Dobrý den, poslední týden se mi při každém spuštění či restartování Pc objeví modrá obrazovka-Windows xp potrebuje provest kontrolu na disku...
Trvá to vždy kolem 10 minut, navíc mi příjde, že se mi zpomalil celý Pc.
Vkládám log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Tomáš at 2010-03-18 22:43:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (7%) free of 42 GB
Total RAM: 1023 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:38, on 18.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
D:\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
D:\TuneUp Utilities 2010\Integrator.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\TuneUp Utilities 2010\DiskDoctor.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Tomáš\Plocha\RSIT.exe
C:\Documents and Settings\Tomáš\Plocha\Tomáš.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC8696E-F5A7-46D7-8455-4193D3B09BA2}: NameServer = 10.22.0.1,10.22.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - D:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 8255 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Automatic troubleshooting.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5DB532CA-86EB-45AC-BC4E-54FBE101A70F}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-12-15 1218000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-12-15 1218000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"snpstd"=C:\WINDOWS\vsnpstd.exe [2003-12-31 40960]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-01-09 2166784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-01-09 3037696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
C:\Program Files\ASUS\AI Booster\OverClk.exe [2006-07-13 3715584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-05-12 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Populous Downloader 6 Live Service Host.lnk]
D:\Populous Online\live.exe []
C:\Documents and Settings\Tomáš\Nabídka Start\Programy\Po spuštění
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Warcraft III\euroloader.exe"="D:\Warcraft III\euroloader.exe:*:Enabled:euroloader"
"D:\Stronghold 2\Stronghold2.exe"="D:\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold2"
"C:\WINDOWS\system32\DPNSVR.EXE"="C:\WINDOWS\system32\DPNSVR.EXE:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"D:\Battlefield Vietnam\bfvietnam.exe"="D:\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam"
"C:\WINDOWS\system32\DPLAYSVR.EXE"="C:\WINDOWS\system32\DPLAYSVR.EXE:*:Enabled:Microsoft DirectPlay Helper"
"D:\Downloads\bulanci.exe"="D:\Downloads\bulanci.exe:*:Enabled:bulanci"
"D:\aoeII\age2_x1.exe"="D:\aoeII\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"D:\Diablo II\Diablo II.exe"="D:\Diablo II\Diablo II.exe:*:Enabled:Diablo II"
"D:\OpenTTD\openttd.exe"="D:\OpenTTD\openttd.exe:*:Enabled:OpenTTD"
"D:\Red Alert 3\Data\ra3_1.0.game"="D:\Red Alert 3\Data\ra3_1.0.game:*:Enabled:Command & Conquer™ Red Alert™ 3"
"D:\Opera\opera.exe"="D:\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\Tomáš\Plocha\BitLord.exe"="C:\Documents and Settings\Tomáš\Plocha\BitLord.exe:*:Enabled:BitLord"
"D:\Atomic Mailbox Password Cracker\EmailPassRecoveryWizard.exe"="D:\Atomic Mailbox Password Cracker\EmailPassRecoveryWizard.exe:*:Enabled:Mailbox password recovery software"
"D:\RollerCoaster Tycoon\rct.exe"="D:\RollerCoaster Tycoon\rct.exe:*:Enabled:rct"
"D:\Disciples 2\Discipl2.exe"="D:\Disciples 2\Discipl2.exe:*:Enabled:Disciples II v1.3"
"D:\FlatOut2\FlatOut2.exe"="D:\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"D:\BattleForge\Bootstrapper.exe"="D:\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher"
"D:\BattleForge\BattleForge.exe"="D:\BattleForge\BattleForge.exe:*:Enabled:BattleForge™"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\demigod\bin\Demigod.exe"="D:\demigod\bin\Demigod.exe:*:Enabled:Demigod Application"
"D:\Rise of Nations\thrones.exe"="D:\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations"
"D:\Call of Duty 2\CoD2MP_s.exe"="D:\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\HLSW\hlsw.exe"="D:\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"D:\Warcraft III\Warcraft III.exe"="D:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Rise of Nations\patriots.exe"="D:\Rise of Nations\patriots.exe:*:Enabled:Rise of Nations"
"D:\Hamachi\hamachi.exe"="D:\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"D:\TrackMania Sunrise\TmSunrise.exe"="D:\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"D:\Far Cry\Bin32\FarCry.exe"="D:\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"D:\Lionheart\Lionheart.exe"="D:\Lionheart\Lionheart.exe:*:Enabled:Lionheart"
"D:\Dragon Age\bin_ship\daorigins.exe"="D:\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"D:\Dragon Age\DAOriginsLauncher.exe"="D:\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"D:\Dragon Age\bin_ship\daupdatersvc.service.exe"="D:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"D:\BitLord2\BitLord.exe"="D:\BitLord2\BitLord.exe:*:Enabled:Bitlord2"
"D:\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="D:\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\World of Warcraft\Launcher.exe"="D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\Heroes of Newerth\hon.exe"="D:\Heroes of Newerth\hon.exe:*:Enabled:Heroes of Newerth"
"D:\Counter-Strike Source\srcds.exe"="D:\Counter-Strike Source\srcds.exe:*:Enabled:Counter-Strike Source Server"
"D:\Counter-Strike Source\hl2.exe"="D:\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"D:\Dawn of War DEMO\W40k.exe"="D:\Dawn of War DEMO\W40k.exe:*:Enabled:W40K"
"D:\KillingFloor\System\KillingFloor.exe"="D:\KillingFloor\System\KillingFloor.exe:*:Enabled:KillingFloor"
"D:\iNSTALAČKY\Grid\GRID.exe"="D:\iNSTALAČKY\Grid\GRID.exe:*:Enabled:GRID Executable"
"D:\Disciples 2 Gold Gallean\Discipl2.exe"="D:\Disciples 2 Gold Gallean\Discipl2.exe:*:Enabled:Disciples II v2.02"
"F:\Launch Juiced\Juiced\Juiced.exe"="F:\Launch Juiced\Juiced\Juiced.exe:*:Enabled:Juiced"
"D:\Age 2\MYTH-Age2_x1.exe"="D:\Age 2\MYTH-Age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-03-18 22:43:53 ----D---- C:\rsit
2010-03-18 20:16:59 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2010-03-18 20:16:57 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2010-03-18 20:16:25 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\TuneUp Software
2010-03-18 20:14:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TuneUp Software
2010-03-18 20:13:50 ----SHD---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-03-14 20:50:04 ----A---- C:\WINDOWS\system32\NCTWMAFile2.dll
2010-03-14 20:50:04 ----A---- C:\WINDOWS\system32\NCTAudioPlayer2.dll
2010-03-14 20:50:03 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2010-03-10 21:27:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-07 17:37:06 ----D---- C:\Program Files\Bejeweled 2 Deluxe
2010-03-07 17:35:30 ----D---- C:\Program Files\ReflexiveArcade
2010-02-25 16:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-24 14:47:33 ----A---- C:\WINDOWS\system32\psisdecd.dll
2010-02-24 14:47:27 ----A---- C:\WINDOWS\system32\dxdllreg.exe
======List of files/folders modified in the last 1 months======
2010-03-18 22:43:57 ----D---- C:\WINDOWS\Prefetch
2010-03-18 22:41:44 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\Skype
2010-03-18 22:41:05 ----D---- C:\WINDOWS\Temp
2010-03-18 21:03:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-18 20:52:48 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\skypePM
2010-03-18 20:37:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-18 20:17:05 ----SHD---- C:\WINDOWS\Installer
2010-03-18 20:17:05 ----HD---- C:\Config.Msi
2010-03-18 20:17:04 ----D---- C:\WINDOWS\system32\config
2010-03-18 20:17:03 ----SD---- C:\WINDOWS\Tasks
2010-03-18 20:16:59 ----D---- C:\WINDOWS\system32
2010-03-18 20:16:35 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\Spyware Terminator
2010-03-18 20:14:22 ----D---- C:\WINDOWS
2010-03-18 14:55:39 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2010-03-16 17:29:01 ----D---- C:\Program Files\Spyware Terminator
2010-03-14 20:30:07 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft
2010-03-14 20:29:36 ----HD---- C:\WINDOWS\inf
2010-03-13 22:15:59 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\Hamachi
2010-03-10 21:27:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-10 21:27:57 ----D---- C:\Program Files\Movie Maker
2010-03-10 21:27:23 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-07 17:37:06 ----RD---- C:\Program Files
2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-25 16:01:25 ----A---- C:\WINDOWS\imsins.BAK
2010-02-25 16:01:22 ----D---- C:\WINDOWS\ie8updates
2010-02-24 14:59:36 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-24 14:48:26 ----RSD---- C:\WINDOWS\assembly
2010-02-24 14:48:08 ----D---- C:\WINDOWS\RegisteredPackages
2010-02-24 14:48:00 ----D---- C:\WINDOWS\system32\drivers
2010-02-24 14:47:01 ----D---- C:\WINDOWS\system32\DirectX
2010-02-20 09:47:30 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\ICQ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2005-12-22 5685]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 SSHDRV86;SSHDRV86; \??\C:\WINDOWS\system32\drivers\SSHDRV86.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-01-31 141246]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-01-31 16176]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-08-25 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-04-06 81664]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\D:\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 a3mn7jhc;a3mn7jhc; C:\WINDOWS\system32\drivers\a3mn7jhc.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 snpstd;USB PC Camera (SN9C102); C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-03-22 301824]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 NMSAccessU;NMSAccessU; D:\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-09 488960]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; D:\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-02 1043784]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; D:\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-03-18 435016]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Problémy se spouštěním
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Re: Problémy se spouštěním
Zdravim,
nez vam zkontroluji log,tak
Stahnete HDTune,nainstalujte,a na karte Error scan klepnete na start
(ne rychly),vysledek nahlaste.
Taktez resume zalozky Status.
Nemate nahodou neustale pripojen usb flash disk?
nez vam zkontroluji log,tak
Stahnete HDTune,nainstalujte,a na karte Error scan klepnete na start(ne rychly),vysledek nahlaste.
Taktez resume zalozky Status.
Nemate nahodou neustale pripojen usb flash disk?
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Problémy se spouštěním
Flash disk neustale pripojen nemam, z toho vaseho odkazu mi HDtune nesel stahnul, tak jsem si dovolil stahnout ho z http://www.sosej.cz/Download/Hd-Tune-Download.html.
Kontrola jeste chvili potrva..
Kontrola jeste chvili potrva..
Re: Problémy se spouštěním
:arrow:Otestujte na VIRUSTOTALu a JOTTISCANu
D:\Populous Online\live.exe
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledky sem vlozte)
Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.
D:\Populous Online\live.exe
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledky sem vlozte)
Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Problémy se spouštěním
Tak, Hd tune mi ukazal jsen same zelene kosticky, zadnou chybu nenasel.
co se tyce toho D:\Populous Online\live.exe , nepodarilo se mi ho vubec najit, zkousel jsem i zobrazit skryte slozky, bez uspechu.
co se tyce toho D:\Populous Online\live.exe , nepodarilo se mi ho vubec najit, zkousel jsem i zobrazit skryte slozky, bez uspechu.
Re: Problémy se spouštěním
CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.
Budte prihlasen na pc s administratorskymi pravy.
stahnete a ulozte nejlepe na plochu ComboFix
v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.
hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:
pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120
odklepnout OK
Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Problémy se spouštěním
ComboFix 10-03-19.06 - Tomáš 20.03.2010 9:04.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.688 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomáš\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100319-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Tom ç\Dokumenty\cc_20091219_232029.reg
c:\recycler\S-1-5-21-117609710-1383384898-725345543-1004
c:\recycler\S-1-5-21-1957994488-1965331169-682003330-1004
c:\windows\system32\tmp23.tmp
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-20 do 2010-03-20 )))))))))))))))))))))))))))))))
.
2010-03-18 21:43 . 2010-03-18 21:44 -------- d-----w- C:\rsit
2010-03-18 19:16 . 2010-02-02 11:24 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-03-18 19:16 . 2010-02-02 11:18 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-03-14 19:50 . 2004-12-02 17:11 315392 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2010-03-14 19:50 . 2004-05-20 14:24 196608 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2010-03-14 19:50 . 2004-12-02 17:20 1843200 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2010-03-10 15:34 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-07 16:38 . 2010-03-07 16:38 16 ----a-w- c:\windows\popcinfo.dat
2010-03-07 16:37 . 2010-03-07 17:23 -------- d-----w- c:\program files\Bejeweled 2 Deluxe
2010-03-07 16:35 . 2010-03-07 16:35 -------- d-----w- c:\program files\ReflexiveArcade
2010-02-19 20:35 . 2010-02-19 20:35 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY.000\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 16:29 . 2010-01-09 09:11 -------- d-----w- c:\program files\Spyware Terminator
2010-02-24 13:59 . 2006-11-29 22:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 18:24 . 2010-02-01 18:24 -------- d-----w- c:\program files\Strategy First
2010-02-01 17:21 . 2009-08-09 06:16 -------- d-----w- c:\program files\ICQ6.5
2010-01-29 15:00 . 2010-01-29 15:00 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-29 15:00 . 2010-01-29 15:00 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-29 15:00 . 2010-01-29 15:00 -------- d-----w- c:\program files\OpenAL
2010-01-09 09:17 . 2010-01-09 09:17 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-09 09:11 . 2010-01-09 09:11 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.
------- Sigcheck -------
[-] 2008-04-14 . A66EF4D3AA0933E50855C004BE798DF2 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . A66EF4D3AA0933E50855C004BE798DF2 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2006-03-02 . 390B561218938AF8F54ADCD8B65226D8 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2008-04-14 . 83424C25FCE4BAC686F455668932EAF8 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 83424C25FCE4BAC686F455668932EAF8 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2006-03-02 . B3A226C5ADBB8CA6B306D33193254C08 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-09 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-09 2166784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk
backup=c:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Populous Downloader 6 Live Service Host.lnk]
path=c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\Populous Downloader 6 Live Service Host.lnk
backup=c:\windows\pss\Populous Downloader 6 Live Service Host.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 13:21 61952 ------w- c:\windows\system32\HDAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
2006-07-13 14:32 3715584 ----a-w- c:\program files\Asus\AI Booster\OverClk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Stronghold 2\\Stronghold2.exe"=
"c:\\WINDOWS\\system32\\DPNSVR.EXE"=
"d:\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\WINDOWS\\system32\\DPLAYSVR.EXE"=
"d:\\aoeII\\age2_x1.exe"=
"d:\\Diablo II\\Diablo II.exe"=
"d:\\OpenTTD\\openttd.exe"=
"d:\\Opera\\opera.exe"=
"d:\\Atomic Mailbox Password Cracker\\EmailPassRecoveryWizard.exe"=
"d:\\RollerCoaster Tycoon\\rct.exe"=
"d:\\Disciples 2\\Discipl2.exe"=
"d:\\FlatOut2\\FlatOut2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\HLSW\\hlsw.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Hamachi\\hamachi.exe"=
"d:\\BitLord2\\BitLord.exe"=
"d:\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"d:\\Heroes of Newerth\\hon.exe"=
"d:\\Counter-Strike Source\\srcds.exe"=
"d:\\Counter-Strike Source\\hl2.exe"=
"d:\\Dawn of War DEMO\\W40k.exe"=
"d:\\KillingFloor\\System\\KillingFloor.exe"=
"d:\\iNSTALAČKY\\Grid\\GRID.exe"=
"d:\\Disciples 2 Gold Gallean\\Discipl2.exe"=
"d:\\Age 2\\MYTH-Age2_x1.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2008 10:54 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.12.2009 22:43 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.1.2010 10:11 142592]
R1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [31.1.2009 17:58 81408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.12.2009 22:43 20560]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2.2.2010 12:21 1043784]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe --> d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-03-20 c:\windows\Tasks\Automatic troubleshooting.job
- d:\tuneup utilities 2010\TuneUpSystemStatusCheck.exe [2010-02-02 11:28]
2010-03-19 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]
2010-03-20 c:\windows\Tasks\User_Feed_Synchronization-{5DB532CA-86EB-45AC-BC4E-54FBE101A70F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {AEC8696E-F5A7-46D7-8455-4193D3B09BA2} = 10.22.0.1,10.22.0.2
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\jl7uqt0d.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15187&l=dis
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Dungeon Keeper II - d:\dungeon keeper 2\Uninst.isu
AddRemove-HijackThis - c:\documents and settings\Tomáš\Plocha\HijackThis.exe
AddRemove-Killing Floor 2.5 - d:\kfmod20\Uninstal.exe
AddRemove-{5A0B7BA5-4682-4273-81C2-69B17E649103} - c:\program files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 09:25
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll atapi.sys spab.sys >>UNKNOWN [0x86F87938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7647f28
\Driver\ACPI -> ACPI.sys @ 0xf7492cb8
\Driver\atapi -> sfsync02.sys @ 0xf76148b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7343bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7350a21
SendHandler -> NDIS.sys @ 0xf732e87b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-1326574676-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2152)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\cdburnerxp\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
d:\tuneup utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-03-20 09:32:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-20 08:32
Před spuštěním: 2 726 309 888
Po spuštění: 4 096 815 104
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 01E5DE699818A26DCF36BB57C5098D6F
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.688 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomáš\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100319-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Tom ç\Dokumenty\cc_20091219_232029.reg
c:\recycler\S-1-5-21-117609710-1383384898-725345543-1004
c:\recycler\S-1-5-21-1957994488-1965331169-682003330-1004
c:\windows\system32\tmp23.tmp
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-20 do 2010-03-20 )))))))))))))))))))))))))))))))
.
2010-03-18 21:43 . 2010-03-18 21:44 -------- d-----w- C:\rsit
2010-03-18 19:16 . 2010-02-02 11:24 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-03-18 19:16 . 2010-02-02 11:18 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-03-14 19:50 . 2004-12-02 17:11 315392 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2010-03-14 19:50 . 2004-05-20 14:24 196608 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2010-03-14 19:50 . 2004-12-02 17:20 1843200 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2010-03-10 15:34 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-07 16:38 . 2010-03-07 16:38 16 ----a-w- c:\windows\popcinfo.dat
2010-03-07 16:37 . 2010-03-07 17:23 -------- d-----w- c:\program files\Bejeweled 2 Deluxe
2010-03-07 16:35 . 2010-03-07 16:35 -------- d-----w- c:\program files\ReflexiveArcade
2010-02-19 20:35 . 2010-02-19 20:35 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY.000\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 16:29 . 2010-01-09 09:11 -------- d-----w- c:\program files\Spyware Terminator
2010-02-24 13:59 . 2006-11-29 22:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 18:24 . 2010-02-01 18:24 -------- d-----w- c:\program files\Strategy First
2010-02-01 17:21 . 2009-08-09 06:16 -------- d-----w- c:\program files\ICQ6.5
2010-01-29 15:00 . 2010-01-29 15:00 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-29 15:00 . 2010-01-29 15:00 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-29 15:00 . 2010-01-29 15:00 -------- d-----w- c:\program files\OpenAL
2010-01-09 09:17 . 2010-01-09 09:17 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-09 09:11 . 2010-01-09 09:11 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.
------- Sigcheck -------
[-] 2008-04-14 . A66EF4D3AA0933E50855C004BE798DF2 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . A66EF4D3AA0933E50855C004BE798DF2 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2006-03-02 . 390B561218938AF8F54ADCD8B65226D8 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2008-04-14 . 83424C25FCE4BAC686F455668932EAF8 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 83424C25FCE4BAC686F455668932EAF8 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2006-03-02 . B3A226C5ADBB8CA6B306D33193254C08 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-09 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-09 2166784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk
backup=c:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Populous Downloader 6 Live Service Host.lnk]
path=c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\Populous Downloader 6 Live Service Host.lnk
backup=c:\windows\pss\Populous Downloader 6 Live Service Host.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 13:21 61952 ------w- c:\windows\system32\HDAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
2006-07-13 14:32 3715584 ----a-w- c:\program files\Asus\AI Booster\OverClk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Stronghold 2\\Stronghold2.exe"=
"c:\\WINDOWS\\system32\\DPNSVR.EXE"=
"d:\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\WINDOWS\\system32\\DPLAYSVR.EXE"=
"d:\\aoeII\\age2_x1.exe"=
"d:\\Diablo II\\Diablo II.exe"=
"d:\\OpenTTD\\openttd.exe"=
"d:\\Opera\\opera.exe"=
"d:\\Atomic Mailbox Password Cracker\\EmailPassRecoveryWizard.exe"=
"d:\\RollerCoaster Tycoon\\rct.exe"=
"d:\\Disciples 2\\Discipl2.exe"=
"d:\\FlatOut2\\FlatOut2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\HLSW\\hlsw.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Hamachi\\hamachi.exe"=
"d:\\BitLord2\\BitLord.exe"=
"d:\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"d:\\Heroes of Newerth\\hon.exe"=
"d:\\Counter-Strike Source\\srcds.exe"=
"d:\\Counter-Strike Source\\hl2.exe"=
"d:\\Dawn of War DEMO\\W40k.exe"=
"d:\\KillingFloor\\System\\KillingFloor.exe"=
"d:\\iNSTALAČKY\\Grid\\GRID.exe"=
"d:\\Disciples 2 Gold Gallean\\Discipl2.exe"=
"d:\\Age 2\\MYTH-Age2_x1.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2008 10:54 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.12.2009 22:43 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.1.2010 10:11 142592]
R1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [31.1.2009 17:58 81408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.12.2009 22:43 20560]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2.2.2010 12:21 1043784]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe --> d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-03-20 c:\windows\Tasks\Automatic troubleshooting.job
- d:\tuneup utilities 2010\TuneUpSystemStatusCheck.exe [2010-02-02 11:28]
2010-03-19 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]
2010-03-20 c:\windows\Tasks\User_Feed_Synchronization-{5DB532CA-86EB-45AC-BC4E-54FBE101A70F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {AEC8696E-F5A7-46D7-8455-4193D3B09BA2} = 10.22.0.1,10.22.0.2
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\jl7uqt0d.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15187&l=dis
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Dungeon Keeper II - d:\dungeon keeper 2\Uninst.isu
AddRemove-HijackThis - c:\documents and settings\Tomáš\Plocha\HijackThis.exe
AddRemove-Killing Floor 2.5 - d:\kfmod20\Uninstal.exe
AddRemove-{5A0B7BA5-4682-4273-81C2-69B17E649103} - c:\program files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 09:25
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll atapi.sys spab.sys >>UNKNOWN [0x86F87938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7647f28
\Driver\ACPI -> ACPI.sys @ 0xf7492cb8
\Driver\atapi -> sfsync02.sys @ 0xf76148b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7343bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7350a21
SendHandler -> NDIS.sys @ 0xf732e87b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-1326574676-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2152)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\cdburnerxp\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
d:\tuneup utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-03-20 09:32:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-20 08:32
Před spuštěním: 2 726 309 888
Po spuštění: 4 096 815 104
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 01E5DE699818A26DCF36BB57C5098D6F
Re: Problémy se spouštěním
otestujte na VIRUSTOTALuc:\windows\ServicePackFiles\i386\wscntfy.exe
c:\windows\system32\wscntfy.exe
c:\windows\ServicePackFiles\i386\ctfmon.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\drivers\SSHDRV86.sys
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)
Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Problémy se spouštěním
c:\windows\ServicePackFiles\i386\wscntfy.exe
a-squared 4.5.0.50 2010.03.20 -
AhnLab-V3 5.0.0.2 2010.03.19 -
AntiVir 8.2.1.196 2010.03.19 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.19 -
Avast 4.8.1351.0 2010.03.19 -
Avast5 5.0.332.0 2010.03.19 -
AVG 9.0.0.787 2010.03.20 -
BitDefender 7.2 2010.03.20 -
CAT-QuickHeal 10.00 2010.03.19 -
ClamAV 0.96.0.0-git 2010.03.20 -
Comodo 4327 2010.03.20 -
DrWeb 5.0.1.12222 2010.03.20 -
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 -
F-Prot 4.5.1.85 2010.03.19 -
F-Secure 9.0.15370.0 2010.03.20 -
Fortinet 4.0.14.0 2010.03.19 -
GData 19 2010.03.20 -
Ikarus T3.1.1.80.0 2010.03.20 -
Jiangmin 13.0.900 2010.03.20 -
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.20 -
McAfee 5925 2010.03.19 -
McAfee+Artemis 5925 2010.03.19 -
McAfee-GW-Edition 6.8.5 2010.03.19 Heuristic.LooksLike.Win32.Suspicious.L!85
Microsoft 1.5605 2010.03.20 -
NOD32 4959 2010.03.19 -
Norman 6.04.09 2010.03.20 -
nProtect 2009.1.8.0 2010.03.20 -
Panda 10.0.2.2 2010.03.19 -
PCTools 7.0.3.5 2010.03.20 -
Prevx 3.0 2010.03.20 -
Rising 22.39.05.02 2010.03.20 -
Sophos 4.51.0 2010.03.20 -
Sunbelt 5983 2010.03.20 -
Symantec 20091.2.0.41 2010.03.20 Suspicious.Insight
TheHacker 6.5.2.0.241 2010.03.20 -
TrendMicro 9.120.0.1004 2010.03.20 -
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 -
VirusBuster 5.0.27.0 2010.03.19 -
Rozšiřující informace
File size: 13824 bytes
MD5...: a66ef4d3aa0933e50855c004be798df2
SHA1..: 9c4e28f3cfb631e548a38ace81b81d5723e29395
SHA256: ad50e80d29d4a74402f26e616828b5419b6b72e1601810df03e537bbbc948081
ssdeep: 192:Jr5IF8NbUW94QtMXREaELt2y1PT6zu7R3bolyk+gahQQMnvLAIguynlmsWT1
PWVc:x5K8NQWzk5ELt7P/hkQqLde7WT1PWS
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x27f2
timedatestamp.....: 0x48025335 (Sun Apr 13 18:38:45 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x27e0 0x2800 6.16 d73a3e994817e0cf7224808da4455c42
.data 0x4000 0x6c 0x200 0.62 a46ea3afddd245a4720f45eb859ddfbf
.rsrc 0x5000 0x6800 0x800 3.99 98ba1bbfda46d37793d588959529ce08
( 5 imports )
> msvcrt.dll: __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, _wcmdln, exit, _cexit, _XcptFilter, _exit, _c_exit
> KERNEL32.dll: GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetUserDefaultUILanguage, GetLocaleInfoW, CreateProcessW, GetProcessHeap, HeapFree, HeapAlloc, LoadLibraryExW, GetStartupInfoW, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetLastError, CreateMutexW, CloseHandle, FormatMessageW, CreateEventW, GetCurrentProcessId
> USER32.dll: PeekMessageW, DispatchMessageW, MsgWaitForMultipleObjects, RegisterWindowMessageW, LoadStringW, LoadImageW, PostQuitMessage, PostMessageW, DestroyMenu, TrackPopupMenu, SetMenuDefaultItem, SetMenuItemInfoW, AppendMenuW, CreatePopupMenu, SetForegroundWindow, GetCursorPos, DefWindowProcW, CreateWindowExW, LoadCursorW, LoadIconW, ShowWindow, RegisterClassExW
> SHELL32.dll: SHGetFolderPathW, ShellExecuteW, Shell_NotifyIconW
> RPCRT4.dll: RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcBindingFree, RpcSsDestroyClientContext, NdrClientCall2, RpcStringFreeW
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Security Center Notification App
original name: wscntfy.exe
internal name: wscntfy.exe
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
c:\windows\system32\wscntfy.exe
a-squared 4.5.0.50 2010.03.20 -
AhnLab-V3 5.0.0.2 2010.03.19 -
AntiVir 8.2.1.196 2010.03.19 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.19 -
Avast 4.8.1351.0 2010.03.19 -
Avast5 5.0.332.0 2010.03.19 -
AVG 9.0.0.787 2010.03.20 -
BitDefender 7.2 2010.03.20 -
CAT-QuickHeal 10.00 2010.03.19 -
ClamAV 0.96.0.0-git 2010.03.20 -
Comodo 4327 2010.03.20 -
DrWeb 5.0.1.12222 2010.03.20 -
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 -
F-Prot 4.5.1.85 2010.03.19 -
F-Secure 9.0.15370.0 2010.03.20 -
Fortinet 4.0.14.0 2010.03.19 -
GData 19 2010.03.20 -
Ikarus T3.1.1.80.0 2010.03.20 -
Jiangmin 13.0.900 2010.03.20 -
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.20 -
McAfee 5925 2010.03.19 -
McAfee+Artemis 5925 2010.03.19 -
McAfee-GW-Edition 6.8.5 2010.03.19 Heuristic.LooksLike.Win32.Suspicious.L!85
Microsoft 1.5605 2010.03.20 -
NOD32 4959 2010.03.19 -
Norman 6.04.09 2010.03.20 -
nProtect 2009.1.8.0 2010.03.20 -
Panda 10.0.2.2 2010.03.19 -
PCTools 7.0.3.5 2010.03.20 -
Prevx 3.0 2010.03.20 -
Rising 22.39.05.02 2010.03.20 -
Sophos 4.51.0 2010.03.20 -
Sunbelt 5983 2010.03.20 -
Symantec 20091.2.0.41 2010.03.20 Suspicious.Insight
TheHacker 6.5.2.0.241 2010.03.20 -
TrendMicro 9.120.0.1004 2010.03.20 -
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 -
VirusBuster 5.0.27.0 2010.03.19 -
Rozšiřující informace
File size: 13824 bytes
MD5...: a66ef4d3aa0933e50855c004be798df2
SHA1..: 9c4e28f3cfb631e548a38ace81b81d5723e29395
SHA256: ad50e80d29d4a74402f26e616828b5419b6b72e1601810df03e537bbbc948081
ssdeep: 192:Jr5IF8NbUW94QtMXREaELt2y1PT6zu7R3bolyk+gahQQMnvLAIguynlmsWT1
PWVc:x5K8NQWzk5ELt7P/hkQqLde7WT1PWS
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x27f2
timedatestamp.....: 0x48025335 (Sun Apr 13 18:38:45 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x27e0 0x2800 6.16 d73a3e994817e0cf7224808da4455c42
.data 0x4000 0x6c 0x200 0.62 a46ea3afddd245a4720f45eb859ddfbf
.rsrc 0x5000 0x6800 0x800 3.99 98ba1bbfda46d37793d588959529ce08
( 5 imports )
> msvcrt.dll: __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, _wcmdln, exit, _cexit, _XcptFilter, _exit, _c_exit
> KERNEL32.dll: GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetUserDefaultUILanguage, GetLocaleInfoW, CreateProcessW, GetProcessHeap, HeapFree, HeapAlloc, LoadLibraryExW, GetStartupInfoW, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetLastError, CreateMutexW, CloseHandle, FormatMessageW, CreateEventW, GetCurrentProcessId
> USER32.dll: PeekMessageW, DispatchMessageW, MsgWaitForMultipleObjects, RegisterWindowMessageW, LoadStringW, LoadImageW, PostQuitMessage, PostMessageW, DestroyMenu, TrackPopupMenu, SetMenuDefaultItem, SetMenuItemInfoW, AppendMenuW, CreatePopupMenu, SetForegroundWindow, GetCursorPos, DefWindowProcW, CreateWindowExW, LoadCursorW, LoadIconW, ShowWindow, RegisterClassExW
> SHELL32.dll: SHGetFolderPathW, ShellExecuteW, Shell_NotifyIconW
> RPCRT4.dll: RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcBindingFree, RpcSsDestroyClientContext, NdrClientCall2, RpcStringFreeW
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Security Center Notification App
original name: wscntfy.exe
internal name: wscntfy.exe
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
a-squared 4.5.0.50 2010.03.20 -
AhnLab-V3 5.0.0.2 2010.03.19 -
AntiVir 8.2.1.196 2010.03.19 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.19 -
Avast 4.8.1351.0 2010.03.19 -
Avast5 5.0.332.0 2010.03.19 -
AVG 9.0.0.787 2010.03.20 -
BitDefender 7.2 2010.03.20 -
CAT-QuickHeal 10.00 2010.03.19 -
ClamAV 0.96.0.0-git 2010.03.20 -
Comodo 4327 2010.03.20 -
DrWeb 5.0.1.12222 2010.03.20 -
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 -
F-Prot 4.5.1.85 2010.03.19 -
F-Secure 9.0.15370.0 2010.03.20 -
Fortinet 4.0.14.0 2010.03.19 -
GData 19 2010.03.20 -
Ikarus T3.1.1.80.0 2010.03.20 -
Jiangmin 13.0.900 2010.03.20 -
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.20 -
McAfee 5925 2010.03.19 -
McAfee+Artemis 5925 2010.03.19 -
McAfee-GW-Edition 6.8.5 2010.03.19 Heuristic.LooksLike.Win32.Suspicious.L!85
Microsoft 1.5605 2010.03.20 -
NOD32 4959 2010.03.19 -
Norman 6.04.09 2010.03.20 -
nProtect 2009.1.8.0 2010.03.20 -
Panda 10.0.2.2 2010.03.19 -
PCTools 7.0.3.5 2010.03.20 -
Prevx 3.0 2010.03.20 -
Rising 22.39.05.02 2010.03.20 -
Sophos 4.51.0 2010.03.20 -
Sunbelt 5983 2010.03.20 -
Symantec 20091.2.0.41 2010.03.20 Suspicious.Insight
TheHacker 6.5.2.0.241 2010.03.20 -
TrendMicro 9.120.0.1004 2010.03.20 -
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 -
VirusBuster 5.0.27.0 2010.03.19 -
Rozšiřující informace
File size: 13824 bytes
MD5...: a66ef4d3aa0933e50855c004be798df2
SHA1..: 9c4e28f3cfb631e548a38ace81b81d5723e29395
SHA256: ad50e80d29d4a74402f26e616828b5419b6b72e1601810df03e537bbbc948081
ssdeep: 192:Jr5IF8NbUW94QtMXREaELt2y1PT6zu7R3bolyk+gahQQMnvLAIguynlmsWT1
PWVc:x5K8NQWzk5ELt7P/hkQqLde7WT1PWS
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x27f2
timedatestamp.....: 0x48025335 (Sun Apr 13 18:38:45 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x27e0 0x2800 6.16 d73a3e994817e0cf7224808da4455c42
.data 0x4000 0x6c 0x200 0.62 a46ea3afddd245a4720f45eb859ddfbf
.rsrc 0x5000 0x6800 0x800 3.99 98ba1bbfda46d37793d588959529ce08
( 5 imports )
> msvcrt.dll: __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, _wcmdln, exit, _cexit, _XcptFilter, _exit, _c_exit
> KERNEL32.dll: GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetUserDefaultUILanguage, GetLocaleInfoW, CreateProcessW, GetProcessHeap, HeapFree, HeapAlloc, LoadLibraryExW, GetStartupInfoW, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetLastError, CreateMutexW, CloseHandle, FormatMessageW, CreateEventW, GetCurrentProcessId
> USER32.dll: PeekMessageW, DispatchMessageW, MsgWaitForMultipleObjects, RegisterWindowMessageW, LoadStringW, LoadImageW, PostQuitMessage, PostMessageW, DestroyMenu, TrackPopupMenu, SetMenuDefaultItem, SetMenuItemInfoW, AppendMenuW, CreatePopupMenu, SetForegroundWindow, GetCursorPos, DefWindowProcW, CreateWindowExW, LoadCursorW, LoadIconW, ShowWindow, RegisterClassExW
> SHELL32.dll: SHGetFolderPathW, ShellExecuteW, Shell_NotifyIconW
> RPCRT4.dll: RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcBindingFree, RpcSsDestroyClientContext, NdrClientCall2, RpcStringFreeW
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Security Center Notification App
original name: wscntfy.exe
internal name: wscntfy.exe
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
c:\windows\system32\wscntfy.exe
a-squared 4.5.0.50 2010.03.20 -
AhnLab-V3 5.0.0.2 2010.03.19 -
AntiVir 8.2.1.196 2010.03.19 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.19 -
Avast 4.8.1351.0 2010.03.19 -
Avast5 5.0.332.0 2010.03.19 -
AVG 9.0.0.787 2010.03.20 -
BitDefender 7.2 2010.03.20 -
CAT-QuickHeal 10.00 2010.03.19 -
ClamAV 0.96.0.0-git 2010.03.20 -
Comodo 4327 2010.03.20 -
DrWeb 5.0.1.12222 2010.03.20 -
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 -
F-Prot 4.5.1.85 2010.03.19 -
F-Secure 9.0.15370.0 2010.03.20 -
Fortinet 4.0.14.0 2010.03.19 -
GData 19 2010.03.20 -
Ikarus T3.1.1.80.0 2010.03.20 -
Jiangmin 13.0.900 2010.03.20 -
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.20 -
McAfee 5925 2010.03.19 -
McAfee+Artemis 5925 2010.03.19 -
McAfee-GW-Edition 6.8.5 2010.03.19 Heuristic.LooksLike.Win32.Suspicious.L!85
Microsoft 1.5605 2010.03.20 -
NOD32 4959 2010.03.19 -
Norman 6.04.09 2010.03.20 -
nProtect 2009.1.8.0 2010.03.20 -
Panda 10.0.2.2 2010.03.19 -
PCTools 7.0.3.5 2010.03.20 -
Prevx 3.0 2010.03.20 -
Rising 22.39.05.02 2010.03.20 -
Sophos 4.51.0 2010.03.20 -
Sunbelt 5983 2010.03.20 -
Symantec 20091.2.0.41 2010.03.20 Suspicious.Insight
TheHacker 6.5.2.0.241 2010.03.20 -
TrendMicro 9.120.0.1004 2010.03.20 -
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 -
VirusBuster 5.0.27.0 2010.03.19 -
Rozšiřující informace
File size: 13824 bytes
MD5...: a66ef4d3aa0933e50855c004be798df2
SHA1..: 9c4e28f3cfb631e548a38ace81b81d5723e29395
SHA256: ad50e80d29d4a74402f26e616828b5419b6b72e1601810df03e537bbbc948081
ssdeep: 192:Jr5IF8NbUW94QtMXREaELt2y1PT6zu7R3bolyk+gahQQMnvLAIguynlmsWT1
PWVc:x5K8NQWzk5ELt7P/hkQqLde7WT1PWS
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x27f2
timedatestamp.....: 0x48025335 (Sun Apr 13 18:38:45 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x27e0 0x2800 6.16 d73a3e994817e0cf7224808da4455c42
.data 0x4000 0x6c 0x200 0.62 a46ea3afddd245a4720f45eb859ddfbf
.rsrc 0x5000 0x6800 0x800 3.99 98ba1bbfda46d37793d588959529ce08
( 5 imports )
> msvcrt.dll: __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, _wcmdln, exit, _cexit, _XcptFilter, _exit, _c_exit
> KERNEL32.dll: GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetUserDefaultUILanguage, GetLocaleInfoW, CreateProcessW, GetProcessHeap, HeapFree, HeapAlloc, LoadLibraryExW, GetStartupInfoW, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetLastError, CreateMutexW, CloseHandle, FormatMessageW, CreateEventW, GetCurrentProcessId
> USER32.dll: PeekMessageW, DispatchMessageW, MsgWaitForMultipleObjects, RegisterWindowMessageW, LoadStringW, LoadImageW, PostQuitMessage, PostMessageW, DestroyMenu, TrackPopupMenu, SetMenuDefaultItem, SetMenuItemInfoW, AppendMenuW, CreatePopupMenu, SetForegroundWindow, GetCursorPos, DefWindowProcW, CreateWindowExW, LoadCursorW, LoadIconW, ShowWindow, RegisterClassExW
> SHELL32.dll: SHGetFolderPathW, ShellExecuteW, Shell_NotifyIconW
> RPCRT4.dll: RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcBindingFree, RpcSsDestroyClientContext, NdrClientCall2, RpcStringFreeW
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Security Center Notification App
original name: wscntfy.exe
internal name: wscntfy.exe
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Re: Problémy se spouštěním
potřebujete to včetně těchto rozšiřujících informací, nebo vám stačí pouze ten základní článek?
Re: Problémy se spouštěním
c:\windows\ServicePackFiles\i386\ctfmon.exe
a-squared 4.5.0.50 2010.03.20 -
AhnLab-V3 5.0.0.2 2010.03.19 -
AntiVir 8.2.1.196 2010.03.19 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.19 -
Avast 4.8.1351.0 2010.03.19 -
Avast5 5.0.332.0 2010.03.19 -
AVG 9.0.0.787 2010.03.20 -
BitDefender 7.2 2010.03.20 -
CAT-QuickHeal 10.00 2010.03.19 -
ClamAV 0.96.0.0-git 2010.03.20 -
Comodo 4327 2010.03.20 -
DrWeb 5.0.1.12222 2010.03.20 -
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 -
F-Prot 4.5.1.85 2010.03.19 -
F-Secure 9.0.15370.0 2010.03.20 -
Fortinet 4.0.14.0 2010.03.19 -
GData 19 2010.03.20 -
Ikarus T3.1.1.80.0 2010.03.20 -
Jiangmin 13.0.900 2010.03.20 -
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.20 -
McAfee 5925 2010.03.19 -
McAfee+Artemis 5925 2010.03.19 -
McAfee-GW-Edition 6.8.5 2010.03.19 Heuristic.LooksLike.Win32.Suspicious.H!85
Microsoft 1.5605 2010.03.20 -
NOD32 4959 2010.03.19 -
Norman 6.04.09 2010.03.20 -
nProtect 2009.1.8.0 2010.03.20 -
Panda 10.0.2.2 2010.03.19 -
PCTools 7.0.3.5 2010.03.20 -
Prevx 3.0 2010.03.20 -
Rising 22.39.05.02 2010.03.20 -
Sophos 4.51.0 2010.03.20 -
Sunbelt 5983 2010.03.20 -
Symantec 20091.2.0.41 2010.03.20 Suspicious.Insight
TheHacker 6.5.2.0.241 2010.03.20 -
TrendMicro 9.120.0.1004 2010.03.20 -
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 -
VirusBuster 5.0.27.0 2010.03.19 -
Rozšiřující informace
File size: 15360 bytes
MD5...: 83424c25fce4bac686f455668932eaf8
SHA1..: a8f06c0a870066be3a9a061afd58789d6c6d202c
SHA256: 990851a4813645bdb3bdc17f8fa502ce11824fc5425c5841b68f21afd14cc301
ssdeep: 192:WXGoc4F/MNhlYWpjZ+o7NpO7MIl8SVPTI7mW7rOi7oLG9lMnjmxAITljrUFE
3WDz:l1Eo7NY8MPTIaW7/lumxlJlWDlgW
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2e35
timedatestamp.....: 0x48025356 (Sun Apr 13 18:39:18 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2ab8 0x2c00 6.75 e75b135f5a4371885978065ff0db96d6
.data 0x4000 0x210 0x200 1.07 bd8c5cd346a9f53dc0dbc69260ab2240
.rsrc 0x5000 0x6a00 0xa00 3.85 421ca88053c2138f828a915f2a95d754
( 6 imports )
> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit
> ADVAPI32.dll: RegDeleteValueA, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegCreateKeyA, RegCreateKeyExA
> KERNEL32.dll: lstrcpynA, lstrlenA, GetSystemDirectoryA, GetSystemWindowsDirectoryA, GetVersionExA, GetACP, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LocalFree, CloseHandle, ResetEvent, OpenEventA, CreateProcessA, lstrcatA, GetSystemInfo, lstrcmpiA, FreeLibrary, LoadLibraryA, CreateEventA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, LocalAlloc, GetProcAddress
> USER32.dll: EnumWindows, GetClassNameA, FindWindowA, PostMessageA, SetTimer, KillTimer, MsgWaitForMultipleObjects, PeekMessageA, TranslateMessage, DispatchMessageA, GetMessageA, SetWindowPos, LoadCursorA, RegisterClassExA, DefWindowProcA, PostQuitMessage, CreateWindowExA, GetSystemMetrics
> MSCTF.dll: TF_InitSystem, TF_GetGlobalCompartment, TF_InvalidAssemblyListCacheIfExist, TF_InvalidAssemblyListCache, TF_PostAllThreadMsg, TF_CreateCicLoadMutex, TF_UninitSystem
> MSUTB.dll: ClosePopupTipbar, GetPopupTipbar
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: CTF Loader
original name: CTFMON.EXE
internal name: CTFMON
file version.: 5.1.2600.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
c:\windows\system32\ctfmon.exe
a-squared 4.5.0.50 2010.03.20 -
AhnLab-V3 5.0.0.2 2010.03.19 -
AntiVir 8.2.1.196 2010.03.19 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.19 -
Avast 4.8.1351.0 2010.03.19 -
Avast5 5.0.332.0 2010.03.19 -
AVG 9.0.0.787 2010.03.20 -
BitDefender 7.2 2010.03.20 -
CAT-QuickHeal 10.00 2010.03.19 -
ClamAV 0.96.0.0-git 2010.03.20 -
Comodo 4327 2010.03.20 -
DrWeb 5.0.1.12222 2010.03.20 -
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 -
F-Prot 4.5.1.85 2010.03.19 -
F-Secure 9.0.15370.0 2010.03.20 -
Fortinet 4.0.14.0 2010.03.19 -
GData 19 2010.03.20 -
Ikarus T3.1.1.80.0 2010.03.20 -
Jiangmin 13.0.900 2010.03.20 -
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.20 -
McAfee 5925 2010.03.19 -
McAfee+Artemis 5925 2010.03.19 -
McAfee-GW-Edition 6.8.5 2010.03.19 Heuristic.LooksLike.Win32.Suspicious.H!85
Microsoft 1.5605 2010.03.20 -
NOD32 4959 2010.03.19 -
Norman 6.04.09 2010.03.20 -
nProtect 2009.1.8.0 2010.03.20 -
Panda 10.0.2.2 2010.03.19 -
PCTools 7.0.3.5 2010.03.20 -
Prevx 3.0 2010.03.20 -
Rising 22.39.05.02 2010.03.20 -
Sophos 4.51.0 2010.03.20 -
Sunbelt 5983 2010.03.20 -
Symantec 20091.2.0.41 2010.03.20 Suspicious.Insight
TheHacker 6.5.2.0.241 2010.03.20 -
TrendMicro 9.120.0.1004 2010.03.20 -
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 -
VirusBuster 5.0.27.0 2010.03.19 -
Rozšiřující informace
File size: 15360 bytes
MD5...: 83424c25fce4bac686f455668932eaf8
SHA1..: a8f06c0a870066be3a9a061afd58789d6c6d202c
SHA256: 990851a4813645bdb3bdc17f8fa502ce11824fc5425c5841b68f21afd14cc301
ssdeep: 192:WXGoc4F/MNhlYWpjZ+o7NpO7MIl8SVPTI7mW7rOi7oLG9lMnjmxAITljrUFE
3WDz:l1Eo7NY8MPTIaW7/lumxlJlWDlgW
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2e35
timedatestamp.....: 0x48025356 (Sun Apr 13 18:39:18 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2ab8 0x2c00 6.75 e75b135f5a4371885978065ff0db96d6
.data 0x4000 0x210 0x200 1.07 bd8c5cd346a9f53dc0dbc69260ab2240
.rsrc 0x5000 0x6a00 0xa00 3.85 421ca88053c2138f828a915f2a95d754
( 6 imports )
> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit
> ADVAPI32.dll: RegDeleteValueA, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegCreateKeyA, RegCreateKeyExA
> KERNEL32.dll: lstrcpynA, lstrlenA, GetSystemDirectoryA, GetSystemWindowsDirectoryA, GetVersionExA, GetACP, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LocalFree, CloseHandle, ResetEvent, OpenEventA, CreateProcessA, lstrcatA, GetSystemInfo, lstrcmpiA, FreeLibrary, LoadLibraryA, CreateEventA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, LocalAlloc, GetProcAddress
> USER32.dll: EnumWindows, GetClassNameA, FindWindowA, PostMessageA, SetTimer, KillTimer, MsgWaitForMultipleObjects, PeekMessageA, TranslateMessage, DispatchMessageA, GetMessageA, SetWindowPos, LoadCursorA, RegisterClassExA, DefWindowProcA, PostQuitMessage, CreateWindowExA, GetSystemMetrics
> MSCTF.dll: TF_InitSystem, TF_GetGlobalCompartment, TF_InvalidAssemblyListCacheIfExist, TF_InvalidAssemblyListCache, TF_PostAllThreadMsg, TF_CreateCicLoadMutex, TF_UninitSystem
> MSUTB.dll: ClosePopupTipbar, GetPopupTipbar
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: CTF Loader
original name: CTFMON.EXE
internal name: CTFMON
file version.: 5.1.2600.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
c:\windows\system32\drivers\SSHDRV86.sys
a-squared 4.5.0.50 2010.03.20 -
AhnLab-V3 5.0.0.2 2010.03.19 -
AntiVir 8.2.1.196 2010.03.19 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.19 -
Avast 4.8.1351.0 2010.03.19 -
Avast5 5.0.332.0 2010.03.19 -
AVG 9.0.0.787 2010.03.20 -
BitDefender 7.2 2010.03.20 -
CAT-QuickHeal 10.00 2010.03.19 -
ClamAV 0.96.0.0-git 2010.03.20 -
Comodo 4327 2010.03.20 Heur.Pck.PKLITE32
DrWeb 5.0.1.12222 2010.03.20 -
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 -
F-Prot 4.5.1.85 2010.03.19 -
F-Secure 9.0.15370.0 2010.03.20 -
Fortinet 4.0.14.0 2010.03.19 -
GData 19 2010.03.20 -
Ikarus T3.1.1.80.0 2010.03.20 -
Jiangmin 13.0.900 2010.03.20 -
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.20 -
McAfee 5925 2010.03.19 -
McAfee+Artemis 5925 2010.03.19 -
McAfee-GW-Edition 6.8.5 2010.03.19 -
Microsoft 1.5605 2010.03.20 -
NOD32 4959 2010.03.19 -
Norman 6.04.09 2010.03.20 -
nProtect 2009.1.8.0 2010.03.20 -
Panda 10.0.2.2 2010.03.19 -
PCTools 7.0.3.5 2010.03.20 -
Prevx 3.0 2010.03.20 -
Rising 22.39.05.02 2010.03.20 -
Sophos 4.51.0 2010.03.20 -
Sunbelt 5983 2010.03.20 -
Symantec 20091.2.0.41 2010.03.20 -
TheHacker 6.5.2.0.241 2010.03.20 -
TrendMicro 9.120.0.1004 2010.03.20 -
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 -
VirusBuster 5.0.27.0 2010.03.19 -
Rozšiřující informace
File size: 81408 bytes
MD5...: b9e31f2a3640403b0ea3a867bb73b9f4
SHA1..: d6d606be85f897790bf2f13ab9db7a51429958fa
SHA256: 7eae59382fcffdb139cc59fa1a0a659e1ac27464a33341d6766d75f4e8d18a4d
ssdeep: 1536:YOKWjAjdwRdkt8PhvXfhyz7ZIfsaY523djFHq:YOKWecktuO7ZIbH
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x36000
timedatestamp.....: 0x41736c52 (Mon Oct 18 07:10:10 2004)
machinetype.......: 0x14c (I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x26354 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x28000 0x2d4 0x400 3.49 06820b8b5b4d37e5b273eb0d9b870211
.data 0x29000 0x293c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
INIT 0x2c000 0x554 0x600 5.03 7d81bac3d651bb0ceac9bcf5f21daafa
.rsrc 0x2d000 0x370 0x400 2.92 e1c303c504e58ea49792c963a227d6c4
.delete 0x2e000 0x7e1e 0x200 6.20 60d1c6d18f040fc8b48101d7c80bd818
.pklstb 0x36000 0x16600 0x12800 7.69 2ecef4a5d481c89887422b2038059685
.relo2 0x4d000 0x8e 0x200 1.94 b51b43e6dabe36be226c4ac3ecd68758
( 2 imports )
> ntoskrnl.exe: ObfDereferenceObject, KeSetEvent, IofCompleteRequest, IoCreateSymbolicLink, IoDeleteDevice, IoDeleteSymbolicLink, PsGetCurrentProcessId, KeSetAffinityThread, RtlInitUnicodeString, IoGetDeviceObjectPointer, IoFreeIrp, IoGetAttachedDevice, RtlFreeUnicodeString, KeInitializeEvent, IoBuildSynchronousFsdRequest, KeWaitForSingleObject, ExAllocatePool, IoAllocateIrp, IofCallDriver, MmUnlockPages, IoFreeMdl, ExFreePool, RtlAnsiStringToUnicodeString, RtlInitString, IoCreateDevice, ZwClose, ExQueueWorkItem, ExAllocatePoolWithTag, memmove, ExReleaseResourceLite, IoDetachDevice, ExAcquireResourceExclusiveLite, wcslen, ZwQueryObject, tolower, ZwQueryInformationFile, _except_handler3, KdDebuggerEnabled, toupper, MmIsAddressValid, strrchr, KeGetCurrentThread, ExDeleteResourceLite, IoAttachDeviceByPointer, IoGetRelatedDeviceObject, ObReferenceObjectByHandle, ExInitializeResourceLite, PsGetVersion, ZwQuerySystemInformation, KeNumberProcessors, ZwCreateFile
> HAL.dll: KfLowerIrql, KfRaiseIrql
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): PKLite32
sigcheck:
publisher....: n/a
copyright....: Copyright (C) Dipl. Inform. Henrik Nordhaus
product......: ProtectCD
description..: Direct Port Access - Helper Driver
original name: nthwio.sys
internal name: Hardware I/O Control Driver
file version.: 86, 0, 0, 1128
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): PKLite32
a-squared 4.5.0.50 2010.03.20 -
AhnLab-V3 5.0.0.2 2010.03.19 -
AntiVir 8.2.1.196 2010.03.19 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.19 -
Avast 4.8.1351.0 2010.03.19 -
Avast5 5.0.332.0 2010.03.19 -
AVG 9.0.0.787 2010.03.20 -
BitDefender 7.2 2010.03.20 -
CAT-QuickHeal 10.00 2010.03.19 -
ClamAV 0.96.0.0-git 2010.03.20 -
Comodo 4327 2010.03.20 -
DrWeb 5.0.1.12222 2010.03.20 -
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 -
F-Prot 4.5.1.85 2010.03.19 -
F-Secure 9.0.15370.0 2010.03.20 -
Fortinet 4.0.14.0 2010.03.19 -
GData 19 2010.03.20 -
Ikarus T3.1.1.80.0 2010.03.20 -
Jiangmin 13.0.900 2010.03.20 -
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.20 -
McAfee 5925 2010.03.19 -
McAfee+Artemis 5925 2010.03.19 -
McAfee-GW-Edition 6.8.5 2010.03.19 Heuristic.LooksLike.Win32.Suspicious.H!85
Microsoft 1.5605 2010.03.20 -
NOD32 4959 2010.03.19 -
Norman 6.04.09 2010.03.20 -
nProtect 2009.1.8.0 2010.03.20 -
Panda 10.0.2.2 2010.03.19 -
PCTools 7.0.3.5 2010.03.20 -
Prevx 3.0 2010.03.20 -
Rising 22.39.05.02 2010.03.20 -
Sophos 4.51.0 2010.03.20 -
Sunbelt 5983 2010.03.20 -
Symantec 20091.2.0.41 2010.03.20 Suspicious.Insight
TheHacker 6.5.2.0.241 2010.03.20 -
TrendMicro 9.120.0.1004 2010.03.20 -
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 -
VirusBuster 5.0.27.0 2010.03.19 -
Rozšiřující informace
File size: 15360 bytes
MD5...: 83424c25fce4bac686f455668932eaf8
SHA1..: a8f06c0a870066be3a9a061afd58789d6c6d202c
SHA256: 990851a4813645bdb3bdc17f8fa502ce11824fc5425c5841b68f21afd14cc301
ssdeep: 192:WXGoc4F/MNhlYWpjZ+o7NpO7MIl8SVPTI7mW7rOi7oLG9lMnjmxAITljrUFE
3WDz:l1Eo7NY8MPTIaW7/lumxlJlWDlgW
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2e35
timedatestamp.....: 0x48025356 (Sun Apr 13 18:39:18 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2ab8 0x2c00 6.75 e75b135f5a4371885978065ff0db96d6
.data 0x4000 0x210 0x200 1.07 bd8c5cd346a9f53dc0dbc69260ab2240
.rsrc 0x5000 0x6a00 0xa00 3.85 421ca88053c2138f828a915f2a95d754
( 6 imports )
> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit
> ADVAPI32.dll: RegDeleteValueA, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegCreateKeyA, RegCreateKeyExA
> KERNEL32.dll: lstrcpynA, lstrlenA, GetSystemDirectoryA, GetSystemWindowsDirectoryA, GetVersionExA, GetACP, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LocalFree, CloseHandle, ResetEvent, OpenEventA, CreateProcessA, lstrcatA, GetSystemInfo, lstrcmpiA, FreeLibrary, LoadLibraryA, CreateEventA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, LocalAlloc, GetProcAddress
> USER32.dll: EnumWindows, GetClassNameA, FindWindowA, PostMessageA, SetTimer, KillTimer, MsgWaitForMultipleObjects, PeekMessageA, TranslateMessage, DispatchMessageA, GetMessageA, SetWindowPos, LoadCursorA, RegisterClassExA, DefWindowProcA, PostQuitMessage, CreateWindowExA, GetSystemMetrics
> MSCTF.dll: TF_InitSystem, TF_GetGlobalCompartment, TF_InvalidAssemblyListCacheIfExist, TF_InvalidAssemblyListCache, TF_PostAllThreadMsg, TF_CreateCicLoadMutex, TF_UninitSystem
> MSUTB.dll: ClosePopupTipbar, GetPopupTipbar
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: CTF Loader
original name: CTFMON.EXE
internal name: CTFMON
file version.: 5.1.2600.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
c:\windows\system32\ctfmon.exe
a-squared 4.5.0.50 2010.03.20 -
AhnLab-V3 5.0.0.2 2010.03.19 -
AntiVir 8.2.1.196 2010.03.19 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.19 -
Avast 4.8.1351.0 2010.03.19 -
Avast5 5.0.332.0 2010.03.19 -
AVG 9.0.0.787 2010.03.20 -
BitDefender 7.2 2010.03.20 -
CAT-QuickHeal 10.00 2010.03.19 -
ClamAV 0.96.0.0-git 2010.03.20 -
Comodo 4327 2010.03.20 -
DrWeb 5.0.1.12222 2010.03.20 -
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 -
F-Prot 4.5.1.85 2010.03.19 -
F-Secure 9.0.15370.0 2010.03.20 -
Fortinet 4.0.14.0 2010.03.19 -
GData 19 2010.03.20 -
Ikarus T3.1.1.80.0 2010.03.20 -
Jiangmin 13.0.900 2010.03.20 -
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.20 -
McAfee 5925 2010.03.19 -
McAfee+Artemis 5925 2010.03.19 -
McAfee-GW-Edition 6.8.5 2010.03.19 Heuristic.LooksLike.Win32.Suspicious.H!85
Microsoft 1.5605 2010.03.20 -
NOD32 4959 2010.03.19 -
Norman 6.04.09 2010.03.20 -
nProtect 2009.1.8.0 2010.03.20 -
Panda 10.0.2.2 2010.03.19 -
PCTools 7.0.3.5 2010.03.20 -
Prevx 3.0 2010.03.20 -
Rising 22.39.05.02 2010.03.20 -
Sophos 4.51.0 2010.03.20 -
Sunbelt 5983 2010.03.20 -
Symantec 20091.2.0.41 2010.03.20 Suspicious.Insight
TheHacker 6.5.2.0.241 2010.03.20 -
TrendMicro 9.120.0.1004 2010.03.20 -
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 -
VirusBuster 5.0.27.0 2010.03.19 -
Rozšiřující informace
File size: 15360 bytes
MD5...: 83424c25fce4bac686f455668932eaf8
SHA1..: a8f06c0a870066be3a9a061afd58789d6c6d202c
SHA256: 990851a4813645bdb3bdc17f8fa502ce11824fc5425c5841b68f21afd14cc301
ssdeep: 192:WXGoc4F/MNhlYWpjZ+o7NpO7MIl8SVPTI7mW7rOi7oLG9lMnjmxAITljrUFE
3WDz:l1Eo7NY8MPTIaW7/lumxlJlWDlgW
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2e35
timedatestamp.....: 0x48025356 (Sun Apr 13 18:39:18 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2ab8 0x2c00 6.75 e75b135f5a4371885978065ff0db96d6
.data 0x4000 0x210 0x200 1.07 bd8c5cd346a9f53dc0dbc69260ab2240
.rsrc 0x5000 0x6a00 0xa00 3.85 421ca88053c2138f828a915f2a95d754
( 6 imports )
> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit
> ADVAPI32.dll: RegDeleteValueA, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegCreateKeyA, RegCreateKeyExA
> KERNEL32.dll: lstrcpynA, lstrlenA, GetSystemDirectoryA, GetSystemWindowsDirectoryA, GetVersionExA, GetACP, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LocalFree, CloseHandle, ResetEvent, OpenEventA, CreateProcessA, lstrcatA, GetSystemInfo, lstrcmpiA, FreeLibrary, LoadLibraryA, CreateEventA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, LocalAlloc, GetProcAddress
> USER32.dll: EnumWindows, GetClassNameA, FindWindowA, PostMessageA, SetTimer, KillTimer, MsgWaitForMultipleObjects, PeekMessageA, TranslateMessage, DispatchMessageA, GetMessageA, SetWindowPos, LoadCursorA, RegisterClassExA, DefWindowProcA, PostQuitMessage, CreateWindowExA, GetSystemMetrics
> MSCTF.dll: TF_InitSystem, TF_GetGlobalCompartment, TF_InvalidAssemblyListCacheIfExist, TF_InvalidAssemblyListCache, TF_PostAllThreadMsg, TF_CreateCicLoadMutex, TF_UninitSystem
> MSUTB.dll: ClosePopupTipbar, GetPopupTipbar
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: CTF Loader
original name: CTFMON.EXE
internal name: CTFMON
file version.: 5.1.2600.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
c:\windows\system32\drivers\SSHDRV86.sys
a-squared 4.5.0.50 2010.03.20 -
AhnLab-V3 5.0.0.2 2010.03.19 -
AntiVir 8.2.1.196 2010.03.19 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.19 -
Avast 4.8.1351.0 2010.03.19 -
Avast5 5.0.332.0 2010.03.19 -
AVG 9.0.0.787 2010.03.20 -
BitDefender 7.2 2010.03.20 -
CAT-QuickHeal 10.00 2010.03.19 -
ClamAV 0.96.0.0-git 2010.03.20 -
Comodo 4327 2010.03.20 Heur.Pck.PKLITE32
DrWeb 5.0.1.12222 2010.03.20 -
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 -
F-Prot 4.5.1.85 2010.03.19 -
F-Secure 9.0.15370.0 2010.03.20 -
Fortinet 4.0.14.0 2010.03.19 -
GData 19 2010.03.20 -
Ikarus T3.1.1.80.0 2010.03.20 -
Jiangmin 13.0.900 2010.03.20 -
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.20 -
McAfee 5925 2010.03.19 -
McAfee+Artemis 5925 2010.03.19 -
McAfee-GW-Edition 6.8.5 2010.03.19 -
Microsoft 1.5605 2010.03.20 -
NOD32 4959 2010.03.19 -
Norman 6.04.09 2010.03.20 -
nProtect 2009.1.8.0 2010.03.20 -
Panda 10.0.2.2 2010.03.19 -
PCTools 7.0.3.5 2010.03.20 -
Prevx 3.0 2010.03.20 -
Rising 22.39.05.02 2010.03.20 -
Sophos 4.51.0 2010.03.20 -
Sunbelt 5983 2010.03.20 -
Symantec 20091.2.0.41 2010.03.20 -
TheHacker 6.5.2.0.241 2010.03.20 -
TrendMicro 9.120.0.1004 2010.03.20 -
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 -
VirusBuster 5.0.27.0 2010.03.19 -
Rozšiřující informace
File size: 81408 bytes
MD5...: b9e31f2a3640403b0ea3a867bb73b9f4
SHA1..: d6d606be85f897790bf2f13ab9db7a51429958fa
SHA256: 7eae59382fcffdb139cc59fa1a0a659e1ac27464a33341d6766d75f4e8d18a4d
ssdeep: 1536:YOKWjAjdwRdkt8PhvXfhyz7ZIfsaY523djFHq:YOKWecktuO7ZIbH
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x36000
timedatestamp.....: 0x41736c52 (Mon Oct 18 07:10:10 2004)
machinetype.......: 0x14c (I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x26354 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x28000 0x2d4 0x400 3.49 06820b8b5b4d37e5b273eb0d9b870211
.data 0x29000 0x293c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
INIT 0x2c000 0x554 0x600 5.03 7d81bac3d651bb0ceac9bcf5f21daafa
.rsrc 0x2d000 0x370 0x400 2.92 e1c303c504e58ea49792c963a227d6c4
.delete 0x2e000 0x7e1e 0x200 6.20 60d1c6d18f040fc8b48101d7c80bd818
.pklstb 0x36000 0x16600 0x12800 7.69 2ecef4a5d481c89887422b2038059685
.relo2 0x4d000 0x8e 0x200 1.94 b51b43e6dabe36be226c4ac3ecd68758
( 2 imports )
> ntoskrnl.exe: ObfDereferenceObject, KeSetEvent, IofCompleteRequest, IoCreateSymbolicLink, IoDeleteDevice, IoDeleteSymbolicLink, PsGetCurrentProcessId, KeSetAffinityThread, RtlInitUnicodeString, IoGetDeviceObjectPointer, IoFreeIrp, IoGetAttachedDevice, RtlFreeUnicodeString, KeInitializeEvent, IoBuildSynchronousFsdRequest, KeWaitForSingleObject, ExAllocatePool, IoAllocateIrp, IofCallDriver, MmUnlockPages, IoFreeMdl, ExFreePool, RtlAnsiStringToUnicodeString, RtlInitString, IoCreateDevice, ZwClose, ExQueueWorkItem, ExAllocatePoolWithTag, memmove, ExReleaseResourceLite, IoDetachDevice, ExAcquireResourceExclusiveLite, wcslen, ZwQueryObject, tolower, ZwQueryInformationFile, _except_handler3, KdDebuggerEnabled, toupper, MmIsAddressValid, strrchr, KeGetCurrentThread, ExDeleteResourceLite, IoAttachDeviceByPointer, IoGetRelatedDeviceObject, ObReferenceObjectByHandle, ExInitializeResourceLite, PsGetVersion, ZwQuerySystemInformation, KeNumberProcessors, ZwCreateFile
> HAL.dll: KfLowerIrql, KfRaiseIrql
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): PKLite32
sigcheck:
publisher....: n/a
copyright....: Copyright (C) Dipl. Inform. Henrik Nordhaus
product......: ProtectCD
description..: Direct Port Access - Helper Driver
original name: nthwio.sys
internal name: Hardware I/O Control Driver
file version.: 86, 0, 0, 1128
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): PKLite32
Re: Problémy se spouštěním
Jeste ohledne HDTune -
Stahnete GMER , rozbalte a spustte
probehne sken, po jehoz ukonceni na vas vyskoci vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu
absolvujte druhy sken a opet obsah logu sem.
Taktez resume zalozky Status.
Stahnete GMER , rozbalte a spustteprobehne sken, po jehoz ukonceni na vas vyskoci vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu
absolvujte druhy sken a opet obsah logu sem.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Přispějete na provoz fóra?