Prosím o kontrolu logu, díky

[Louba]

Log je dlouhý, dal jsem jej do přílohy.

log.rar

(12.27 KiB) Staženo 98 x

[Caroprd111]

Zdravím

Na logu se pracuje, prosím o strpení.

[Caroprd111]

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

[Louba]

ComboFix jsem stáhl. Když mám před skenem vypnout antivir a firewall, měl bych se odpojit od netu, že?

[Caroprd111]

Ne, ComboFix bude stahovat konzolu pro zotavení.

[Louba]

ComboFix 10-03-03.07 - Lubomír 04.03.2010 16:13:51.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2503 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lubomír\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100304-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {F61A549E-9C8A-4859-8BFE-2A4A018BBA4A}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-04 do 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-04 14:47 . 2003-09-24 08:44 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2010-03-04 14:47 . 2003-09-24 08:43 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2010-03-04 14:47 . 2003-09-24 08:43 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2010-03-04 14:47 . 2003-09-24 08:43 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2010-03-04 07:25 . 2010-03-04 08:01 -------- d-----w- c:\program files\trend micro
2010-03-04 07:25 . 2010-03-04 09:55 -------- d-----w- C:\rsit
2010-03-04 07:02 . 2010-03-04 07:02 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-03-04 06:58 . 2010-03-04 06:58 -------- d-----w- c:\program files\HP
2010-03-04 06:47 . 1998-10-09 17:04 327168 ----a-w- c:\windows\IsUn0405.exe
2010-03-04 06:46 . 2010-03-04 07:02 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-04 06:22 . 2010-03-04 06:22 -------- d-----w- c:\program files\MSI
2010-03-04 04:41 . 2010-03-04 04:47 -------- d-----w- c:\program files\DVDFabPortable
2010-03-03 19:45 . 2010-03-03 19:46 -------- d-----w- c:\program files\CCleaner
2010-03-03 05:24 . 2010-03-03 05:24 -------- d-----w- C:\a1bfd52d04444c334daf
2010-03-03 05:24 . 2010-03-03 05:28 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-02 06:34 . 2010-03-02 06:35 -------- d-----w- c:\program files\Common Files\Ahead
2010-03-02 06:34 . 2010-03-02 06:34 -------- d-----w- c:\program files\Nero
2010-03-02 06:22 . 2010-03-02 06:22 -------- d-----w- c:\windows\system32\oodag
2010-03-02 05:27 . 2010-03-03 05:25 -------- d-----w- c:\windows\system32\XPSViewer
2010-03-02 05:27 . 2010-03-02 05:27 -------- d-----w- c:\program files\Reference Assemblies
2010-03-02 05:27 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-03-02 05:26 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-03-02 05:21 . 2010-03-02 05:21 -------- d-----w- c:\windows\Sun
2010-03-02 05:04 . 2010-03-02 05:04 -------- d-----w- c:\program files\Torrent Harvester
2010-03-02 03:55 . 2010-03-02 03:55 -------- d-----w- c:\program files\MSXML 4.0
2010-03-01 19:40 . 2010-03-01 19:40 -------- d-----w- c:\program files\Common Files\Java
2010-03-01 19:39 . 2010-03-01 19:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-01 19:39 . 2010-03-01 19:39 -------- d-----w- c:\program files\Java
2010-03-01 16:59 . 2010-03-01 16:59 -------- d--h--w- c:\windows\PIF
2010-03-01 12:29 . 2010-03-02 04:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-01 12:29 . 2010-03-01 12:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-01 12:15 . 2010-03-01 12:16 -------- d-----w- c:\program files\Quintessential Player
2010-03-01 11:55 . 2010-03-01 15:54 -------- d-----w- c:\program files\uTorrent
2010-03-01 10:07 . 2010-03-01 10:07 -------- d-----w- c:\program files\Seznam
2010-03-01 06:49 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-01 06:41 . 2010-03-01 06:41 -------- d-----w- c:\program files\OO Software
2010-03-01 06:11 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-01 06:11 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-03-01 06:11 . 2010-03-02 04:15 -------- d-----w- c:\program files\Microsoft Works
2010-03-01 06:11 . 2010-03-01 06:11 -------- d-----w- c:\program files\MSBuild
2010-03-01 06:08 . 2010-03-01 06:08 -------- d-----w- c:\windows\SHELLNEW
2010-03-01 06:08 . 2010-03-01 06:08 -------- d-----r- C:\MSOCache
2010-03-01 06:03 . 2008-04-14 03:22 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-03-01 06:03 . 2008-04-14 03:22 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-03-01 05:58 . 2010-03-01 06:03 -------- d-----w- c:\windows\PAC207
2010-03-01 05:58 . 2010-03-01 05:58 -------- d-----w- c:\program files\Common Files\RemoveC
2010-03-01 05:58 . 2010-03-01 05:58 -------- d-----w- c:\program files\Common Files\Remove64C
2010-03-01 05:58 . 2010-03-01 05:58 -------- d-----w- c:\program files\Common Files\PAC207
2010-03-01 05:58 . 2010-03-01 05:58 -------- d-----w- c:\windows\Downloaded Installations
2010-03-01 05:56 . 2010-03-01 05:56 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-01 05:54 . 2010-03-01 05:54 -------- d-----w- c:\program files\Common Files\Skype
2010-03-01 05:54 . 2010-03-01 06:13 -------- d-----r- c:\program files\Skype
2010-03-01 03:21 . 1999-01-20 04:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL
2010-03-01 03:21 . 2010-03-01 03:21 -------- d-----w- c:\program files\Common Files\Borland Shared
2010-03-01 03:05 . 2010-03-01 03:05 0 ----a-w- c:\windows\nsreg.dat
2010-03-01 02:55 . 2010-03-01 03:21 -------- d-----w- c:\program files\Katalog filmů
2010-03-01 02:36 . 2010-01-05 09:58 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-01 02:36 . 2010-01-05 09:58 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-01 02:36 . 2010-01-05 09:58 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-01 02:36 . 2010-01-05 09:58 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-01 02:36 . 2010-01-05 09:57 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2010-03-01 02:36 . 2010-01-05 09:57 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2010-03-01 02:36 . 2009-12-31 15:33 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-01 02:36 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2010-03-01 02:24 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-01 02:24 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-03-01 02:22 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-03-01 02:22 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-03-01 02:22 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-03-01 02:22 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-01 02:22 . 2009-12-09 10:11 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-01 02:22 . 2009-12-09 10:11 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-01 02:22 . 2009-12-09 10:11 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-01 02:22 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-03-01 02:22 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-03-01 02:22 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-03-01 02:16 . 2010-03-02 05:28 -------- d-----w- c:\windows\system32\cs-cz
2010-03-01 02:16 . 2010-03-01 02:16 -------- d-----w- c:\windows\l2schemas
2010-03-01 02:16 . 2010-03-01 02:16 -------- d-----w- c:\windows\system32\cs
2010-03-01 01:47 . 2010-03-01 01:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-01 01:42 . 2010-03-01 01:42 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2010-03-01 01:42 . 2010-03-03 05:23 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2010-03-01 01:33 . 2010-03-01 02:16 -------- d-----w- c:\windows\peernet
2010-03-01 01:33 . 2010-03-01 01:33 -------- d-----w- c:\windows\provisioning
2010-03-01 01:32 . 2010-03-01 01:32 -------- d-----w- c:\windows\ServicePackFiles
2010-03-01 01:31 . 2010-03-01 02:12 -------- d-----w- c:\windows\EHome
2010-03-01 01:18 . 2008-04-14 07:52 11264 ------w- c:\windows\system32\spnpinst.exe
2010-03-01 01:18 . 2004-08-02 13:20 4569 ------w- c:\windows\system32\secupd.dat
2010-03-01 01:11 . 2008-04-14 03:21 1083904 ----a-w- c:\windows\system32\esent.dll
2010-03-01 01:07 . 2010-03-01 02:16 -------- d-----w- c:\windows\system32\bits
2010-03-01 01:06 . 2010-03-01 02:46 -------- d--h--w- c:\windows\$hf_mig$
2010-03-01 01:06 . 2009-08-25 09:19 354816 ----a-w- c:\windows\system32\winhttp.dll
2010-03-01 01:06 . 2008-04-14 03:21 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2010-03-01 01:06 . 2008-04-14 03:21 8192 ------w- c:\windows\system32\bitsprx2.dll
2010-03-01 01:06 . 2008-04-14 03:21 7168 ------w- c:\windows\system32\bitsprx3.dll
2010-03-01 01:03 . 2009-08-06 18:24 327896 ----a-w- c:\windows\system32\wucltui.dll
2010-03-01 01:03 . 2009-08-06 18:24 209632 ----a-w- c:\windows\system32\wuweb.dll
2010-03-01 01:03 . 2009-08-06 18:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-03-01 01:03 . 2009-08-06 18:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-03-01 01:03 . 2008-04-14 03:22 166912 ----a-w- c:\windows\system32\wuauclt1.exe
2010-03-01 01:03 . 2008-04-14 03:22 183296 ----a-w- c:\windows\system32\wuaueng1.dll
2010-03-01 00:47 . 2010-03-01 00:49 -------- d-----w- c:\windows\NV436464.TMP
2010-03-01 00:38 . 2008-04-14 03:21 191488 ----a-w- c:\windows\system32\iuengine.dll
2010-03-01 00:23 . 2010-03-01 00:49 -------- d-----w- c:\windows\nview
2010-03-01 00:23 . 2008-10-07 05:33 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-01 00:22 . 2008-10-02 09:07 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-01 00:02 . 2008-01-03 14:10 105856 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
2010-03-01 00:02 . 2010-03-01 00:02 -------- d-----w- c:\windows\OPTIONS
2010-03-01 00:02 . 2010-03-01 00:02 -------- d-----w- c:\windows\system32\Lang
2010-03-01 00:00 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-03-01 00:00 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-03-01 00:00 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-03-01 00:00 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-03-01 00:00 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-03-01 00:00 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-03-01 00:00 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-03-01 00:00 . 2006-08-01 07:02 49152 ------r- c:\windows\system32\ChCfg.exe
2010-03-01 00:00 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-02-28 23:55 . 2008-04-14 03:22 75264 ----a-w- c:\windows\system32\usbui.dll
2010-02-28 23:55 . 2008-04-13 18:45 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-02-28 23:55 . 2008-04-13 18:45 143872 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-02-28 23:55 . 2008-04-13 18:45 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-02-28 23:55 . 2008-04-13 18:45 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-02-28 23:55 . 2008-04-13 18:40 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-02-28 23:55 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 01:25 . 2003-04-16 12:00 78030 ----a-w- c:\windows\system32\perfc005.dat
2010-03-04 01:25 . 2003-04-16 12:00 429018 ----a-w- c:\windows\system32\perfh005.dat
2010-03-01 02:17 . 2010-02-28 21:49 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-03-01 02:17 . 2010-02-28 21:49 2982 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2010-03-01 01:33 . 2010-02-28 21:49 8972 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
2010-03-01 00:02 . 2010-02-28 23:59 -------- d-----w- c:\program files\Realtek
2010-02-28 23:59 . 2010-02-28 23:59 315392 ----a-w- c:\windows\HideWin.exe
2010-02-28 22:30 . 2010-02-28 22:30 -------- d-----w- c:\program files\Sunbelt Software
2010-02-28 22:15 . 2010-02-28 22:15 -------- d-----w- c:\program files\Alwil Software
2010-02-28 21:49 . 2010-02-28 21:49 -------- d-----w- c:\program files\microsoft frontpage
2010-02-28 21:47 . 2010-02-28 21:47 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-05 09:58 . 2006-06-23 12:27 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2004-08-17 22:49 78336 ------w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2003-04-16 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2003-04-16 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:42 . 2010-02-28 21:46 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2003-04-16 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2003-04-16 12:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2002-09-20 17:12 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2003-04-16 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-01 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-10-07 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Lubomˇr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GIGABYTE Gamer HUD Lite.lnk - c:\program files\Gigabyte\Gamer HUD Lite\HUD.exe [2008-11-24 1960960]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\MSI\BToes Bluetooth Software\BTTray.exe [2005-5-31 577597]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.2.2010 23:15 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11.11.2009 10:44 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11.11.2009 10:44 66632]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [28.2.2010 23:30 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [1.3.2010 0:54 80392]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [30.7.2008 10:36 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [30.7.2008 10:36 1361192]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11.11.2009 10:44 12872]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [28.2.2010 23:30 65576]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - HPDJ
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Lubomír\Data aplikací\Mozilla\Firefox\Profiles\1pqiea1t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-GEST - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 16:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="77AFA5DB44AEFE3C2D72CF18AB4EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DC038D530D6EB34529DB7CE019D40AA5CAF2CDC5C60E9664D45D671B5E95C726FDF25DDDBF03E3655B24828E49DD25473DA81B2AFD2F22BD5B99E518C2E98DA95197A3D77DE5F98DBA7184ADF3D2F54F0BFC57709C163ABE27ED24CF0428C3035B05D80C806BE7BA4859D0184A16D94791D5532F2AA5B9EE85AC39364B71DE78990ABA9EDAF22B355FBE6BA2A6BD1663A0893DD1B2443743F6544D0123971ACB3F8CA2B26B99047F78F0A5AC8CAE6CD46E86468D5D2C34D200EA91F4201F2DD387B21EFD894D573789720348007F984157E33B599F24BFEAC17CF8F6860520DFEFE9A558CC50425A83FC59390F89AF57E57EC9D81548B93679514A5153A8201D33EA82A6F67EC02BF869A3661911FC24359036ACA59FB47B7F25A598309B9B36849BCB55226AAE15441434E7B51204084BC6B5ADAF9560DE8ED08168D5773555001CE2F294298CD6618E8018CCFFAF5498F1FA137BF9708AA17893D32466FC6041E5BC58D935608D40639E96735D0A0FA309CE60C4D839410554B23188AB09FDFA9E118BC80C803675AE295024107B16956644426D29EBF12E1428D856BFD29A482E5BC1708986546B91C867545C6CC4688FD4AF997B44A894AE33A6645E2E2775DEE3DA13BB08CFE9B1C327FA97C4A28A4F07B1D79D3A9B670AAD8CA892F80DEBE8895063EC106034C218403665A3709DA4C4FCCE54C07BE8A158D66BAF366488342368FCCBF97A6EA6B59858AD454C6AF22AEE560B541A622A76F127289AF84D8300530B1633725EA3F84B1B82595A5FD86FA6B00EA68DB15E58B495C8B2B47C0E95B7D4FA8109C95E34A53274824CBEF940785F087C22B15DDE2AAB8595AA9158A062E1B4F028B05A8E55D9E805CC187E8977EF1F0CA4BA71CE77BDC94F5A77EB345221D5B22D8A9DC066780D0CDF699266AC3554A2C51A7B202A3AFA5E7A07B064F587495B5CDC7D44BA83C84BDBD4F712EEA8480C9B8413A8E2E2E37CCDA5F2B4BF5510ABA18756ACB0059A825CDA3F304A9F8BFB7E177CCDD4C68B8F8FD514E59C2F8085DC920799170718CAF3FE9DA845AC2F941109F0832CF03DC72964C1F872E4525845688629A9FB3473E91C4D93AFA05E7E26AE28FC533359B74949D515C47A3B94619BF895A55E1B066282EA52531F5004FFBC089C2114DAF6C4CE91DD0C393DF6DCDAED8B60253E6EE4771F6B6426383EAB40921CA29A918FC76A6BCD17CAB787A1712BC07B670C9559B328CD6992A73CEE7E28470DE3F18FCAF1FEF406D1728A07A78A49CA8B8004AB262A7DF46BE16C84DC7663D3B95B6F6F871FB70B88FD7485FC68637B23D72B17ECC0E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1328)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2010-03-04 16:20:06
ComboFix-quarantined-files.txt 2010-03-04 15:20

Před spuštěním: Volných bajtů: 270 479 355 904
Po spuštění: Volných bajtů: 270 502 043 648

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 763879903D76A53562932C758EE1B5FA

[Caroprd111]

Tohle otestujte na http://www.virustotal.com/cs/
c:\windows\system32\drivers\wdmaud.sys
c:\windows\system32\drivers\splitter.sys
c:\windows\system32\drivers\dmusic.sys
c:\windows\system32\drivers\drmkaud.sys
c:\windows\system32\drivers\swmidi.sys
c:\windows\system32\drivers\kmixer.sys
c:\windows\system32\drivers\aec.sys
c:\windows\system32\ChCfg.exe
c:\windows\system32\drivers\sysaudio.sys
c:\windows\system32\usbui.dll
c:\windows\system32\drivers\usbhub.sys
c:\windows\system32\drivers\usbport.sys
c:\windows\system32\drivers\usbehci.sys
c:\windows\system32\drivers\usbuhci.sys
c:\windows\system32\drivers\pciidex.sys
c:\windows\system32\drivers\atapi.sys

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

[Louba]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.04 -
AhnLab-V3 5.0.0.2 2010.03.04 -
AntiVir 8.2.1.180 2010.03.04 -
Antiy-AVL 2.0.3.7 2010.03.04 -
Authentium 5.2.0.5 2010.03.04 W32/Zhelatin.K.gen!Eldorado
Avast 4.8.1351.0 2010.03.04 -
Avast5 5.0.332.0 2010.03.04 -
AVG 9.0.0.730 2010.03.04 -
BitDefender 7.2 2010.03.04 -
CAT-QuickHeal 10.00 2010.03.04 -
ClamAV 0.96.0.0-git 2010.03.04 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.04 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7339 2010.03.04 -
F-Prot 4.5.1.85 2010.03.03 -
F-Secure 9.0.15370.0 2010.03.04 -
Fortinet 4.0.14.0 2010.03.04 -
GData 19 2010.03.04 -
Ikarus T3.1.1.80.0 2010.03.04 -
Jiangmin 13.0.900 2010.03.04 -
K7AntiVirus 7.10.989 2010.03.03 -
Kaspersky 7.0.0.125 2010.03.04 -
McAfee 5909 2010.03.03 -
McAfee+Artemis 5909 2010.03.03 -
McAfee-GW-Edition 6.8.5 2010.03.04 -
Microsoft 1.5502 2010.03.04 -
NOD32 4915 2010.03.04 -
Norman 6.04.08 2010.03.03 -
nProtect 2009.1.8.0 2010.03.04 -
Panda 10.0.2.2 2010.03.03 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.04 -
Rising 22.37.03.04 2010.03.04 -
Sophos 4.51.0 2010.03.04 -
Sunbelt 5748 2010.03.04 -
Symantec 20091.2.0.41 2010.03.04 -
TheHacker 6.5.1.7.220 2010.03.04 -
TrendMicro 9.120.0.1004 2010.03.04 -
VBA32 3.12.12.2 2010.03.04 -
ViRobot 2010.3.4.2212 2010.03.04 -
VirusBuster 5.0.27.0 2010.03.04 -
Rozšiřující informace
File size: 83072 bytes
MD5...: 6768acf64b18196494413695f0c3a00f
SHA1..: 400eaa59b0c8015c37f1af04a4d031de75f63520
SHA256: 3a8f8586f1d997d19a8478345338d2aecd785aeabdb61531dd3f92003d3230a5
ssdeep: 1536:wTXW+Qxc03VNTFI+KVMmr+jOR1ZZMWq5Ijv5wQCUqCKshMEbgF:wzW+Qxpx<br>I+KBIOR1ZoVbvZEbgF<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x12e05<br>timedatestamp.....: 0x48025c3e (Sun Apr 13 19:17:18 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 9 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x380 0x219b 0x2200 6.44 c7dd0e14a4027eeb535159dc6c045655<br>.rdata 0x2580 0x3bc 0x400 3.95 ec585efcd989bcb5b0579e767c11cfe1<br>.data 0x2980 0x7ac 0x800 0.20 bf3b27463372f3ac25fcd8702089f7f9<br>PAGE 0x3180 0xf595 0xf600 6.45 98315b1c230e9c6603f39eff00acf7f3<br>PAGEDATA 0x12780 0x10 0x80 0.34 9ff4fc5d6674db00e039bfebf037bcf9<br>PAGECONS 0x12800 0x5a0 0x600 6.09 afa2e86a3bdd25bdb32eeace839ec361<br>INIT 0x12e00 0x994 0xa00 5.46 29eb40727dd355dc632208a4b4fe03df<br>.rsrc 0x13800 0x3f0 0x400 3.43 bb05a8e22d0c11ecae72d93db72d2c1b<br>.reloc 0x13c00 0x838 0x880 6.54 5d923ba0426e7d39a162584055f340a3<br><br>( 3 imports ) <br>> HAL.dll: KeQueryPerformanceCounter, KfAcquireSpinLock, ExReleaseFastMutex, ExAcquireFastMutex, KeGetCurrentIrql, KfReleaseSpinLock<br>> ks.sys: KsDefaultDispatchPower, KsDefaultForwardIrp, KsRegisterWorker, KsStreamIo, KsAllocateDeviceHeader, KsSetDevicePnpAndBaseObject, KsDefaultDispatchPnp, KsSynchronousIoControlDevice, KsDereferenceSoftwareBusObject, KsReferenceSoftwareBusObject, KsDefaultDeviceIoCompletion, KsQueueWorkItem, KsUnregisterWorker, KsCreatePin<br>> ntoskrnl.exe: IoFreeIrp, MmUnmapLockedPages, IofCallDriver, IoBuildAsynchronousFsdRequest, _except_handler3, KeCancelTimer, KeInitializeDpc, KeInitializeTimerEx, IoCsqInsertIrp, IoCsqRemoveIrp, IoGetDeviceInterfaces, MmMapLockedPages, IoFreeMdl, MmProbeAndLockPages, MmCreateMdl, IoRegisterPlugPlayNotification, IoUnregisterPlugPlayNotification, ProbeForWrite, ProbeForRead, ObReferenceObjectByHandle, ExEventObjectType, _wcsicmp, IoCreateFile, RtlInitUnicodeString, wcscmp, wcscpy, IofCompleteRequest, ZwClose, ZwQueryValueKey, ZwOpenKey, RtlFreeUnicodeString, wcscat, RtlStringFromGUID, swprintf, wcsncpy, IoFileObjectType, IoGetRelatedDeviceObject, ExFreePoolWithTag, _alldiv, KeRestoreFloatingPointState, KeSaveFloatingPointState, IoOpenDeviceInterfaceRegistryKey, ZwCreateKey, ZwSetValueKey, ZwDeleteKey, KeBugCheckEx, ExAllocatePoolWithTag, ExAllocatePoolWithQuotaTag, KeTickCount, ExfInterlockedRemoveHeadList, ExfInterlockedInsertTailList, ObfReferenceObject, ObfDereferenceObject, KeClearEvent, KeInitializeEvent, KeSetEvent, MmUnlockPages, _aulldvrm, _allmul, _aulldiv, IoCreateDevice, IoAttachDeviceToDeviceStack, IoDeleteDevice, KeInitializeMutex, KeInitializeSpinLock, IoCsqInitialize, KeEnterCriticalRegion, KeWaitForSingleObject, KeReleaseMutex, wcslen, KeLeaveCriticalRegion, RtlRaiseException<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win64 Executable Generic (87.2%)<br>Win32 Executable Generic (8.6%)<br>Generic Win/DOS Executable (2.0%)<br>DOS Executable Generic (2.0%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: MMSYSTEM Wave/Midi API mapper<br>original name: WDMAUD.SYS<br>internal name: WDMAUD<br>file version.: 5.1.2600.5512 (xpsp.080413-2108)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

[Louba]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.04 -
AhnLab-V3 5.0.0.2 2010.03.04 -
AntiVir 8.2.1.180 2010.03.04 -
Antiy-AVL 2.0.3.7 2010.03.04 -
Authentium 5.2.0.5 2010.03.04 W32/Zhelatin.K.gen!Eldorado
Avast 4.8.1351.0 2010.03.04 -
Avast5 5.0.332.0 2010.03.04 -
AVG 9.0.0.730 2010.03.04 -
BitDefender 7.2 2010.03.04 -
CAT-QuickHeal 10.00 2010.03.04 -
ClamAV 0.96.0.0-git 2010.03.04 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.04 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7339 2010.03.04 -
F-Prot 4.5.1.85 2010.03.03 -
F-Secure 9.0.15370.0 2010.03.04 -
Fortinet 4.0.14.0 2010.03.04 -
GData 19 2010.03.04 -
Ikarus T3.1.1.80.0 2010.03.04 -
Jiangmin 13.0.900 2010.03.04 -
K7AntiVirus 7.10.989 2010.03.03 -
Kaspersky 7.0.0.125 2010.03.04 -
McAfee 5909 2010.03.03 -
McAfee+Artemis 5909 2010.03.03 -
McAfee-GW-Edition 6.8.5 2010.03.04 -
Microsoft 1.5502 2010.03.04 -
NOD32 4915 2010.03.04 -
Norman 6.04.08 2010.03.03 -
nProtect 2009.1.8.0 2010.03.04 -
Panda 10.0.2.2 2010.03.03 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.04 -
Rising 22.37.03.04 2010.03.04 -
Sophos 4.51.0 2010.03.04 -
Sunbelt 5748 2010.03.04 -
Symantec 20091.2.0.41 2010.03.04 -
TheHacker 6.5.1.7.220 2010.03.04 -
TrendMicro 9.120.0.1004 2010.03.04 -
VBA32 3.12.12.2 2010.03.04 -
ViRobot 2010.3.4.2212 2010.03.04 -
VirusBuster 5.0.27.0 2010.03.04 -
Rozšiřující informace
File size: 6272 bytes
MD5...: ab8b92451ecb048a4d1de7c3ffcb4a9f
SHA1..: 2892ec95c3c8e4f5c767d709ac82fa2a6471c277
SHA256: dd17733cbb370fca08f0296704d7cbeaca3c8f76d0abe4761c3b1ffdf7481d9e
ssdeep: 96:Mg582Ne/wHwiLrdsVOOwKnmq+d/b6iREgPnWEWc85ofNWwG1:M0e4HwiLrNHZ
/b6aVrWc82fNW
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1025
timedatestamp.....: 0x480254b3 (Sun Apr 13 18:45:07 2008)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x156 0x180 5.34 9f9a181f76c2180ce0eb78dd15c34450
.rdata 0x480 0xa1 0x100 2.73 3fecb0bde7a1092a2f84ccfe78af6043
.data 0x580 0x8 0x80 0.38 0c41a08c90a7d5e81bf065649ebabedc
PAGE 0x600 0x9ec 0xa00 5.72 34fec1fe19c165add26846422536ec5a
INIT 0x1000 0x330 0x380 4.94 af466b11588bfe32f63ecf7edc1cd2dd
.rsrc 0x1380 0x400 0x400 3.41 ae9de81a5a242a8c532920a883e5af2b
.reloc 0x1780 0xf8 0x100 5.01 649337439cdda40989161d3802aa1c41

( 2 imports )
> NTOSKRNL.EXE: ExFreePool, ExAllocatePoolWithTag, RtlCompareMemory, KeTickCount, KeBugCheckEx, InterlockedExchange
> ks.sys: KsInitializeDriver, KsFilterGetFirstChildPin, KsAcquireControl, KsReleaseControl, _KsEdit, KsPinGetConnectedPinInterface, KsPinGetNextSiblingPin, KsPinGetParentFilter, KsFilterGetChildPinCount, KsFilterAttemptProcessing, KsFilterReleaseProcessingMutex, KsPinGetAvailableByteCount, KsFilterAcquireProcessingMutex, KsSynchronousIoControlDevice, KsPinGetConnectedPinFileObject, KsGetPinFromIrp

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Microsoft Kernel Audio Splitter
original name: splitter.sys
internal name: splitter.sys
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): PE_Patch

[Louba]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.04 -
AhnLab-V3 5.0.0.2 2010.03.04 -
AntiVir 8.2.1.180 2010.03.04 -
Antiy-AVL 2.0.3.7 2010.03.04 -
Authentium 5.2.0.5 2010.03.04 W32/Zhelatin.K.gen!Eldorado
Avast 4.8.1351.0 2010.03.04 -
Avast5 5.0.332.0 2010.03.04 -
AVG 9.0.0.730 2010.03.04 -
BitDefender 7.2 2010.03.04 -
CAT-QuickHeal 10.00 2010.03.04 -
ClamAV 0.96.0.0-git 2010.03.04 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.04 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7339 2010.03.04 -
F-Prot 4.5.1.85 2010.03.03 -
F-Secure 9.0.15370.0 2010.03.04 -
Fortinet 4.0.14.0 2010.03.04 -
GData 19 2010.03.04 -
Ikarus T3.1.1.80.0 2010.03.04 -
Jiangmin 13.0.900 2010.03.04 -
K7AntiVirus 7.10.989 2010.03.03 -
Kaspersky 7.0.0.125 2010.03.04 -
McAfee 5909 2010.03.03 -
McAfee+Artemis 5909 2010.03.03 -
McAfee-GW-Edition 6.8.5 2010.03.04 -
Microsoft 1.5502 2010.03.04 -
NOD32 4915 2010.03.04 -
Norman 6.04.08 2010.03.03 -
nProtect 2009.1.8.0 2010.03.04 -
Panda 10.0.2.2 2010.03.03 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.04 -
Rising 22.37.03.04 2010.03.04 -
Sophos 4.51.0 2010.03.04 -
Sunbelt 5748 2010.03.04 -
Symantec 20091.2.0.41 2010.03.04 -
TheHacker 6.5.1.7.220 2010.03.04 -
TrendMicro 9.120.0.1004 2010.03.04 -
VBA32 3.12.12.2 2010.03.04 -
ViRobot 2010.3.4.2212 2010.03.04 -
VirusBuster 5.0.27.0 2010.03.04 -
Rozšiřující informace
File size: 52864 bytes
MD5...: 8a208dfcf89792a484e76c40e5f50b45
SHA1..: a30227904d422a4dc0b7bd1d67e05dd747a524cc
SHA256: 4e40e2eb38c6254e7caa488200e89ee7debbba773890bc6a84313cc68178d54f
ssdeep: 1536:86JJ/0vwaHL54FMENJE61kY+Q43wKwYz9Y4:8fwWsE61kJEKfBY
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xc024
timedatestamp.....: 0x480254ac (Sun Apr 13 18:45:00 2008)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x9faa 0xa000 6.61 891c87b675dc50958ce86d57176e9c1c
.rdata 0xa300 0x1a44 0x1a80 5.36 203cb047f0c92ef72cf1d411376286db
.data 0xbd80 0x210 0x280 2.95 bef32f2381c079a16baefc3b82d8c8a7
INIT 0xc000 0x488 0x500 5.09 570900dc442c8d90245cfa3defe7aa29
.rsrc 0xc500 0x428 0x480 3.23 5c6a73965b4359c14b2a19ce898147da
.reloc 0xc980 0x492 0x500 5.67 1f3493ded313293176b8da3440d78bb6

( 3 imports )
> ntoskrnl.exe: KeRestoreFloatingPointState, _alldiv, _allmul, _allshr, _allshl, KeInitializeMutex, KeWaitForSingleObject, KeReleaseMutex, ZwClose, ZwQueryValueKey, ZwOpenKey, RtlInitUnicodeString, KeQuerySystemTime, KeSaveFloatingPointState, KeInitializeSpinLock, IoAllocateWorkItem, IoFreeWorkItem, IoQueueWorkItem, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, IoFreeMdl, MmUnlockPages, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, KeTickCount, KeBugCheckEx, ExAllocatePoolWithTag, MmMapLockedPagesSpecifyCache, ExFreePool, InterlockedDecrement, InterlockedIncrement, RtlRaiseException
> HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock
> portcls.sys: PcNewPort, PcRegisterSubdevice, PcInitializeAdapterDriver, PcAddAdapterDevice

( 0 exports )
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Microsoft Kernel DLS Synthesizer
original name: DMusic.sys
internal name: Microsoft Kernel DLS Synthesizer
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): PE_Patch
trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
pdfid.: -

[Caroprd111]

Dávejte sem jen odkazy na výsledky.

[Louba]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.04 -
AhnLab-V3 5.0.0.2 2010.03.04 -
AntiVir 8.2.1.180 2010.03.04 -
Antiy-AVL 2.0.3.7 2010.03.04 -
Authentium 5.2.0.5 2010.03.04 W32/Zhelatin.K.gen!Eldorado
Avast 4.8.1351.0 2010.03.04 -
Avast5 5.0.332.0 2010.03.04 -
AVG 9.0.0.730 2010.03.04 -
BitDefender 7.2 2010.03.04 -
CAT-QuickHeal 10.00 2010.03.04 -
ClamAV 0.96.0.0-git 2010.03.04 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.04 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7339 2010.03.04 -
F-Prot 4.5.1.85 2010.03.03 -
F-Secure 9.0.15370.0 2010.03.04 -
Fortinet 4.0.14.0 2010.03.04 -
GData 19 2010.03.04 -
Ikarus T3.1.1.80.0 2010.03.04 -
Jiangmin 13.0.900 2010.03.04 -
K7AntiVirus 7.10.989 2010.03.03 -
Kaspersky 7.0.0.125 2010.03.04 -
McAfee 5909 2010.03.03 -
McAfee+Artemis 5909 2010.03.03 -
McAfee-GW-Edition 6.8.5 2010.03.04 -
Microsoft 1.5502 2010.03.04 -
NOD32 4915 2010.03.04 -
Norman 6.04.08 2010.03.03 -
nProtect 2009.1.8.0 2010.03.04 -
Panda 10.0.2.2 2010.03.03 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.04 -
Rising 22.37.03.04 2010.03.04 -
Sophos 4.51.0 2010.03.04 -
Sunbelt 5748 2010.03.04 -
Symantec 20091.2.0.41 2010.03.04 -
TheHacker 6.5.1.7.220 2010.03.04 -
TrendMicro 9.120.0.1004 2010.03.04 -
VBA32 3.12.12.2 2010.03.04 -
ViRobot 2010.3.4.2212 2010.03.04 -
VirusBuster 5.0.27.0 2010.03.04 -
Rozšiřující informace
File size: 2944 bytes
MD5...: 8f5fcff8e8848afac920905fbd9d33c8
SHA1..: ced162d79f69003c470ce6a84bed2fc18e1693da
SHA256: c8c6fb97ab0871c8c88a2201525a5cf10d5131cb6980d32692ed7a8f58399ad5
ssdeep: 24:eNGSnJvlTFkICHbq3YkyI6bEKRaXtqryVAW40IZW0FH8aiOzNT6JOAD+35WWd
POT:avdYisUq2A4IZWGH85+TEDs5WwG2
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x505
timedatestamp.....: 0x480254b9 (Sun Apr 13 18:45:13 2008)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0xc 0x80 0.33 7563b06056491c31b84b4e1f4cfb444b
.rdata 0x380 0x70 0x80 3.05 ee89fa30024a67045e01c9a4298dfc05
.data 0x400 0xc 0x80 0.38 0c41a08c90a7d5e81bf065649ebabedc
PAGE 0x480 0x32 0x80 2.26 ead7a9a2ffedfb05fa1cd035e498f828
INIT 0x500 0x112 0x180 3.41 475907376126705251b3f26488d9b643
.rsrc 0x680 0x418 0x480 3.20 02ebdc17b73c798e675149fc404326c3
.reloc 0xb00 0x2e 0x80 1.32 7bd6fcd334bc5c36ea4d4254d1afef88

( 3 imports )
> ntoskrnl.exe: KeTickCount
> ks.sys: KsInitializeDriver
> drmk.sys: DrmGetFilterDescriptor

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Microsoft Kernel DRM Audio Descrambler Filter
original name: drmkaud.sys
internal name: drmkaud.sys
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): PE_Patch

[Louba]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.04 -
AhnLab-V3 5.0.0.2 2010.03.04 -
AntiVir 8.2.1.180 2010.03.04 -
Antiy-AVL 2.0.3.7 2010.03.04 -
Authentium 5.2.0.5 2010.03.04 W32/Zhelatin.K.gen!Eldorado
Avast 4.8.1351.0 2010.03.04 -
Avast5 5.0.332.0 2010.03.04 -
AVG 9.0.0.730 2010.03.04 -
BitDefender 7.2 2010.03.04 -
CAT-QuickHeal 10.00 2010.03.04 -
ClamAV 0.96.0.0-git 2010.03.04 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.04 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7339 2010.03.04 -
F-Prot 4.5.1.85 2010.03.03 -
F-Secure 9.0.15370.0 2010.03.04 -
Fortinet 4.0.14.0 2010.03.04 -
GData 19 2010.03.04 -
Ikarus T3.1.1.80.0 2010.03.04 -
Jiangmin 13.0.900 2010.03.04 -
K7AntiVirus 7.10.989 2010.03.03 -
Kaspersky 7.0.0.125 2010.03.04 -
McAfee 5909 2010.03.03 -
McAfee+Artemis 5909 2010.03.03 -
McAfee-GW-Edition 6.8.5 2010.03.04 -
Microsoft 1.5502 2010.03.04 -
NOD32 4915 2010.03.04 -
Norman 6.04.08 2010.03.03 -
nProtect 2009.1.8.0 2010.03.04 -
Panda 10.0.2.2 2010.03.03 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.04 -
Rising 22.37.03.04 2010.03.04 -
Sophos 4.51.0 2010.03.04 -
Sunbelt 5748 2010.03.04 -
Symantec 20091.2.0.41 2010.03.04 -
TheHacker 6.5.1.7.220 2010.03.04 -
TrendMicro 9.120.0.1004 2010.03.04 -
VBA32 3.12.12.2 2010.03.04 -
ViRobot 2010.3.4.2212 2010.03.04 -
VirusBuster 5.0.27.0 2010.03.04 -
Rozšiřující informace
File size: 56576 bytes
MD5...: 8ce882bcc6cf8a62f2b2323d95cb3d01
SHA1..: 492e94f981eda355e3f1854cfbb673986c428bc7
SHA256: b408550a581f3da222355964afa4e976ad8471f0aa37573c42c4948ae5a23a3b
ssdeep: 768:M0YxIuRoRlbE6cwz0c6oZRzhcxEh2XSAkdehijKD0fsuIUo7rMXF+t23:Mvc
R603c22XSAnfUFFI23
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xcc85
timedatestamp.....: 0x480254b3 (Sun Apr 13 18:45:07 2008)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x143a 0x1480 6.44 d7b315f24057239a496482c6141103bf
.rdata 0x1800 0x6f3 0x700 3.52 a1296aaef564840e6ed9f6699dd94b88
.data 0x1f00 0x230 0x280 2.95 96789df85c1ddbfbd119e7c4e3a330e2
PAGE 0x2180 0x8402 0x8480 6.57 89ab19705486f791f2f3367c29df5941
PAGEDATA 0xa600 0x2644 0x2680 0.38 a19729a7ef7fdb41f3b908f8bb5b56ba
INIT 0xcc80 0x6a8 0x700 5.22 293a4eeeaad4fb3ddc12a561c6422bb3
.rsrc 0xd380 0x430 0x480 3.26 69cb47d5472b43af498f56217a15e1e5
.reloc 0xd800 0x4f4 0x500 5.65 83f1987b7180513dbb6e144fbb549c6f

( 2 imports )
> ntoskrnl.exe: wcscat, wcslen, ZwReadFile, ZwQueryInformationFile, ZwCreateFile, wcscmp, ExQueueWorkItem, ObfReferenceObject, IofCallDriver, InterlockedDecrement, IoBuildDeviceIoControlRequest, ObfDereferenceObject, KeSetEvent, ExSetTimerResolution, KeInitializeEvent, IoGetRelatedDeviceObject, ObReferenceObjectByHandle, KeTickCount, KeBugCheckEx, InterlockedIncrement, _allshl, _allshr, RtlInitUnicodeString, ZwOpenKey, ZwQueryValueKey, wcscpy, ZwClose, IofCompleteRequest, KeInitializeMutex, IoCreateDevice, IoAttachDeviceToDeviceStack, IoDeleteDevice, KeWaitForSingleObject, KeReleaseMutex, ExFreePool, ExAllocatePoolWithTag, _allmul, _alldiv, KeRestoreFloatingPointState, KeClearEvent, KeSaveFloatingPointState, RtlRaiseException
> ks.sys: KsProbeStreamIrp, KsPinDataIntersection, KsPinPropertyHandler, KsDefaultDeviceIoCompletion, KsPropertyHandler, KsDispatchInvalidDeviceRequest, KsReferenceSoftwareBusObject, KsDereferenceSoftwareBusObject, KsValidateConnectRequest, KsFreeObjectHeader, KsDefaultDispatchPower, KsSetMajorFunctionHandler, KsDefaultForwardIrp, KsNullDriverUnload, KsAllocateDeviceHeader, KsSetDevicePnpAndBaseObject, KsDefaultDispatchPnp, KsAllocateObjectHeader, KsTopologyPropertyHandler

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
packers (Kaspersky): PE_Patch
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Microsoft GS Wavetable Synthesizer
original name: swmidi.sys
internal name: Microsoft GS Wavetable Synthesizer
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

[Caroprd111]

Dávejte sem jen odkazy na výsledky.

[Louba]

Jasně. Mám znova poslat i těch prvních pět?