VIRY.CZ

Ahoj, poslední dobou mám strašně zpomalený internet, nevím jestli to bude problém v signálu modemu a nebo je problém někde v PC, proto bych prosil o kontrolu LOGU.Děkuji předem

Logfile of HijackThis v1.99.1
Scan saved at 19:30, on 2010-02-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PeerSvc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\EA SPORTS\NHL 09\nhl2009.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\uživatel\Plocha\hrubas\programy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://join.clonecashsystem.com/track/N ... 4wLjAuMC4w
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Philips GoGear SA018 Device Manager.lnk = C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=GRfox000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca7bfab81c2c58) (gupdate1ca7bfab81c2c58) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: peersvc Service (peersvc) - Netopsystems A - C:\WINDOWS\system32\PeerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Zdravím

Na logu se pracuje, prosím o strpení.

Určitě počkám:) Jinak tohle forum by mělo získat ocenění co se týče práce adminů...odpovědi jsou rychlé a admini mají zkušenosti a trpělivost

Jménem celého fóra děkuji za kladné hodnocení

Používáte AVG Internet Security nebo AVG Anti-Virus (bez firewallu)

Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.

Tohle otestujte na http://www.virustotal.com/cs/
C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
C:\WINDOWS\system32\PeerSvc.exe

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
- Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
- Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
- Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.

OK

Zavřít

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

Omlouvám se, ale při zapnutí combofixu mi to píše že je pořád zapnuté něco s AVG i když jsem v procesech ukončil všechno. A kdy combofix pokračoval i nadále, tak log měl tolik znaků, že bych to tu musel poslat tak na 20 částí. A aby toho nebylo málo, tak soubor PeerSvc.exe to nenašlo. Omlouvám se za mou neschopnost

Nemáte se za co omlouvat, log z ComboFix uložte na http://www.leteckaposta.cz/ a dejte sem odkaz.

To, že virustotal nenašel soubor nevadí, dořešíme později.

Tak Tady je log z Combofixu : http://leteckaposta.cz/549741104

a tady je ten test co jsem měl udělat:

Soubor GoGear_SA018_DeviceManager.exe přijatý 2010.02.01 20:38:32 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 40 a 57 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.01 -
AhnLab-V3 5.0.0.2 2010.02.01 -
AntiVir 7.9.1.156 2010.02.01 -
Antiy-AVL 2.0.3.7 2010.02.01 -
Authentium 5.2.0.5 2010.01.31 -
Avast 4.8.1351.0 2010.02.01 -
AVG 9.0.0.730 2010.02.01 -
BitDefender 7.2 2010.02.01 -
CAT-QuickHeal 10.00 2010.02.01 -
ClamAV 0.96.0.0-git 2010.02.01 -
Comodo 3785 2010.02.01 -
DrWeb 5.0.1.12222 2010.02.01 -
eSafe 7.0.17.0 2010.02.01 -
eTrust-Vet 35.2.7274 2010.02.01 -
F-Prot 4.5.1.85 2010.01.31 -
F-Secure 9.0.15370.0 2010.02.01 -
Fortinet 4.0.14.0 2010.02.01 -
GData 19 2010.02.01 -
Ikarus T3.1.1.80.0 2010.02.01 -
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.960 2010.01.29 -
Kaspersky 7.0.0.125 2010.02.01 -
McAfee 5879 2010.02.01 -
McAfee+Artemis 5879 2010.02.01 -
McAfee-GW-Edition 6.8.5 2010.02.01 -
Microsoft 1.5406 2010.02.01 -
NOD32 4824 2010.02.01 -
Norman 6.04.03 2010.02.01 -
nProtect 2009.1.8.0 2010.02.01 -
Panda 10.0.2.2 2010.02.01 -
PCTools 7.0.3.5 2010.02.01 -
Prevx 3.0 2010.02.01 -
Rising 22.33.00.04 2010.02.01 -
Sophos 4.50.0 2010.02.01 -
Sunbelt 3.2.1858.2 2010.01.31 -
Symantec 20091.2.0.41 2010.02.01 -
TheHacker 6.5.1.0.175 2010.02.01 -
TrendMicro 9.120.0.1004 2010.02.01 -
VBA32 3.12.12.1 2010.02.01 -
ViRobot 2010.2.1.2166 2010.02.01 -
VirusBuster 5.0.21.0 2010.02.01 -
Rozšiřující informace
File size: 1615232 bytes
MD5...: 7e0dbcb558fa22f9bcd5c63a00e7b924
SHA1..: 5fe618c87a47aa16f08a9aa60b95fc91a71a0f40
SHA256: cae8998b96a727cda0cfb8069423b2b2c721f1ef3877619bf43398160bc8de8a
ssdeep: 12288:g+1lnCpDk55bejWFFI0YDURjkQlf8V0Msj7ouSMQL9DgBg8r:LR55bHFIR
URjkwf+0zvQFajr
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x63e01
timedatestamp.....: 0x49fe96f9 (Mon May 04 07:19:21 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8b47b 0x8c000 6.64 8f0f9b8db7e147ee1c24b7876ad3bbac
.rdata 0x8d000 0x1da36 0x1e000 4.89 85d13a8f412f796e00ddf16df7bf76fa
.data 0xab000 0x96d8 0x5000 4.05 c8d87d50fd903a9bb546dc7883a65215
.rsrc 0xb5000 0xd8fb0 0xd9000 3.36 d50de0ec7895e0a2d1e81890cc5451b5

( 14 imports )
> KERNEL32.dll: SetLastError, InterlockedExchange, GetSystemDirectoryA, GetWindowsDirectoryA, GetModuleFileNameA, GetModuleHandleA, CompareStringA, WinExec, FindClose, ReleaseMutex, HeapAlloc, HeapFree, HeapDestroy, HeapCreate, GetExitCodeProcess, GetCommandLineW, Sleep, FreeResource, FreeLibrary, GetUserDefaultLangID, SetEvent, WaitForSingleObject, LoadLibraryA, GetCurrentThread, GetLastError, GetCurrentProcess, LocalAlloc, LocalFree, CloseHandle, InterlockedDecrement, LoadResource, LockResource, SizeofResource, InterlockedIncrement, SetEnvironmentVariableA, CreateFileA, GetConsoleOutputCP, WriteConsoleA, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, GetStringTypeA, GetDriveTypeA, GetCurrentDirectoryA, GetConsoleMode, GetConsoleCP, GetTimeZoneInformation, GetDateFormatA, GetTimeFormatA, LCMapStringA, GetOEMCP, GetACP, GetStartupInfoA, SetHandleCount, GetCommandLineA, GetStdHandle, VirtualQuery, GetSystemInfo, VirtualProtect, HeapSize, SetStdHandle, ExitThread, ExitProcess, GetFileType, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, RaiseException, RtlUnwind, GetFileTime, SetErrorMode, GlobalFlags, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, GetThreadLocale, FileTimeToLocalFileTime, FileTimeToSystemTime, SuspendThread, ResumeThread, SetThreadPriority, ConvertDefaultLocale, GetVersion, EnumResourceLanguagesW, lstrcmpA, GlobalDeleteAtom, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, MulDiv, VirtualAlloc, VirtualFree, ReadFile, GetLogicalDrives, WriteFile, DeviceIoControl, WriteFileEx, WaitForSingleObjectEx, ResetEvent, CancelIo, CreateThread, lstrlenA, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetProcessHeap, InterlockedCompareExchange, GetVersionExA, FreeEnvironmentStringsA, GetEnvironmentStrings, GetDiskFreeSpaceA, GlobalMemoryStatus, QueryPerformanceCounter, GetLocalTime, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, IsProcessorFeaturePresent
> ADVAPI32.dll: RegCreateKeyExA, RegQueryValueExA, RegSetValueExA, CheckTokenMembership, AllocateAndInitializeSid, FreeSid, RegCloseKey
> USER32.dll: DrawIcon, EnableMenuItem, SetMenuDefaultItem, GetSubMenu, GetSystemMenu, SetActiveWindow, GetCursorPos, GetParent, SetCursor, SetRect, SetWindowRgn, RedrawWindow, GetSysColorBrush, CopyRect, PtInRect, InflateRect, ScreenToClient, GetMessagePos, GetSysColor, IsWindow, MessageBeep, DestroyCursor, CopyIcon, GetMenuItemCount, GetMenuItemID, GetMenuState, EndDialog, GetNextDlgTabItem, IsWindowEnabled, GetDlgItem, DestroyWindow, GetActiveWindow, GetDesktopWindow, KillTimer, ClientToScreen, GetWindowDC, BeginPaint, EndPaint, GetWindow, GetWindowPlacement, SystemParametersInfoA, IntersectRect, OffsetRect, SetWindowPos, GetDlgCtrlID, EqualRect, GetMenu, UpdateWindow, IsWindowVisible, PostQuitMessage, SetTimer, GetKeyState, TrackPopupMenu, MapWindowPoints, GetMessageTime, GetTopWindow, GetForegroundWindow, SetFocus, GetFocus, CallNextHookEx, GetCapture, IsChild, SendDlgItemMessageA, CheckMenuItem, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, MoveWindow, ShowWindow, ValidateRect, TranslateMessage, MapDialogRect, SetWindowContextHelpId, DestroyMenu, WindowFromPoint, GetWindowThreadProcessId, SetCapture, ReleaseCapture, IsRectEmpty, InvalidateRgn, GetNextDlgGroupItem, UnregisterClassA, SetForegroundWindow, GetLastActivePopup, IsIconic, GetSystemMetrics, AdjustWindowRectEx, InvalidateRect, ReleaseDC, GetDC, GetClientRect, GetWindowRect, UnhookWindowsHookEx
> GDI32.dll: CreateRectRgn, CombineRgn, DeleteObject, GetPixel, SetTextAlign, GetStockObject, GetBitmapBits, GetClipBox, SetMapMode, MoveToEx, LineTo, SelectObject, SetBkColor, RestoreDC, SaveDC, GetRgnBox, GetTextColor, CreateRectRgnIndirect, DeleteDC, ExtSelectClipRgn, ScaleWindowExtEx, SetWindowExtEx, SetWindowOrgEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetBkMode, SetTextColor, CreateSolidBrush, CreatePen, CreateBitmap, CreateCompatibleBitmap, CreateCompatibleDC, GetDeviceCaps, GetBkColor, GetMapMode, GetViewportExtEx, GetWindowExtEx, DPtoLP, LPtoDP, BitBlt, PtVisible, RectVisible, Escape
> SHELL32.dll: SHGetMalloc, SHGetSpecialFolderLocation, SHAppBarMessage
> CFGMGR32.dll: CM_Get_Parent, CM_Get_Device_IDW
> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInterfaces, SetupDiGetClassDevsW, SetupDiGetDeviceInterfaceDetailW
> WININET.dll: InternetGetConnectedState, DeleteUrlCacheEntryW
> COMCTL32.dll: _TrackMouseEvent, -
> SHLWAPI.dll: PathFindExtensionW, PathFindFileNameW, PathStripToRootW, PathIsUNCW
> ole32.dll: GetRunningObjectTable, CoTaskMemFree, StringFromCLSID, CreateClassMoniker, CoUninitialize, CoFreeAllLibraries, CoFreeUnusedLibraries, CoInitializeEx, CoCreateInstance, CoTaskMemAlloc, CLSIDFromProgID, CLSIDFromString, CoGetClassObject, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, OleUninitialize, OleInitialize, CoRevokeClassObject, OleIsCurrentClipboard, OleFlushClipboard, CoRegisterMessageFilter
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -
> urlmon.dll: URLDownloadToFileW
> WINSPOOL.DRV: ClosePrinter

( 0 exports )
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: Philips
copyright....: Copyright (C) 2007. All right reserved.
product......: GoGear SA018 Device Manager
description..: Philips GoGear SA018 Device Manager
original name: GoGear_SA018_DeviceManager.exe
internal name: DeviceManager
file version.: 1.02
comments.....: n/a
signers......: Koninklijke Philips Electronics N.V.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 12:05 PM 6/5/2009
verified.....: -
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

OK, zanedlouho vám napíšu další instrukce

Tohle otestujte na http://www.virustotal.com/cs/

C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\CF8373.exe
c:\windows\system32\CF1841.exe
c:\windows\system32\CF1168.exe
c:\windows\system32\CF848.exe

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

RenV::
c:\program files\AVG\AVG8\avgtray .exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb04 .exe

File::
c:\windows\system32\38.tmp
c:\windows\system32\35.tmp
c:\windows\system32\34.tmp
c:\windows\system32\2E.tmp
c:\windows\system32\2B.tmp
c:\windows\system32\2A.tmp
c:\windows\system32\24.tmp
c:\windows\system32\22.tmp
c:\windows\system32\1F.tmp
c:\windows\system32\1E.tmp
c:\windows\system32\14.tmp
c:\windows\system32\12.tmp

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Tady jsou ty testy

Soubor svchost.exe přijatý 2010.02.01 21:02:47 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.01 -
AhnLab-V3 5.0.0.2 2010.02.01 -
AntiVir 7.9.1.156 2010.02.01 -
Antiy-AVL 2.0.3.7 2010.02.01 -
Authentium 5.2.0.5 2010.01.31 -
Avast 4.8.1351.0 2010.02.01 -
AVG 9.0.0.730 2010.02.01 -
BitDefender 7.2 2010.02.01 -
CAT-QuickHeal 10.00 2010.02.01 -
ClamAV 0.96.0.0-git 2010.02.01 -
Comodo 3785 2010.02.01 -
DrWeb 5.0.1.12222 2010.02.01 -
eSafe 7.0.17.0 2010.02.01 -
eTrust-Vet 35.2.7274 2010.02.01 -
F-Prot 4.5.1.85 2010.01.31 -
F-Secure 9.0.15370.0 2010.02.01 -
Fortinet 4.0.14.0 2010.02.01 -
GData 19 2010.02.01 -
Ikarus T3.1.1.80.0 2010.02.01 -
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.962 2010.02.01 -
Kaspersky 7.0.0.125 2010.02.01 -
McAfee 5879 2010.02.01 -
McAfee+Artemis 5879 2010.02.01 -
McAfee-GW-Edition 6.8.5 2010.02.01 -
Microsoft 1.5406 2010.02.01 -
NOD32 4824 2010.02.01 -
Norman 6.04.03 2010.02.01 -
nProtect 2009.1.8.0 2010.02.01 -
Panda 10.0.2.2 2010.02.01 -
PCTools 7.0.3.5 2010.02.01 -
Prevx 3.0 2010.02.01 -
Rising 22.33.00.04 2010.02.01 -
Sophos 4.50.0 2010.02.01 -
Sunbelt 3.2.1858.2 2010.01.31 -
Symantec 20091.2.0.41 2010.02.01 -
TheHacker 6.5.1.0.175 2010.02.01 -
TrendMicro 9.120.0.1004 2010.02.01 -
VBA32 3.12.12.1 2010.02.01 -
ViRobot 2010.2.1.2166 2010.02.01 -
VirusBuster 5.0.21.0 2010.02.01 -
Rozšiřující informace
File size: 14336 bytes
MD5...: be4a520e29b6391f49e79ccc52044d93
SHA1..: f87c6ea4a068ed7f515b20e5f5f22c0329403fad
SHA256: dd4fed011a9574094b0278e801686666441dfd3acd52e9f979cb85419dd04cf2
ssdeep: 384:SKvi+JmG6yqlCRaJt4RHS5LutGJae7g9VJnpWCNJbW:SocG6xlCRaJKGOA7S
HJ
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2509
timedatestamp.....: 0x48025bc0 (Sun Apr 13 19:15:12 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2c00 0x2c00 6.29 3fc505520ad9ee2f32bb888c6943d471
.data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2
.rsrc 0x5000 0x408 0x600 2.51 dcede0c303bbb48c6875eb64477e5882

( 4 imports )
> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW
> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook
> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid
> RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Generic Host Process for Win32 Services
original name: svchost.exe
internal name: svchost.exe
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Soubor explorer.exe přijatý 2010.02.01 21:06:18 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 40 a 57 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.01 -
AhnLab-V3 5.0.0.2 2010.02.01 -
AntiVir 7.9.1.156 2010.02.01 -
Antiy-AVL 2.0.3.7 2010.02.01 -
Authentium 5.2.0.5 2010.01.31 -
Avast 4.8.1351.0 2010.02.01 -
AVG 9.0.0.730 2010.02.01 -
BitDefender 7.2 2010.02.01 -
CAT-QuickHeal 10.00 2010.02.01 -
ClamAV 0.96.0.0-git 2010.02.01 -
Comodo 3785 2010.02.01 -
DrWeb 5.0.1.12222 2010.02.01 -
eSafe 7.0.17.0 2010.02.01 -
eTrust-Vet 35.2.7274 2010.02.01 -
F-Prot 4.5.1.85 2010.01.31 -
F-Secure 9.0.15370.0 2010.02.01 -
Fortinet 4.0.14.0 2010.02.01 -
GData 19 2010.02.01 -
Ikarus T3.1.1.80.0 2010.02.01 -
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.962 2010.02.01 -
Kaspersky 7.0.0.125 2010.02.01 -
McAfee 5879 2010.02.01 -
McAfee+Artemis 5879 2010.02.01 -
McAfee-GW-Edition 6.8.5 2010.02.01 -
Microsoft 1.5406 2010.02.01 -
NOD32 4824 2010.02.01 -
Norman 6.04.03 2010.02.01 -
nProtect 2009.1.8.0 2010.02.01 -
Panda 10.0.2.2 2010.02.01 -
PCTools 7.0.3.5 2010.02.01 -
Prevx 3.0 2010.02.01 -
Rising 22.33.00.04 2010.02.01 -
Sophos 4.50.0 2010.02.01 -
Sunbelt 3.2.1858.2 2010.01.31 -
Symantec 20091.2.0.41 2010.02.01 -
TheHacker 6.5.1.0.175 2010.02.01 -
TrendMicro 9.120.0.1004 2010.02.01 -
VBA32 3.12.12.1 2010.02.01 -
ViRobot 2010.2.1.2166 2010.02.01 -
VirusBuster 5.0.21.0 2010.02.01 -
Rozšiřující informace
File size: 1034240 bytes
MD5...: 27afd587c462e280ee046b8cca3c2cd1
SHA1..: 59180eef4bf949f99db4d91171f140fa6a21e5e0
SHA256: 096ce5536bfb81c3982c464485e536e727edc7c31c8e67cef06644845f20126d
ssdeep: 12288:tHmcoCUyZtwAvAs4wTCyrPTFNm0VezaQG5oJpaz/g/J/v5qS:Jmfty/wAv
N7lrDm0Ve7Gmaz/g/J/xq
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1a55f
timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44c09 0x44e00 6.38 26445bd0519c4e1bec1430a53c1c1f78
.data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359
.rsrc 0x48000 0xb2410 0xb2600 6.63 4955f4479dac601695e1af555183c83c
.reloc 0xfb000 0x374c 0x3800 6.78 ec335057489badbf6d8142b57175fd91

( 13 imports )
> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> BROWSEUI.dll: -, -, -, -
> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> OLEAUT32.dll: -, -
> SHDOCVW.dll: -, -, -
> SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -
> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Microsoft(R) Windows (R) 2000 Operating System
description..: Pr_zkumn_k Windows
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Soubor CF8373.exe přijatý 2010.02.01 21:08:33 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.01 -
AhnLab-V3 5.0.0.2 2010.02.01 -
AntiVir 7.9.1.156 2010.02.01 -
Antiy-AVL 2.0.3.7 2010.02.01 -
Authentium 5.2.0.5 2010.01.31 -
Avast 4.8.1351.0 2010.02.01 -
AVG 9.0.0.730 2010.02.01 -
BitDefender 7.2 2010.02.01 -
CAT-QuickHeal 10.00 2010.02.01 -
ClamAV 0.96.0.0-git 2010.02.01 -
Comodo 3785 2010.02.01 -
DrWeb 5.0.1.12222 2010.02.01 -
eSafe 7.0.17.0 2010.02.01 -
eTrust-Vet 35.2.7274 2010.02.01 -
F-Prot 4.5.1.85 2010.01.31 -
F-Secure 9.0.15370.0 2010.02.01 -
Fortinet 4.0.14.0 2010.02.01 -
GData 19 2010.02.01 -
Ikarus T3.1.1.80.0 2010.02.01 -
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.962 2010.02.01 -
Kaspersky 7.0.0.125 2010.02.01 -
McAfee 5879 2010.02.01 -
McAfee+Artemis 5879 2010.02.01 -
McAfee-GW-Edition 6.8.5 2010.02.01 -
Microsoft 1.5406 2010.02.01 -
NOD32 4824 2010.02.01 -
Norman 6.04.03 2010.02.01 -
nProtect 2009.1.8.0 2010.02.01 -
Panda 10.0.2.2 2010.02.01 -
PCTools 7.0.3.5 2010.02.01 -
Prevx 3.0 2010.02.01 -
Rising 22.33.00.04 2010.02.01 -
Sophos 4.50.0 2010.02.01 -
Sunbelt 3.2.1858.2 2010.01.31 -
Symantec 20091.2.0.41 2010.02.01 -
TheHacker 6.5.1.0.175 2010.02.01 -
TrendMicro 9.120.0.1004 2010.02.01 -
VBA32 3.12.12.1 2010.02.01 -
ViRobot 2010.2.1.2166 2010.02.01 -
VirusBuster 5.0.21.0 2010.02.01 -
Rozšiřující informace
File size: 390144 bytes
MD5...: 978da022dbb8d9f9886ab241f678eb4a
SHA1..: ce4229802be5acdcee86bb3c6e5a9911a05ef5d0
SHA256: 4274147cd58e1c38f97798affc4a19cf3f7c87c1061b72f1d0d49513ba6a93a0
ssdeep: 3072:shRx1S315oF8opcnD1hOOrWGzN2lcR2u8JnxILU+xf5AtKQpwA5NGtlknPs
EadAg:KkF5oXpcFb5DRsNxILUnc
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5046
timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f620 0x1f800 6.58 9619dc6ed37efc96e83bedb5964cce82
.data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336
.rsrc 0x3e000 0x22d28 0x22e00 4.08 5e5dae17c37ad8a8ffc28fbf6065bbae

( 3 imports )
> KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime
> msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper
> USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation

( 0 exports )
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Opera_n_ syst_m Microsoft_ Windows_
description..: P__kazov_ __dek syst_mu Windows
original name: Cmd.Exe
internal name: cmd
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)

Soubor CF1841.exe přijatý 2010.02.01 21:13:37 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.01 -
AhnLab-V3 5.0.0.2 2010.02.01 -
AntiVir 7.9.1.156 2010.02.01 -
Antiy-AVL 2.0.3.7 2010.02.01 -
Authentium 5.2.0.5 2010.01.31 -
Avast 4.8.1351.0 2010.02.01 -
AVG 9.0.0.730 2010.02.01 -
BitDefender 7.2 2010.02.01 -
CAT-QuickHeal 10.00 2010.02.01 -
ClamAV 0.96.0.0-git 2010.02.01 -
Comodo 3785 2010.02.01 -
DrWeb 5.0.1.12222 2010.02.01 -
eSafe 7.0.17.0 2010.02.01 -
eTrust-Vet 35.2.7274 2010.02.01 -
F-Prot 4.5.1.85 2010.01.31 -
F-Secure 9.0.15370.0 2010.02.01 -
Fortinet 4.0.14.0 2010.02.01 -
GData 19 2010.02.01 -
Ikarus T3.1.1.80.0 2010.02.01 -
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.962 2010.02.01 -
Kaspersky 7.0.0.125 2010.02.01 -
McAfee 5879 2010.02.01 -
McAfee+Artemis 5879 2010.02.01 -
McAfee-GW-Edition 6.8.5 2010.02.01 -
Microsoft 1.5406 2010.02.01 -
NOD32 4824 2010.02.01 -
Norman 6.04.03 2010.02.01 -
nProtect 2009.1.8.0 2010.02.01 -
Panda 10.0.2.2 2010.02.01 -
PCTools 7.0.3.5 2010.02.01 -
Prevx 3.0 2010.02.01 -
Rising 22.33.00.04 2010.02.01 -
Sophos 4.50.0 2010.02.01 -
Sunbelt 3.2.1858.2 2010.01.31 -
Symantec 20091.2.0.41 2010.02.01 -
TheHacker 6.5.1.0.175 2010.02.01 -
TrendMicro 9.120.0.1004 2010.02.01 -
VBA32 3.12.12.1 2010.02.01 -
ViRobot 2010.2.1.2166 2010.02.01 -
VirusBuster 5.0.21.0 2010.02.01 -
Rozšiřující informace
File size: 390144 bytes
MD5...: 978da022dbb8d9f9886ab241f678eb4a
SHA1..: ce4229802be5acdcee86bb3c6e5a9911a05ef5d0
SHA256: 4274147cd58e1c38f97798affc4a19cf3f7c87c1061b72f1d0d49513ba6a93a0
ssdeep: 3072:shRx1S315oF8opcnD1hOOrWGzN2lcR2u8JnxILU+xf5AtKQpwA5NGtlknPs
EadAg:KkF5oXpcFb5DRsNxILUnc
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5046
timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f620 0x1f800 6.58 9619dc6ed37efc96e83bedb5964cce82
.data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336
.rsrc 0x3e000 0x22d28 0x22e00 4.08 5e5dae17c37ad8a8ffc28fbf6065bbae

( 3 imports )
> KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime
> msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper
> USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Opera_n_ syst_m Microsoft_ Windows_
description..: P__kazov_ __dek syst_mu Windows
original name: Cmd.Exe
internal name: cmd
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Soubor CF1168.exe přijatý 2010.02.01 21:15:58 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.01 -
AhnLab-V3 5.0.0.2 2010.02.01 -
AntiVir 7.9.1.156 2010.02.01 -
Antiy-AVL 2.0.3.7 2010.02.01 -
Authentium 5.2.0.5 2010.01.31 -
Avast 4.8.1351.0 2010.02.01 -
AVG 9.0.0.730 2010.02.01 -
BitDefender 7.2 2010.02.01 -
CAT-QuickHeal 10.00 2010.02.01 -
ClamAV 0.96.0.0-git 2010.02.01 -
Comodo 3785 2010.02.01 -
DrWeb 5.0.1.12222 2010.02.01 -
eSafe 7.0.17.0 2010.02.01 -
eTrust-Vet 35.2.7274 2010.02.01 -
F-Prot 4.5.1.85 2010.01.31 -
F-Secure 9.0.15370.0 2010.02.01 -
Fortinet 4.0.14.0 2010.02.01 -
GData 19 2010.02.01 -
Ikarus T3.1.1.80.0 2010.02.01 -
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.962 2010.02.01 -
Kaspersky 7.0.0.125 2010.02.01 -
McAfee 5879 2010.02.01 -
McAfee+Artemis 5879 2010.02.01 -
McAfee-GW-Edition 6.8.5 2010.02.01 -
Microsoft 1.5406 2010.02.01 -
NOD32 4824 2010.02.01 -
Norman 6.04.03 2010.02.01 -
nProtect 2009.1.8.0 2010.02.01 -
Panda 10.0.2.2 2010.02.01 -
PCTools 7.0.3.5 2010.02.01 -
Prevx 3.0 2010.02.01 -
Rising 22.33.00.04 2010.02.01 -
Sophos 4.50.0 2010.02.01 -
Sunbelt 3.2.1858.2 2010.01.31 -
Symantec 20091.2.0.41 2010.02.01 -
TheHacker 6.5.1.0.175 2010.02.01 -
TrendMicro 9.120.0.1004 2010.02.01 -
VBA32 3.12.12.1 2010.02.01 -
ViRobot 2010.2.1.2166 2010.02.01 -
VirusBuster 5.0.21.0 2010.02.01 -
Rozšiřující informace
File size: 390144 bytes
MD5...: 978da022dbb8d9f9886ab241f678eb4a
SHA1..: ce4229802be5acdcee86bb3c6e5a9911a05ef5d0
SHA256: 4274147cd58e1c38f97798affc4a19cf3f7c87c1061b72f1d0d49513ba6a93a0
ssdeep: 3072:shRx1S315oF8opcnD1hOOrWGzN2lcR2u8JnxILU+xf5AtKQpwA5NGtlknPs
EadAg:KkF5oXpcFb5DRsNxILUnc
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5046
timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f620 0x1f800 6.58 9619dc6ed37efc96e83bedb5964cce82
.data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336
.rsrc 0x3e000 0x22d28 0x22e00 4.08 5e5dae17c37ad8a8ffc28fbf6065bbae

( 3 imports )
> KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime
> msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper
> USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Opera_n_ syst_m Microsoft_ Windows_
description..: P__kazov_ __dek syst_mu Windows
original name: Cmd.Exe
internal name: cmd
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)

Soubor CF848.exe přijatý 2010.02.01 21:18:54 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.01 -
AhnLab-V3 5.0.0.2 2010.02.01 -
AntiVir 7.9.1.156 2010.02.01 -
Antiy-AVL 2.0.3.7 2010.02.01 -
Authentium 5.2.0.5 2010.01.31 -
Avast 4.8.1351.0 2010.02.01 -
AVG 9.0.0.730 2010.02.01 -
BitDefender 7.2 2010.02.01 -
CAT-QuickHeal 10.00 2010.02.01 -
ClamAV 0.96.0.0-git 2010.02.01 -
Comodo 3785 2010.02.01 -
DrWeb 5.0.1.12222 2010.02.01 -
eSafe 7.0.17.0 2010.02.01 -
eTrust-Vet 35.2.7274 2010.02.01 -
F-Prot 4.5.1.85 2010.01.31 -
F-Secure 9.0.15370.0 2010.02.01 -
Fortinet 4.0.14.0 2010.02.01 -
GData 19 2010.02.01 -
Ikarus T3.1.1.80.0 2010.02.01 -
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.962 2010.02.01 -
Kaspersky 7.0.0.125 2010.02.01 -
McAfee 5879 2010.02.01 -
McAfee+Artemis 5879 2010.02.01 -
McAfee-GW-Edition 6.8.5 2010.02.01 -
Microsoft 1.5406 2010.02.01 -
NOD32 4824 2010.02.01 -
Norman 6.04.03 2010.02.01 -
nProtect 2009.1.8.0 2010.02.01 -
Panda 10.0.2.2 2010.02.01 -
PCTools 7.0.3.5 2010.02.01 -
Prevx 3.0 2010.02.01 -
Rising 22.33.00.04 2010.02.01 -
Sophos 4.50.0 2010.02.01 -
Sunbelt 3.2.1858.2 2010.01.31 -
Symantec 20091.2.0.41 2010.02.01 -
TheHacker 6.5.1.0.175 2010.02.01 -
TrendMicro 9.120.0.1004 2010.02.01 -
VBA32 3.12.12.1 2010.02.01 -
ViRobot 2010.2.1.2166 2010.02.01 -
VirusBuster 5.0.21.0 2010.02.01 -
Rozšiřující informace
File size: 390144 bytes
MD5...: 978da022dbb8d9f9886ab241f678eb4a
SHA1..: ce4229802be5acdcee86bb3c6e5a9911a05ef5d0
SHA256: 4274147cd58e1c38f97798affc4a19cf3f7c87c1061b72f1d0d49513ba6a93a0
ssdeep: 3072:shRx1S315oF8opcnD1hOOrWGzN2lcR2u8JnxILU+xf5AtKQpwA5NGtlknPs
EadAg:KkF5oXpcFb5DRsNxILUnc
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5046
timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f620 0x1f800 6.58 9619dc6ed37efc96e83bedb5964cce82
.data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336
.rsrc 0x3e000 0x22d28 0x22e00 4.08 5e5dae17c37ad8a8ffc28fbf6065bbae

( 3 imports )
> KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime
> msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper
> USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Opera_n_ syst_m Microsoft_ Windows_
description..: P__kazov_ __dek syst_mu Windows
original name: Cmd.Exe
internal name: cmd
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

OK, ještě ten log z ComboFix po aplikaci skriptu.

Dobrý den, včera jsem už nebyl na PC tak ten log posílám dnes:

ComboFix 10-02-01.01 - uživatel 2010-02-02 11:01:07.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.938 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uživatel\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\12.tmp"
"c:\windows\system32\14.tmp"
"c:\windows\system32\1E.tmp"
"c:\windows\system32\1F.tmp"
"c:\windows\system32\22.tmp"
"c:\windows\system32\24.tmp"
"c:\windows\system32\2A.tmp"
"c:\windows\system32\2B.tmp"
"c:\windows\system32\2E.tmp"
"c:\windows\system32\34.tmp"
"c:\windows\system32\35.tmp"
"c:\windows\system32\38.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Možné infikované stránky -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-02 do 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-02-01 19:28 . 2010-02-01 19:27 390144 ----a-w- c:\windows\system32\CF1841.exe
2010-02-01 19:25 . 2010-02-01 19:24 390144 ----a-w- c:\windows\system32\CF1168.exe
2010-02-01 19:23 . 2010-02-01 19:22 390144 ----a-w- c:\windows\system32\CF848.exe
2010-02-01 19:11 . 2010-02-01 19:11 -------- d-----w- c:\program files\CCleaner
2010-01-30 11:02 . 2010-01-30 11:02 -------- d-----w- c:\program files\Microsoft.NET
2010-01-30 11:02 . 2010-01-30 11:02 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2010-01-30 11:00 . 2010-01-30 11:00 -------- d-----w- c:\windows\system32\URTTEMP
2010-01-30 10:43 . 2010-01-30 10:43 -------- d-----w- c:\program files\Borland
2010-01-22 16:17 . 2010-01-22 16:17 50428 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-13 13:13 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 13:13 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-13 13:13 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-12 17:26 . 2010-01-12 17:26 -------- d-----w- c:\program files\Common Files\Quest Shared
2010-01-12 17:26 . 2010-01-12 17:26 -------- d-----w- c:\program files\Quest Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 20:03 . 2004-08-18 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2010-02-01 20:03 . 2004-08-18 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2010-02-01 19:34 . 2009-09-14 19:30 -------- d-----w- c:\program files\ICQ6.5
2010-02-01 12:43 . 2009-12-31 14:10 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-01 12:42 . 2009-12-31 14:10 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-30 16:50 . 2009-11-15 21:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-30 10:14 . 2009-12-23 10:47 -------- d-----w- c:\program files\Steinberg
2009-12-31 14:09 . 2009-12-31 14:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-31 13:09 . 2009-09-12 13:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 12:57 . 2009-12-31 12:57 -------- d-----w- c:\program files\GamePark
2009-12-30 19:11 . 2009-12-10 12:14 -------- d-----w- c:\program files\Activision
2009-12-30 19:08 . 2009-09-12 13:04 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-25 17:48 . 2009-12-25 17:43 -------- d-----w- c:\program files\DivX
2009-12-25 17:48 . 2009-12-25 17:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-25 17:40 . 2009-12-25 17:39 -------- d-----w- c:\program files\LG Electronics
2009-12-24 18:13 . 2009-11-09 16:53 -------- d-----w- c:\program files\EA SPORTS
2009-12-24 18:10 . 2009-12-24 18:10 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-23 10:46 . 2009-12-23 10:45 -------- d-----w- c:\program files\Syncrosoft
2009-12-22 05:09 . 2004-08-18 12:00 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-19 09:09 . 2009-12-13 13:47 -------- d-----w- c:\program files\Common Files\Real
2009-12-19 08:28 . 2009-12-19 08:28 390144 ----a-w- c:\windows\system32\CF8373.exe
2009-12-18 15:33 . 2009-12-18 15:33 -------- d-----w- c:\program files\Webteh
2009-12-13 17:02 . 2009-12-13 17:02 -------- d-----w- c:\program files\Norton Security Scan
2009-12-13 13:47 . 2009-09-12 13:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-13 13:47 . 2009-09-12 13:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-13 13:47 . 2009-12-13 13:47 -------- d-----w- c:\program files\Real
2009-12-13 13:47 . 2009-12-13 13:46 -------- d-----w- c:\program files\Google
2009-12-11 22:54 . 2009-12-11 22:54 -------- d-----w- c:\program files\MSBuild
2009-12-11 22:54 . 2009-12-11 22:54 -------- d-----w- c:\program files\Reference Assemblies
2009-12-10 17:50 . 2009-12-10 17:50 -------- d-----w- c:\program files\UNIO_systems
2009-12-06 13:19 . 2009-12-06 12:48 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-06 12:59 . 2009-12-05 14:10 -------- d-----w- c:\program files\AudioTranscoder
2009-12-06 12:48 . 2009-12-06 12:48 -------- d-----w- c:\program files\NCH Software
2009-11-25 15:40 . 2009-11-25 15:40 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 10:20 . 2009-11-09 16:44 514 ----a-w- c:\windows\eReg.dat
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-13 18:03 . 2009-09-12 12:53 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-08 10:04 . 2009-09-12 13:00 16608 ----a-w- c:\windows\gdrv.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-02-01_21.30.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-02 06:58 . 2010-02-02 06:58 16384 c:\windows\Temp\Perflib_Perfdata_75c.dat
+ 2010-02-02 07:54 . 2010-02-02 07:54 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2010-02-02 07:52 . 2010-02-02 07:52 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2010-02-02 07:54 . 2010-02-02 07:54 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2010-02-02 07:53 . 2010-02-02 07:53 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2010-02-02 07:53 . 2010-02-02 07:53 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2010-02-02 07:53 . 2010-02-02 07:53 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2010-02-02 07:53 . 2010-02-02 07:53 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2010-02-02 07:54 . 2010-02-02 07:54 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2010-02-02 07:53 . 2010-02-02 07:53 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Philips GoGear SA018 Device Manager.lnk - c:\program files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe [2009-12-2 1615232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-12 13:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\uživatel\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-09-12 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-09-12 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-12 297752]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-12-23 33792]
S1 tdisp.sys;tdisp.sys;\??\c:\windows\system32\tdisp.sys --> c:\windows\system32\tdisp.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-09-12 908056]
S2 gupdate1ca7bfab81c2c58;Služba Google Update (gupdate1ca7bfab81c2c58);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-10-02 16512]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSvc
.
Obsah adresáře 'Naplánované úlohy'

2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 13:46]

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 13:46]

2010-02-01 c:\windows\Tasks\Norton Security Scan for uživatel.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-13 15:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://join.clonecashsystem.com/track/NjU1ODMuMjYuMzEuMzUuMC4wLjAuMC4w
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=GRfox000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 11:05
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-220523388-879983540-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:73,7c,d3,48,f1,ed,5b,0c,4f,40,d8,9a,6c,f1,8b,b1,43,4a,99,6f,63,
72,82,b3,58,b8,c6,66,57,32,2c,9d,e9,bd,ca,7e,92,fc,55,6b,97,d6,40,75,a1,22,\
"rkeysecu"=hex:db,26,b2,f4,e8,8e,06,93,81,ac,3b,8b,15,bb,ed,17
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-02-02 11:06:24
ComboFix-quarantined-files.txt 2010-02-02 10:06
ComboFix2.txt 2010-02-01 21:31
ComboFix3.txt 2010-02-01 19:41
ComboFix4.txt 2009-11-14 10:18

Před spuštěním: Volných bajtů: 107,661,029,376
Po spuštění: Volných bajtů: 108,642,353,152

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - DEEDCB9D9691E7CAC3A954BB78BC8C4B

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

NetSvc::
BtwSvc

Driver::
tdisp.sys

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Omlouvám se za opoždění. Tady posílám log

ComboFix 10-02-01.01 - uživatel 2010-02-03 11:18:13.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.1445 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uživatel\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Možné infikované stránky -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_tdisp.sys

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-03 do 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-02-02 16:33 . 2010-02-02 18:19 -------- d-----w- c:\program files\Common Files\Borland Shared
2010-02-01 19:28 . 2010-02-01 19:27 390144 ----a-w- c:\windows\system32\CF1841.exe
2010-02-01 19:25 . 2010-02-01 19:24 390144 ----a-w- c:\windows\system32\CF1168.exe
2010-02-01 19:23 . 2010-02-01 19:22 390144 ----a-w- c:\windows\system32\CF848.exe
2010-02-01 19:11 . 2010-02-01 19:11 -------- d-----w- c:\program files\CCleaner
2010-01-30 11:02 . 2010-01-30 11:02 -------- d-----w- c:\program files\Microsoft.NET
2010-01-30 11:02 . 2010-01-30 11:02 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2010-01-30 11:00 . 2010-01-30 11:00 -------- d-----w- c:\windows\system32\URTTEMP
2010-01-30 10:43 . 2010-02-02 17:58 -------- d-----w- c:\program files\Borland
2010-01-22 16:17 . 2010-01-22 16:17 50428 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-13 13:13 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 13:13 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-13 13:13 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-12 17:26 . 2010-01-12 17:26 -------- d-----w- c:\program files\Common Files\Quest Shared
2010-01-12 17:26 . 2010-01-12 17:26 -------- d-----w- c:\program files\Quest Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 16:50 . 2009-11-15 21:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-01 20:03 . 2004-08-18 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2010-02-01 20:03 . 2004-08-18 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2010-02-01 19:34 . 2009-09-14 19:30 -------- d-----w- c:\program files\ICQ6.5
2010-02-01 12:43 . 2009-12-31 14:10 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-01 12:42 . 2009-12-31 14:10 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-30 10:14 . 2009-12-23 10:47 -------- d-----w- c:\program files\Steinberg
2009-12-31 14:09 . 2009-12-31 14:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-31 13:09 . 2009-09-12 13:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 12:57 . 2009-12-31 12:57 -------- d-----w- c:\program files\GamePark
2009-12-30 19:11 . 2009-12-10 12:14 -------- d-----w- c:\program files\Activision
2009-12-30 19:08 . 2009-09-12 13:04 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-25 17:48 . 2009-12-25 17:43 -------- d-----w- c:\program files\DivX
2009-12-25 17:48 . 2009-12-25 17:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-25 17:40 . 2009-12-25 17:39 -------- d-----w- c:\program files\LG Electronics
2009-12-24 18:13 . 2009-11-09 16:53 -------- d-----w- c:\program files\EA SPORTS
2009-12-24 18:10 . 2009-12-24 18:10 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-23 10:46 . 2009-12-23 10:45 -------- d-----w- c:\program files\Syncrosoft
2009-12-22 05:09 . 2004-08-18 12:00 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-19 09:09 . 2009-12-13 13:47 -------- d-----w- c:\program files\Common Files\Real
2009-12-19 08:28 . 2009-12-19 08:28 390144 ----a-w- c:\windows\system32\CF8373.exe
2009-12-18 15:33 . 2009-12-18 15:33 -------- d-----w- c:\program files\Webteh
2009-12-13 17:02 . 2009-12-13 17:02 -------- d-----w- c:\program files\Norton Security Scan
2009-12-13 13:47 . 2009-09-12 13:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-13 13:47 . 2009-09-12 13:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-13 13:47 . 2009-12-13 13:47 -------- d-----w- c:\program files\Real
2009-12-13 13:47 . 2009-12-13 13:46 -------- d-----w- c:\program files\Google
2009-12-11 22:54 . 2009-12-11 22:54 -------- d-----w- c:\program files\MSBuild
2009-12-11 22:54 . 2009-12-11 22:54 -------- d-----w- c:\program files\Reference Assemblies
2009-12-10 17:50 . 2009-12-10 17:50 -------- d-----w- c:\program files\UNIO_systems
2009-12-06 13:19 . 2009-12-06 12:48 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-06 12:59 . 2009-12-05 14:10 -------- d-----w- c:\program files\AudioTranscoder
2009-12-06 12:48 . 2009-12-06 12:48 -------- d-----w- c:\program files\NCH Software
2009-11-25 15:40 . 2009-11-25 15:40 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 10:20 . 2009-11-09 16:44 514 ----a-w- c:\windows\eReg.dat
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-13 18:03 . 2009-09-12 12:53 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-08 10:04 . 2009-09-12 13:00 16608 ----a-w- c:\windows\gdrv.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-02-02_10.05.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-03 10:23 . 2010-02-03 10:23 16384 c:\windows\Temp\Perflib_Perfdata_758.dat
+ 2003-10-07 00:14 . 2003-10-07 00:14 62464 c:\windows\system32\vspell32.dll
+ 2010-02-02 18:20 . 2010-02-02 18:20 4710 c:\windows\Installer\{2864C41B-EF2D-4640-95A2-526276524519}\BCB.exe
+ 2003-10-07 00:14 . 2003-10-07 00:14 131584 c:\windows\system32\wsiwin32.dll
+ 2003-10-07 00:14 . 2003-10-07 00:14 375296 c:\windows\system32\wsihk32.dll
+ 2003-10-07 00:14 . 2003-10-07 00:14 566784 c:\windows\system32\vcfiwz32.dll
+ 2003-10-07 00:14 . 2003-10-07 00:14 527360 c:\windows\system32\stdvcl40.dll
+ 2003-10-07 00:14 . 2003-10-07 00:14 345536 c:\windows\system32\stdvcl32.dll
+ 2003-10-07 00:14 . 2003-10-07 00:14 640512 c:\windows\system32\oc30.dll
+ 2003-10-07 00:14 . 2003-10-07 00:14 293888 c:\windows\system32\midas.dll
+ 2003-10-07 00:14 . 2003-10-07 00:14 149504 c:\windows\system32\mfcans32.dll
+ 2003-10-07 00:14 . 2003-10-07 00:14 943616 c:\windows\system32\dfolder.dll
+ 2003-10-07 00:14 . 2003-10-07 00:14 210032 c:\windows\system32\dbclient.dll
+ 2003-10-07 00:14 . 2003-10-07 00:14 1115136 c:\windows\system32\vcfidl32.dll
+ 2003-10-07 00:14 . 2003-10-07 00:14 4163072 c:\windows\system32\qtintf.dll
+ 2010-02-02 18:19 . 2010-02-02 18:19 5958656 c:\windows\Installer\455a30.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Philips GoGear SA018 Device Manager.lnk - c:\program files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe [2009-12-2 1615232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-12 13:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\uživatel\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-09-12 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-09-12 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-12 297752]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-12-23 33792]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-09-12 908056]
S2 gupdate1ca7bfab81c2c58;Služba Google Update (gupdate1ca7bfab81c2c58);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-10-02 16512]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 13:46]

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 13:46]

2010-02-02 c:\windows\Tasks\Norton Security Scan for uživatel.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-13 15:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://join.clonecashsystem.com/track/NjU1ODMuMjYuMzEuMzUuMC4wLjAuMC4w
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=GRfox000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 11:23
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-220523388-879983540-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:73,7c,d3,48,f1,ed,5b,0c,4f,40,d8,9a,6c,f1,8b,b1,43,4a,99,6f,63,
72,82,b3,58,b8,c6,66,57,32,2c,9d,e9,bd,ca,7e,92,fc,55,6b,97,d6,40,75,a1,22,\
"rkeysecu"=hex:db,26,b2,f4,e8,8e,06,93,81,ac,3b,8b,15,bb,ed,17
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2010-02-03 11:26:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-03 10:26
ComboFix2.txt 2010-02-02 10:06
ComboFix3.txt 2010-02-01 21:31
ComboFix4.txt 2010-02-01 19:41
ComboFix5.txt 2010-02-03 10:17

Před spuštěním: Volných bajtů: 104,388,104,192
Po spuštění: Volných bajtů: 104,359,460,864

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C4F0FE7B24DD088F2A2F94BF5BF299CE

VIRY.CZ

zpomalení internetu - prosím o kontrolu logu

zpomalení internetu - prosím o kontrolu logu

Re: zpomalení internetu - prosím o kontrolu logu

Re: zpomalení internetu - prosím o kontrolu logu

Re: zpomalení internetu - prosím o kontrolu logu

Re: zpomalení internetu - prosím o kontrolu logu

Re: zpomalení internetu - prosím o kontrolu logu

Re: zpomalení internetu - prosím o kontrolu logu

Re: zpomalení internetu - prosím o kontrolu logu

Re: zpomalení internetu - prosím o kontrolu logu

Re: zpomalení internetu - prosím o kontrolu logu

Re: zpomalení internetu - prosím o kontrolu logu

Re: zpomalení internetu - prosím o kontrolu logu

Re: zpomalení internetu - prosím o kontrolu logu

Re: zpomalení internetu - prosím o kontrolu logu

Re: zpomalení internetu - prosím o kontrolu logu