WINDOWS\adiras.ini
2010-05-19 15:16:09 ----A---- C:\WINDOWS\2kadiras.exe
2010-05-19 15:16:03 ----A---- C:\WINDOWS\system32\unaddrv.exe
2010-05-19 15:16:03 ----A---- C:\WINDOWS\system32\AdADIx2K.dll
2010-05-19 15:16:02 ----A---- C:\WINDOWS\system32\ADADIX16.DLL
2010-05-19 15:16:00 ----A---- C:\WINDOWS\autoclk.exe
2010-05-18 19:02:28 ----RA---- C:\WINDOWS\system32\adinst32.dll
2010-05-12 21:20:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
======List of files/folders modified in the last 1 months======
2010-05-26 22:50:00 ----D---- C:\WINDOWS\Temp
2010-05-26 22:46:42 ----D---- C:\WINDOWS\Microsoft.NET
2010-05-26 22:46:37 ----RSD---- C:\WINDOWS\assembly
2010-05-26 22:43:46 ----D---- C:\Program Files\Mozilla Firefox
2010-05-26 22:42:21 ----D---- C:\WINDOWS
2010-05-26 13:26:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-26 13:25:58 ----SHD---- C:\WINDOWS\Installer
2010-05-26 13:25:58 ----D---- C:\WINDOWS\Prefetch
2010-05-26 13:25:44 ----D---- C:\WINDOWS\system32
2010-05-26 13:25:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-26 13:25:05 ----D---- C:\WINDOWS\WinSxS
2010-05-26 13:20:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-26 13:20:20 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-26 13:20:01 ----HD---- C:\WINDOWS\inf
2010-05-26 13:19:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-26 12:24:24 ----RD---- C:\Program Files
2010-05-23 12:41:54 ----D---- C:\WINDOWS\system32\drivers
2010-05-23 12:38:05 ----A---- C:\WINDOWS\imsins.BAK
2010-05-23 08:31:59 ----D---- C:\Program Files\Common Files
2010-05-19 15:15:54 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-19 15:10:07 ----D---- C:\WINDOWS\security
2010-05-12 21:20:42 ----D---- C:\Program Files\Outlook Express
2010-05-12 19:46:36 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-13 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-13 29512]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-04-24 242896]
R3 adiusbaw;ADSL USB MODEM WAN ADAPTER; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2004-01-12 127721]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-07-15 3640000]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
R3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2003-12-11 51582]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2003-12-11 70894]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-04-22 3095680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-11-13 46423]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-23 9600]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-04-11 63248]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-04-11 79376]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PVRUSBDriver;PVR USB MANUFACTURE; C:\WINDOWS\System32\Drivers\PVRUSBDriver.sys [2003-12-28 45312]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VESTAUSB;VESTAUSB.Sys VESTAUSB Bulk IO driver; C:\WINDOWS\System32\Drivers\VESTAUSB.sys [2004-01-09 12928]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-13 916760]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-04-29 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-04-29 131136]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-04-29 57412]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-04-22 127043]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S2 FSMA;FSMA; C:\Program Files\F-Secure\Common\FSMA32.EXE [2009-08-05 186976]
S2 ITGrdEngine;Guard Service; C:\Documents and Settings\ADMIN\Local Settings\Data aplikací\Microsoft\Windows\services.exe []
S2 ProtectedStoragenSvcLog;Chráněné úložiště ProtectedStoragenSvcLog; C:\WINDOWS\system32\adsntr.exe srv []
S2 Sukoku Service;Sukoku Service; C:\Documents and Settings\All Users\Data aplikací\Sukoku\sukoku125.exe C:\Program Files\Sukoku\sukoku.dll Service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [2009-08-05 522848]
S3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\F-Secure\ORSP Client\fsorsp.exe [2009-08-05 55904]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím o kontrolu logu děkuji
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: prosím o kontrolu logu děkuji
Dobry.
Otestujte na virustotal.com :
C:\WINDOWS\services.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe
Vysledky potom sem.
Otestujte na virustotal.com :
C:\WINDOWS\services.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe
Vysledky potom sem.
► Vyšla moja nová kniha BOTNETY! 
Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: prosím o kontrolu logu děkuji
C:\WINDOWS\system32\winlogon.exe Soubor winlogon.exe přijatý 2010.05.14 13:33:00 (UTC)
Současný stav: Dokončeno
Výsledek: 2/41 (4.88%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.14.01 2010.05.14 -
AntiVir 8.2.1.242 2010.05.14 -
Antiy-AVL 2.0.3.7 2010.05.14 Trojan/Win32.Patched.gen
Authentium 5.2.0.5 2010.05.14 -
Avast 4.8.1351.0 2010.05.13 -
Avast5 5.0.332.0 2010.05.13 -
AVG 9.0.0.787 2010.05.14 -
BitDefender 7.2 2010.05.14 -
CAT-QuickHeal 10.00 2010.05.14 -
ClamAV 0.96.0.3-git 2010.05.14 -
Comodo 4837 2010.05.14 -
DrWeb 5.0.2.03300 2010.05.14 -
eSafe 7.0.17.0 2010.05.13 Win32.Agent.ha
eTrust-Vet 35.2.7488 2010.05.14 -
F-Prot 4.5.1.85 2010.05.14 -
F-Secure 9.0.15370.0 2010.05.14 -
Fortinet 4.1.133.0 2010.05.14 -
GData 21 2010.05.14 -
Ikarus T3.1.1.84.0 2010.05.14 -
Jiangmin 13.0.900 2010.05.14 -
Kaspersky 7.0.0.125 2010.05.14 -
McAfee 5.400.0.1158 2010.05.14 -
McAfee-GW-Edition 2010.1 2010.05.14 -
Microsoft 1.5703 2010.05.14 -
NOD32 5114 2010.05.14 -
Norman 6.04.12 2010.05.14 -
nProtect 2010-05-14.01 2010.05.14 -
Panda 10.0.2.7 2010.05.14 -
PCTools 7.0.3.5 2010.05.14 -
Prevx 3.0 2010.05.14 -
Rising 22.47.04.03 2010.05.14 -
Sophos 4.53.0 2010.05.14 -
Sunbelt 6302 2010.05.14 -
Symantec 20101.1.0.89 2010.05.14 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.14 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.14 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.14.2316 2010.05.14 -
VirusBuster 5.0.27.0 2010.05.14 -
Rozšiřující informace
File size: 502272 bytes
MD5 : 221c29ae1b4cc61d11d8b27de78b2307
SHA1 : b88e9fc2e1205559e3fc8c3b562ec45b56bb2595
SHA256: 70f824164fc862aaaf740dee7d6f77f78d51a27ee1caec344a203f58b7dddbaa
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3D353
timedatestamp.....: 0x41107EDC (Wed Aug 4 08:14:52 2004)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6F288 0x6F400 6.82 f2a1a72e8c281afe4b8a0661ce10d471
.data 0x71000 0x4D90 0x2000 6.20 baa64d00a5f8a540a38a60d2aff66f30
.rsrc 0x76000 0x9038 0x9200 3.96 086018373f540a35dad6a9a2cc53be93
( 0 imports )
( 0 exports )
TrID : File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
ssdeep: 6144:LYuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnmhPnpdcrFIzdFz/N5WjyfTNQb:LVLBhic7Qy1vSneJFDNhp81
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Opera_n_ syst_m Microsoft_ Windows_
description..: Windows NT Logon Application
original name: WINLOGON.EXE
internal name: winlogon
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
CWSandbox: http://research.sunbelt-software.com/pa ... 7de78b2307
RDS : NSRL Reference Data Set
-
VAROVÁNÍ VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!
Scan another file
VirusTotal © Hispasec Sistemas - Blog - Kontakt: info@virustotal.com - Terms of Service & Pr
Serices.exe-nenalezeno
Soubor explorer.exe přijatý 2010.04.11 18:20:25 (UTC)
Současný stav: Dokončeno
Výsledek: 0/38 (0.00%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.04.11 -
AhnLab-V3 5.0.0.2 2010.04.10 -
AntiVir 7.10.6.55 2010.04.09 -
Antiy-AVL 2.0.3.7 2010.04.09 -
Authentium 5.2.0.5 2010.04.11 -
Avast 4.8.1351.0 2010.04.11 -
Avast5 5.0.332.0 2010.04.11 -
AVG 9.0.0.787 2010.04.11 -
BitDefender 7.2 2010.04.11 -
CAT-QuickHeal 10.00 2010.04.10 -
ClamAV 0.96.0.3-git 2010.04.11 -
Comodo 4570 2010.04.11 -
DrWeb 5.0.2.03300 2010.04.11 -
eTrust-Vet 35.2.7418 2010.04.09 -
F-Prot 4.5.1.85 2010.04.11 -
F-Secure 9.0.15370.0 2010.04.11 -
Fortinet 4.0.14.0 2010.04.10 -
GData 19 2010.04.11 -
Ikarus T3.1.1.80.0 2010.04.11 -
Jiangmin 13.0.900 2010.04.11 -
Kaspersky 7.0.0.125 2010.04.11 -
McAfee-GW-Edition 6.8.5 2010.04.11 -
Microsoft 1.5605 2010.04.11 -
NOD32 5018 2010.04.11 -
Norman 6.04.11 2010.04.10 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.11 -
PCTools 7.0.3.5 2010.04.11 -
Prevx 3.0 2010.04.11 -
Rising 22.42.06.04 2010.04.11 -
Sophos 4.52.0 2010.04.11 -
Sunbelt 6164 2010.04.11 -
Symantec 20091.2.0.41 2010.04.11 -
TheHacker 6.5.2.0.259 2010.04.11 -
TrendMicro 9.120.0.1004 2010.04.11 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.10.2270 2010.04.10 -
VirusBuster 5.0.27.0 2010.04.11 -
Rozšiřující informace
File size: 1033728 bytes
MD5 : ed7b460b142a32097b8a8f6ecc941815
SHA1 : 0da100a6d05ca97c0eb7035dbf21df2c038d1966
SHA256: c43306c5c6ce4702dc68bc59b7deac23b3fd2adbd3f7c716b7e1454a69bba662
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1A8CE
timedatestamp.....: 0x466FC588 (Wed Jun 13 12:23:04 2007)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44AD9 0x44C00 6.36 7de882aa0da62b155286cb91c8f0fbd9
.data 0x46000 0x1DB4 0x1800 1.30 25fdde5ea7a06e94390eb8773b825a55
.rsrc 0x48000 0xB2410 0xB2600 6.63 7d96c0b07a1dc3ae377aaf5bce9eaf74
.reloc 0xFB000 0x3720 0x3800 6.76 924c25a2a1584ac973811d65894c44fa
( 13 imports )
> advapi32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> browseui.dll: -, -, -, -
> gdi32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> kernel32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> oleaut32.dll: -, -
> shdocvw.dll: -, -, -
> shell32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> shlwapi.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -
> user32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> uxtheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed
( 0 exports )
TrID : File type identification
60.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.6% (.EXE) Win32 Executable Generic (8527/13/3)
14.7% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
3.9% (.EXE) Generic Win/DOS Executable (2002/3)
3.8% (.EXE) DOS Executable Generic (2000/1)
ssdeep: 12288:CRFHBdIwCDrA6hWVz0v/ugh++sNzaQG5oJpaz/g/J/v5GyM:CzhOwCDE6hCOm4++sN7Gmaz/g/J/xGy
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Microsoft(R) Windows (R) 2000 Operating System
description..: Pr_zkumn_k Windows
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
C:\WINDOWS\system32\svchost.exe
PEiD : -
CWSandbox: http://research.sunbelt-software.com/pa ... 6ecc941815
RDS : NSRL Reference Data Set
-
VAROVÁNÍ VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!
Scan another file
VirusTotal © Hispasec Sistemas - B
Současný stav: Dokončeno
Výsledek: 2/41 (4.88%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.14.01 2010.05.14 -
AntiVir 8.2.1.242 2010.05.14 -
Antiy-AVL 2.0.3.7 2010.05.14 Trojan/Win32.Patched.gen
Authentium 5.2.0.5 2010.05.14 -
Avast 4.8.1351.0 2010.05.13 -
Avast5 5.0.332.0 2010.05.13 -
AVG 9.0.0.787 2010.05.14 -
BitDefender 7.2 2010.05.14 -
CAT-QuickHeal 10.00 2010.05.14 -
ClamAV 0.96.0.3-git 2010.05.14 -
Comodo 4837 2010.05.14 -
DrWeb 5.0.2.03300 2010.05.14 -
eSafe 7.0.17.0 2010.05.13 Win32.Agent.ha
eTrust-Vet 35.2.7488 2010.05.14 -
F-Prot 4.5.1.85 2010.05.14 -
F-Secure 9.0.15370.0 2010.05.14 -
Fortinet 4.1.133.0 2010.05.14 -
GData 21 2010.05.14 -
Ikarus T3.1.1.84.0 2010.05.14 -
Jiangmin 13.0.900 2010.05.14 -
Kaspersky 7.0.0.125 2010.05.14 -
McAfee 5.400.0.1158 2010.05.14 -
McAfee-GW-Edition 2010.1 2010.05.14 -
Microsoft 1.5703 2010.05.14 -
NOD32 5114 2010.05.14 -
Norman 6.04.12 2010.05.14 -
nProtect 2010-05-14.01 2010.05.14 -
Panda 10.0.2.7 2010.05.14 -
PCTools 7.0.3.5 2010.05.14 -
Prevx 3.0 2010.05.14 -
Rising 22.47.04.03 2010.05.14 -
Sophos 4.53.0 2010.05.14 -
Sunbelt 6302 2010.05.14 -
Symantec 20101.1.0.89 2010.05.14 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.14 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.14 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.14.2316 2010.05.14 -
VirusBuster 5.0.27.0 2010.05.14 -
Rozšiřující informace
File size: 502272 bytes
MD5 : 221c29ae1b4cc61d11d8b27de78b2307
SHA1 : b88e9fc2e1205559e3fc8c3b562ec45b56bb2595
SHA256: 70f824164fc862aaaf740dee7d6f77f78d51a27ee1caec344a203f58b7dddbaa
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3D353
timedatestamp.....: 0x41107EDC (Wed Aug 4 08:14:52 2004)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6F288 0x6F400 6.82 f2a1a72e8c281afe4b8a0661ce10d471
.data 0x71000 0x4D90 0x2000 6.20 baa64d00a5f8a540a38a60d2aff66f30
.rsrc 0x76000 0x9038 0x9200 3.96 086018373f540a35dad6a9a2cc53be93
( 0 imports )
( 0 exports )
TrID : File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
ssdeep: 6144:LYuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnmhPnpdcrFIzdFz/N5WjyfTNQb:LVLBhic7Qy1vSneJFDNhp81
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Opera_n_ syst_m Microsoft_ Windows_
description..: Windows NT Logon Application
original name: WINLOGON.EXE
internal name: winlogon
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
CWSandbox: http://research.sunbelt-software.com/pa ... 7de78b2307
RDS : NSRL Reference Data Set
-
VAROVÁNÍ VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!
Scan another file
VirusTotal © Hispasec Sistemas - Blog - Kontakt: info@virustotal.com - Terms of Service & Pr
Serices.exe-nenalezeno
Soubor explorer.exe přijatý 2010.04.11 18:20:25 (UTC)
Současný stav: Dokončeno
Výsledek: 0/38 (0.00%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.04.11 -
AhnLab-V3 5.0.0.2 2010.04.10 -
AntiVir 7.10.6.55 2010.04.09 -
Antiy-AVL 2.0.3.7 2010.04.09 -
Authentium 5.2.0.5 2010.04.11 -
Avast 4.8.1351.0 2010.04.11 -
Avast5 5.0.332.0 2010.04.11 -
AVG 9.0.0.787 2010.04.11 -
BitDefender 7.2 2010.04.11 -
CAT-QuickHeal 10.00 2010.04.10 -
ClamAV 0.96.0.3-git 2010.04.11 -
Comodo 4570 2010.04.11 -
DrWeb 5.0.2.03300 2010.04.11 -
eTrust-Vet 35.2.7418 2010.04.09 -
F-Prot 4.5.1.85 2010.04.11 -
F-Secure 9.0.15370.0 2010.04.11 -
Fortinet 4.0.14.0 2010.04.10 -
GData 19 2010.04.11 -
Ikarus T3.1.1.80.0 2010.04.11 -
Jiangmin 13.0.900 2010.04.11 -
Kaspersky 7.0.0.125 2010.04.11 -
McAfee-GW-Edition 6.8.5 2010.04.11 -
Microsoft 1.5605 2010.04.11 -
NOD32 5018 2010.04.11 -
Norman 6.04.11 2010.04.10 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.11 -
PCTools 7.0.3.5 2010.04.11 -
Prevx 3.0 2010.04.11 -
Rising 22.42.06.04 2010.04.11 -
Sophos 4.52.0 2010.04.11 -
Sunbelt 6164 2010.04.11 -
Symantec 20091.2.0.41 2010.04.11 -
TheHacker 6.5.2.0.259 2010.04.11 -
TrendMicro 9.120.0.1004 2010.04.11 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.10.2270 2010.04.10 -
VirusBuster 5.0.27.0 2010.04.11 -
Rozšiřující informace
File size: 1033728 bytes
MD5 : ed7b460b142a32097b8a8f6ecc941815
SHA1 : 0da100a6d05ca97c0eb7035dbf21df2c038d1966
SHA256: c43306c5c6ce4702dc68bc59b7deac23b3fd2adbd3f7c716b7e1454a69bba662
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1A8CE
timedatestamp.....: 0x466FC588 (Wed Jun 13 12:23:04 2007)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44AD9 0x44C00 6.36 7de882aa0da62b155286cb91c8f0fbd9
.data 0x46000 0x1DB4 0x1800 1.30 25fdde5ea7a06e94390eb8773b825a55
.rsrc 0x48000 0xB2410 0xB2600 6.63 7d96c0b07a1dc3ae377aaf5bce9eaf74
.reloc 0xFB000 0x3720 0x3800 6.76 924c25a2a1584ac973811d65894c44fa
( 13 imports )
> advapi32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> browseui.dll: -, -, -, -
> gdi32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> kernel32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> oleaut32.dll: -, -
> shdocvw.dll: -, -, -
> shell32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> shlwapi.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -
> user32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> uxtheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed
( 0 exports )
TrID : File type identification
60.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.6% (.EXE) Win32 Executable Generic (8527/13/3)
14.7% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
3.9% (.EXE) Generic Win/DOS Executable (2002/3)
3.8% (.EXE) DOS Executable Generic (2000/1)
ssdeep: 12288:CRFHBdIwCDrA6hWVz0v/ugh++sNzaQG5oJpaz/g/J/v5GyM:CzhOwCDE6hCOm4++sN7Gmaz/g/J/xGy
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Microsoft(R) Windows (R) 2000 Operating System
description..: Pr_zkumn_k Windows
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
C:\WINDOWS\system32\svchost.exe
PEiD : -
CWSandbox: http://research.sunbelt-software.com/pa ... 6ecc941815
RDS : NSRL Reference Data Set
-
VAROVÁNÍ VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!
Scan another file
VirusTotal © Hispasec Sistemas - B
Re: prosím o kontrolu logu děkuji
Stiahnite si na plochu ComboFix
Nasledne ho spustite (ucet Administratora).
Po spusteni naskocia licencne podmienky s ktorymi suhlaste a pokracujte ANO/YES/OK.
Zacne sken pocas ktoreho neklikajte pomimo okna. Cely sken trva cca. 10 minut.
Po skene ComboFix vygeneruje log, ktory ulozi do cielovej jednotky, napr. c:\ s nazvom ComboFix.log. Obsah celeho logu skopirujte sem.
Nasledne ho spustite (ucet Administratora).
Po spusteni naskocia licencne podmienky s ktorymi suhlaste a pokracujte ANO/YES/OK.
Zacne sken pocas ktoreho neklikajte pomimo okna. Cely sken trva cca. 10 minut.
Po skene ComboFix vygeneruje log, ktory ulozi do cielovej jednotky, napr. c:\ s nazvom ComboFix.log. Obsah celeho logu skopirujte sem.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: prosím o kontrolu logu děkuji
ComboFix 10-05-28.02 - ADMIN 29.05.2010 12:49:31.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.265 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: 9.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-28 do 2010-05-29 )))))))))))))))))))))))))))))))
.
2010-05-28 23:07 . 2004-01-12 12:29 127721 ----a-w- c:\windows\system32\drivers\adiusbaw.sys
2010-05-28 23:07 . 2003-08-20 13:29 32768 ----a-w- c:\windows\2kadiras.exe
2010-05-28 23:07 . 2002-08-15 14:36 135168 ----a-w- c:\windows\system32\unaddrv.exe
2010-05-28 23:07 . 2001-02-09 09:43 4981 ----a-w- c:\windows\system32\AdADIx2K.dll
2010-05-28 23:07 . 2001-02-08 10:05 46892 ----a-w- c:\windows\system32\ADADIX16.DLL
2010-05-28 23:07 . 2002-05-09 13:12 155648 ----a-w- c:\windows\system32\AdADIx32.dll
2010-05-28 23:07 . 2001-07-27 10:25 127456 ----a-w- c:\windows\system32\IPDETECT.EXE
2010-05-28 23:07 . 2004-01-05 09:18 46295 ----a-w- c:\windows\system32\drivers\adildr.sys
2010-05-28 23:07 . 2004-02-13 11:33 122880 ----a-w- c:\windows\autoclk.exe
2010-05-28 23:07 . 2001-05-24 13:24 22395 ----a-w- c:\windows\system32\drivers\fpga.bin
2010-05-26 10:24 . 2010-05-29 10:38 -------- d-----w- c:\program files\trend micro
2010-05-26 10:24 . 2010-05-26 10:24 -------- d-----w- C:\rsit
2010-05-23 10:41 . 2010-05-29 10:56 741376 ----a-w- c:\windows\system32\drivers\ldkzbhnb.sys
2010-05-23 06:32 . 2010-05-23 06:36 -------- d-----w- c:\program files\Java
2010-05-23 06:31 . 2010-05-23 06:45 -------- d-----w- c:\program files\Common Files\Java
2010-05-18 17:02 . 2002-09-24 19:09 6032 ----a-r- c:\windows\system32\adinst32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 09:52 . 2009-03-15 11:08 -------- d-----w- c:\program files\F-Secure
2010-05-28 23:08 . 2010-05-28 23:07 29 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2010-05-28 23:07 . 2005-01-09 14:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 10:10 . 2002-09-23 12:00 91644 ----a-w- c:\windows\system32\perfc005.dat
2010-05-28 10:10 . 2002-09-23 12:00 456526 ----a-w- c:\windows\system32\perfh005.dat
2010-04-24 17:09 . 2010-02-24 16:35 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-17 10:12 . 2010-02-13 11:25 -------- d-----w- c:\program files\Ledové Drahokamy
2010-04-10 12:55 . 2006-08-11 14:26 -------- d-----w- c:\program files\ICQLite
2010-03-13 09:08 . 2010-03-13 09:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 09:08 . 2010-02-24 16:35 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 09:00 . 2010-02-24 16:35 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2007-11-02 18:10 . 2007-11-02 18:10 1291561 ----a-w- c:\program files\Setup_PCEditor_1[1].2.44.exe
2007-11-02 17:59 . 2007-11-02 17:59 24683 ----a-w- c:\program files\PC Editor version history.txt
.
((((((((((((((((((((((((((((( SnapShot@2010-05-28_23.34.53 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-22 5898240]
"nwiz"="nwiz.exe" [2005-04-22 1519616]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-30 200704]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-22 86016]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"SoundMan"="SOUNDMAN.EXE" [2005-07-12 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-11 20992]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"9xadiras"="9xadiras.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
DSLMON.lnk - c:\program files\ADSL\ADSL USB MODEM\dslmon.exe [2010-5-29 929889]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 09:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Relook PCEditor\\PCEditor.exe"=
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [18.5.2009 20:05 80000]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24.2.2010 18:35 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24.2.2010 18:35 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [13.3.2010 11:00 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [13.3.2010 11:06 308064]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 13:31 92008]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [18.5.2009 20:04 55992]
S0 afzhpulu;afzhpulu; [x]
S0 lmkmtjxg;lmkmtjxg; [x]
S2 ITGrdEngine;Guard Service;c:\documents and settings\ADMIN\Local Settings\Data aplikací\Microsoft\Windows\services.exe --> c:\documents and settings\ADMIN\Local Settings\Data aplikací\Microsoft\Windows\services.exe [?]
S2 Sukoku Service;Sukoku Service;"c:\documents and settings\All Users\Data aplikací\Sukoku\sukoku125.exe" "c:\program files\Sukoku\sukoku.dll" Service --> c:\documents and settings\All Users\Data aplikací\Sukoku\sukoku125.exe [?]
S3 PVRUSBDriver;PVR USB MANUFACTURE;c:\windows\system32\drivers\PVRUSBDriver.sys [20.8.2008 16:26 45312]
S3 VESTAUSB;VESTAUSB.Sys VESTAUSB Bulk IO driver;c:\windows\system32\drivers\VESTAUSB.sys [28.12.2006 19:42 12928]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - ldkzbhnb
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
Trusted Zone: mojebanka.cz
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\uc85x02e.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz Search
FF - prefs.js: browser.startup.homepage - hxxp://centrum.cz/firefox
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 12:55
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldkzbhnb]
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(780)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
- - - - - - - > 'explorer.exe'(4720)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-05-29 12:59:13
ComboFix-quarantined-files.txt 2010-05-29 10:59
ComboFix2.txt 2010-05-29 10:34
ComboFix3.txt 2010-05-28 23:39
ComboFix4.txt 2010-05-28 10:12
Před spuštěním: 9 755 070 464
Po spuštění: 9 727 303 680
- - End Of File - - 8121EB52E084D6C1603529EC59A32F40
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.265 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: 9.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-28 do 2010-05-29 )))))))))))))))))))))))))))))))
.
2010-05-28 23:07 . 2004-01-12 12:29 127721 ----a-w- c:\windows\system32\drivers\adiusbaw.sys
2010-05-28 23:07 . 2003-08-20 13:29 32768 ----a-w- c:\windows\2kadiras.exe
2010-05-28 23:07 . 2002-08-15 14:36 135168 ----a-w- c:\windows\system32\unaddrv.exe
2010-05-28 23:07 . 2001-02-09 09:43 4981 ----a-w- c:\windows\system32\AdADIx2K.dll
2010-05-28 23:07 . 2001-02-08 10:05 46892 ----a-w- c:\windows\system32\ADADIX16.DLL
2010-05-28 23:07 . 2002-05-09 13:12 155648 ----a-w- c:\windows\system32\AdADIx32.dll
2010-05-28 23:07 . 2001-07-27 10:25 127456 ----a-w- c:\windows\system32\IPDETECT.EXE
2010-05-28 23:07 . 2004-01-05 09:18 46295 ----a-w- c:\windows\system32\drivers\adildr.sys
2010-05-28 23:07 . 2004-02-13 11:33 122880 ----a-w- c:\windows\autoclk.exe
2010-05-28 23:07 . 2001-05-24 13:24 22395 ----a-w- c:\windows\system32\drivers\fpga.bin
2010-05-26 10:24 . 2010-05-29 10:38 -------- d-----w- c:\program files\trend micro
2010-05-26 10:24 . 2010-05-26 10:24 -------- d-----w- C:\rsit
2010-05-23 10:41 . 2010-05-29 10:56 741376 ----a-w- c:\windows\system32\drivers\ldkzbhnb.sys
2010-05-23 06:32 . 2010-05-23 06:36 -------- d-----w- c:\program files\Java
2010-05-23 06:31 . 2010-05-23 06:45 -------- d-----w- c:\program files\Common Files\Java
2010-05-18 17:02 . 2002-09-24 19:09 6032 ----a-r- c:\windows\system32\adinst32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 09:52 . 2009-03-15 11:08 -------- d-----w- c:\program files\F-Secure
2010-05-28 23:08 . 2010-05-28 23:07 29 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2010-05-28 23:07 . 2005-01-09 14:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 10:10 . 2002-09-23 12:00 91644 ----a-w- c:\windows\system32\perfc005.dat
2010-05-28 10:10 . 2002-09-23 12:00 456526 ----a-w- c:\windows\system32\perfh005.dat
2010-04-24 17:09 . 2010-02-24 16:35 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-17 10:12 . 2010-02-13 11:25 -------- d-----w- c:\program files\Ledové Drahokamy
2010-04-10 12:55 . 2006-08-11 14:26 -------- d-----w- c:\program files\ICQLite
2010-03-13 09:08 . 2010-03-13 09:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 09:08 . 2010-02-24 16:35 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 09:00 . 2010-02-24 16:35 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2007-11-02 18:10 . 2007-11-02 18:10 1291561 ----a-w- c:\program files\Setup_PCEditor_1[1].2.44.exe
2007-11-02 17:59 . 2007-11-02 17:59 24683 ----a-w- c:\program files\PC Editor version history.txt
.
((((((((((((((((((((((((((((( SnapShot@2010-05-28_23.34.53 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-22 5898240]
"nwiz"="nwiz.exe" [2005-04-22 1519616]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-30 200704]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-22 86016]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"SoundMan"="SOUNDMAN.EXE" [2005-07-12 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-11 20992]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"9xadiras"="9xadiras.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
DSLMON.lnk - c:\program files\ADSL\ADSL USB MODEM\dslmon.exe [2010-5-29 929889]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 09:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Relook PCEditor\\PCEditor.exe"=
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [18.5.2009 20:05 80000]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24.2.2010 18:35 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24.2.2010 18:35 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [13.3.2010 11:00 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [13.3.2010 11:06 308064]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 13:31 92008]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [18.5.2009 20:04 55992]
S0 afzhpulu;afzhpulu; [x]
S0 lmkmtjxg;lmkmtjxg; [x]
S2 ITGrdEngine;Guard Service;c:\documents and settings\ADMIN\Local Settings\Data aplikací\Microsoft\Windows\services.exe --> c:\documents and settings\ADMIN\Local Settings\Data aplikací\Microsoft\Windows\services.exe [?]
S2 Sukoku Service;Sukoku Service;"c:\documents and settings\All Users\Data aplikací\Sukoku\sukoku125.exe" "c:\program files\Sukoku\sukoku.dll" Service --> c:\documents and settings\All Users\Data aplikací\Sukoku\sukoku125.exe [?]
S3 PVRUSBDriver;PVR USB MANUFACTURE;c:\windows\system32\drivers\PVRUSBDriver.sys [20.8.2008 16:26 45312]
S3 VESTAUSB;VESTAUSB.Sys VESTAUSB Bulk IO driver;c:\windows\system32\drivers\VESTAUSB.sys [28.12.2006 19:42 12928]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - ldkzbhnb
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
Trusted Zone: mojebanka.cz
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\uc85x02e.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz Search
FF - prefs.js: browser.startup.homepage - hxxp://centrum.cz/firefox
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 12:55
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldkzbhnb]
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(780)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
- - - - - - - > 'explorer.exe'(4720)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-05-29 12:59:13
ComboFix-quarantined-files.txt 2010-05-29 10:59
ComboFix2.txt 2010-05-29 10:34
ComboFix3.txt 2010-05-28 23:39
ComboFix4.txt 2010-05-28 10:12
Před spuštěním: 9 755 070 464
Po spuštění: 9 727 303 680
- - End Of File - - 8121EB52E084D6C1603529EC59A32F40
Re: prosím o kontrolu logu děkuji
Na virustotal.com otestujte este toto : c:\documents and settings\All Users\Data aplikací\Sukoku\sukoku125.exe
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: prosím o kontrolu logu děkuji
Změnil jsem antivirový program a tak s kontrolou zatím končím.Děkuji ti za pomoc.
Re: prosím o kontrolu logu děkuji
Ale, ved tam mas rootkity 
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: prosím o kontrolu logu děkuji
Naistaloval jsem antivir od O2.Pokud chci prověřit soubor (sudoku atd.),jak jsi psal,tak mi to hlásí,že nebyl nalezen.
Re: prosím o kontrolu logu děkuji
omyl ne sudoku,ale sukoku,jak jsi psal
Re: prosím o kontrolu logu děkuji
Do poznamkoveho bloku skopiruj:
Uloz na plochu ako CFScript.txt, chyt mysou, prenes nad combofix a pusti ako na obrazku. Zacne sken. Po nom vyhodi log ktory skopiruj semkillall::
rootkit::
c:\windows\system32\drivers\ldkzbhnb.sys
c:\documents and settings\ADMIN\Local Settings\Data aplikací\Microsoft\Windows\services.exe
file::
c:\windows\system32\drivers\ldkzbhnb.sys
c:\documents and settings\ADMIN\Local Settings\Data aplikací\Microsoft\Windows\services.exe
driver::
afzhpulu
lmkmtjxg
ITGrdEngine
ldkzbhnb
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: prosím o kontrolu logu děkuji
Tak jsem to snad do poznámkového bloku utvořil,ale mám problém se spuštěním Combofixu.Nechce se otevřít,píše mi to, že je blokován.V nápovědě je psáno najet na hlavní stranu,ale já nevím,jakou hlavní stranu myslí.Jsem jen uživatel,tak měj se mnou trpělivost.Díky
Pokud jsem avg,tak mi to šlo spouštět bez problému.
Pokud jsem avg,tak mi to šlo spouštět bez problému.
Re: prosím o kontrolu logu děkuji
Samozrejme.
Je nutne, aby si vypol antivir a inu ochranu, pokial ju mas nainstalovanu. Povypinaj ju a urob script znovu.
Je nutne, aby si vypol antivir a inu ochranu, pokial ju mas nainstalovanu. Povypinaj ju a urob script znovu.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: prosím o kontrolu logu děkuji
ComboFix 10-06-06.04 - ADMIN 08.06.2010 16:23:19.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.265 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ADMIN\Plocha\CFScript.txt
AV: F-Secure Profi Antivirus 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Profi Antivirus 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Vytvořen nový Bod Obnovení
FILE ::
"c:\documents and settings\ADMIN\Local Settings\Data aplikací\Microsoft\Windows\services.exe"
"c:\windows\system32\drivers\ldkzbhnb.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ITGRDENGINE
-------\Legacy_LDKZBHNB
-------\Service_afzhpulu
-------\Service_ITGrdEngine
-------\Service_ldkzbhnb
-------\Service_lmkmtjxg
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-08 do 2010-06-08 )))))))))))))))))))))))))))))))
.
2010-05-30 10:46 . 2010-05-30 10:55 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-05-28 23:07 . 2004-01-12 12:29 127721 ----a-w- c:\windows\system32\drivers\adiusbaw.sys
2010-05-28 23:07 . 2003-08-20 13:29 32768 ----a-w- c:\windows\2kadiras.exe
2010-05-28 23:07 . 2002-08-15 14:36 135168 ----a-w- c:\windows\system32\unaddrv.exe
2010-05-28 23:07 . 2001-02-09 09:43 4981 ----a-w- c:\windows\system32\AdADIx2K.dll
2010-05-28 23:07 . 2001-02-08 10:05 46892 ----a-w- c:\windows\system32\ADADIX16.DLL
2010-05-28 23:07 . 2002-05-09 13:12 155648 ----a-w- c:\windows\system32\AdADIx32.dll
2010-05-28 23:07 . 2001-07-27 10:25 127456 ----a-w- c:\windows\system32\IPDETECT.EXE
2010-05-28 23:07 . 2004-01-05 09:18 46295 ----a-w- c:\windows\system32\drivers\adildr.sys
2010-05-28 23:07 . 2004-02-13 11:33 122880 ----a-w- c:\windows\autoclk.exe
2010-05-28 23:07 . 2001-05-24 13:24 22395 ----a-w- c:\windows\system32\drivers\fpga.bin
2010-05-26 10:24 . 2010-05-29 11:09 -------- d-----w- c:\program files\trend micro
2010-05-26 10:24 . 2010-05-26 10:24 -------- d-----w- C:\rsit
2010-05-23 06:32 . 2010-05-23 06:36 -------- d-----w- c:\program files\Java
2010-05-23 06:31 . 2010-05-23 06:45 -------- d-----w- c:\program files\Common Files\Java
2010-05-18 17:02 . 2002-09-24 19:09 6032 ----a-r- c:\windows\system32\adinst32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 11:38 . 2009-03-15 11:08 -------- d-----w- c:\program files\F-Secure
2010-05-30 10:45 . 2002-09-23 12:00 93674 ----a-w- c:\windows\system32\perfc005.dat
2010-05-30 10:45 . 2002-09-23 12:00 461038 ----a-w- c:\windows\system32\perfh005.dat
2010-05-28 23:08 . 2010-05-28 23:07 29 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2010-05-28 23:07 . 2005-01-09 14:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-17 10:12 . 2010-02-13 11:25 -------- d-----w- c:\program files\Ledové Drahokamy
2010-04-10 12:55 . 2006-08-11 14:26 -------- d-----w- c:\program files\ICQLite
2007-11-02 18:10 . 2007-11-02 18:10 1291561 ----a-w- c:\program files\Setup_PCEditor_1[1].2.44.exe
2007-11-02 17:59 . 2007-11-02 17:59 24683 ----a-w- c:\program files\PC Editor version history.txt
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-22 5898240]
"nwiz"="nwiz.exe" [2005-04-22 1519616]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-30 200704]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-22 86016]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"SoundMan"="SOUNDMAN.EXE" [2005-07-12 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-11 20992]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"9xadiras"="9xadiras.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
DSLMON.lnk - c:\program files\ADSL\ADSL USB MODEM\dslmon.exe [2010-5-29 929889]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Relook PCEditor\\PCEditor.exe"=
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [30.5.2010 12:46 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [18.5.2009 20:05 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [30.5.2010 12:45 68064]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 13:31 92008]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [30.5.2010 12:45 113864]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [18.5.2009 20:04 55992]
S2 Sukoku Service;Sukoku Service;"c:\documents and settings\All Users\Data aplikací\Sukoku\sukoku125.exe" "c:\program files\Sukoku\sukoku.dll" Service --> c:\documents and settings\All Users\Data aplikací\Sukoku\sukoku125.exe [?]
S3 PVRUSBDriver;PVR USB MANUFACTURE;c:\windows\system32\drivers\PVRUSBDriver.sys [20.8.2008 16:26 45312]
S3 VESTAUSB;VESTAUSB.Sys VESTAUSB Bulk IO driver;c:\windows\system32\drivers\VESTAUSB.sys [28.12.2006 19:42 12928]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [30.5.2010 12:45 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [30.5.2010 12:45 25184]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
Trusted Zone: mojebanka.cz
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\uc85x02e.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz Search
FF - prefs.js: browser.startup.homepage - hxxp://centrum.cz/firefox
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-08 16:33
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\program files\F-Secure\FWES\Program\fsdc32.dll
- - - - - - - > 'lsass.exe'(756)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
c:\program files\F-Secure\FWES\Program\fsdc32.dll
- - - - - - - > 'explorer.exe'(3608)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'csrss.exe'(676)
c:\program files\F-Secure\FWES\Program\fsdc32.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Common\FSHDLL32.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Celkový čas: 2010-06-08 16:37:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-08 14:37
ComboFix2.txt 2010-05-29 10:59
ComboFix3.txt 2010-05-29 10:34
ComboFix4.txt 2010-05-28 23:39
ComboFix5.txt 2010-06-01 15:36
Před spuštěním: 8 384 606 208
Po spuštění: 9 136 607 232
- - End Of File - - 93F1FB35659C2A0E74CF5F1E14B70AE3
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.265 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ADMIN\Plocha\CFScript.txt
AV: F-Secure Profi Antivirus 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Profi Antivirus 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Vytvořen nový Bod Obnovení
FILE ::
"c:\documents and settings\ADMIN\Local Settings\Data aplikací\Microsoft\Windows\services.exe"
"c:\windows\system32\drivers\ldkzbhnb.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ITGRDENGINE
-------\Legacy_LDKZBHNB
-------\Service_afzhpulu
-------\Service_ITGrdEngine
-------\Service_ldkzbhnb
-------\Service_lmkmtjxg
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-08 do 2010-06-08 )))))))))))))))))))))))))))))))
.
2010-05-30 10:46 . 2010-05-30 10:55 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-05-28 23:07 . 2004-01-12 12:29 127721 ----a-w- c:\windows\system32\drivers\adiusbaw.sys
2010-05-28 23:07 . 2003-08-20 13:29 32768 ----a-w- c:\windows\2kadiras.exe
2010-05-28 23:07 . 2002-08-15 14:36 135168 ----a-w- c:\windows\system32\unaddrv.exe
2010-05-28 23:07 . 2001-02-09 09:43 4981 ----a-w- c:\windows\system32\AdADIx2K.dll
2010-05-28 23:07 . 2001-02-08 10:05 46892 ----a-w- c:\windows\system32\ADADIX16.DLL
2010-05-28 23:07 . 2002-05-09 13:12 155648 ----a-w- c:\windows\system32\AdADIx32.dll
2010-05-28 23:07 . 2001-07-27 10:25 127456 ----a-w- c:\windows\system32\IPDETECT.EXE
2010-05-28 23:07 . 2004-01-05 09:18 46295 ----a-w- c:\windows\system32\drivers\adildr.sys
2010-05-28 23:07 . 2004-02-13 11:33 122880 ----a-w- c:\windows\autoclk.exe
2010-05-28 23:07 . 2001-05-24 13:24 22395 ----a-w- c:\windows\system32\drivers\fpga.bin
2010-05-26 10:24 . 2010-05-29 11:09 -------- d-----w- c:\program files\trend micro
2010-05-26 10:24 . 2010-05-26 10:24 -------- d-----w- C:\rsit
2010-05-23 06:32 . 2010-05-23 06:36 -------- d-----w- c:\program files\Java
2010-05-23 06:31 . 2010-05-23 06:45 -------- d-----w- c:\program files\Common Files\Java
2010-05-18 17:02 . 2002-09-24 19:09 6032 ----a-r- c:\windows\system32\adinst32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 11:38 . 2009-03-15 11:08 -------- d-----w- c:\program files\F-Secure
2010-05-30 10:45 . 2002-09-23 12:00 93674 ----a-w- c:\windows\system32\perfc005.dat
2010-05-30 10:45 . 2002-09-23 12:00 461038 ----a-w- c:\windows\system32\perfh005.dat
2010-05-28 23:08 . 2010-05-28 23:07 29 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2010-05-28 23:07 . 2005-01-09 14:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-17 10:12 . 2010-02-13 11:25 -------- d-----w- c:\program files\Ledové Drahokamy
2010-04-10 12:55 . 2006-08-11 14:26 -------- d-----w- c:\program files\ICQLite
2007-11-02 18:10 . 2007-11-02 18:10 1291561 ----a-w- c:\program files\Setup_PCEditor_1[1].2.44.exe
2007-11-02 17:59 . 2007-11-02 17:59 24683 ----a-w- c:\program files\PC Editor version history.txt
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-22 5898240]
"nwiz"="nwiz.exe" [2005-04-22 1519616]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-30 200704]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-22 86016]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"SoundMan"="SOUNDMAN.EXE" [2005-07-12 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-11 20992]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"9xadiras"="9xadiras.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
DSLMON.lnk - c:\program files\ADSL\ADSL USB MODEM\dslmon.exe [2010-5-29 929889]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Relook PCEditor\\PCEditor.exe"=
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [30.5.2010 12:46 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [18.5.2009 20:05 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [30.5.2010 12:45 68064]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 13:31 92008]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [30.5.2010 12:45 113864]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [18.5.2009 20:04 55992]
S2 Sukoku Service;Sukoku Service;"c:\documents and settings\All Users\Data aplikací\Sukoku\sukoku125.exe" "c:\program files\Sukoku\sukoku.dll" Service --> c:\documents and settings\All Users\Data aplikací\Sukoku\sukoku125.exe [?]
S3 PVRUSBDriver;PVR USB MANUFACTURE;c:\windows\system32\drivers\PVRUSBDriver.sys [20.8.2008 16:26 45312]
S3 VESTAUSB;VESTAUSB.Sys VESTAUSB Bulk IO driver;c:\windows\system32\drivers\VESTAUSB.sys [28.12.2006 19:42 12928]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [30.5.2010 12:45 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [30.5.2010 12:45 25184]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
Trusted Zone: mojebanka.cz
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\uc85x02e.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz Search
FF - prefs.js: browser.startup.homepage - hxxp://centrum.cz/firefox
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-08 16:33
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\program files\F-Secure\FWES\Program\fsdc32.dll
- - - - - - - > 'lsass.exe'(756)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
c:\program files\F-Secure\FWES\Program\fsdc32.dll
- - - - - - - > 'explorer.exe'(3608)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'csrss.exe'(676)
c:\program files\F-Secure\FWES\Program\fsdc32.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Common\FSHDLL32.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Celkový čas: 2010-06-08 16:37:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-08 14:37
ComboFix2.txt 2010-05-29 10:59
ComboFix3.txt 2010-05-29 10:34
ComboFix4.txt 2010-05-28 23:39
ComboFix5.txt 2010-06-01 15:36
Před spuštěním: 8 384 606 208
Po spuštění: 9 136 607 232
- - End Of File - - 93F1FB35659C2A0E74CF5F1E14B70AE3
Re: prosím o kontrolu logu děkuji
Dobre.
Este urob tento postup : http://viry.cz/forum/viewtopic.php?f=29&t=11394
Podla navodu urob logy z polozky Kernel Module a log hod sem.
Este urob tento postup : http://viry.cz/forum/viewtopic.php?f=29&t=11394
Podla navodu urob logy z polozky Kernel Module a log hod sem.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Přispějete na provoz fóra?