NOD 32 mě blokuje neznámé adresy

[Sephontaine]

NOD 32 mě blokuje neznámé adresy (např. zl091Knb44.com a takové podobné). Došlo ke spomalení PC a také všechny prohlížeče (Firefox, IE, OPERA) při kliknutí na odkaz směřující na novou stránku způsobí otevření několika prázdných oken. Nod našel nějaké viry typu Trojan ale tento problém (otevírání oken a neustálé blokování stránek se nevyřešil).
Prosím o kontrolu logu. Děkuji

Logfile of random's system information tool 1.07 (written by random/random)
Run by MAT at 2010-06-25 16:16:03
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 33 GB (33%) free of 100 GB
Total RAM: 2047 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:16:14, on 25.6.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\VoIP Gateway\CmSkype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\WINDOWS\system32\CNOServerLauncher.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\CPU Status\CPUStatus.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\mspaint.exe
C:\totalcmd\TOTALCMD.EXE
C:\server\SIS21WIN.09\SIS21.EXE
C:\SERVER\SIS21WIN.09\POKLADNA.EXE
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Vyřešení problému s viry\RSIT.exe
C:\Program Files\trend micro\MAT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.starmicronics.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.1\toolbars\ZENDIE~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [CmSkype0d8c0010] "C:\Program Files\VoIP Gateway\CmSkype.exe" RUNSTART
O4 - HKLM\..\Run: [WinSubst] C:\Program Files\WorkSoft\WinSubst\winsubst.exe -r
O4 - HKLM\..\Run: [EasyReminder] C:\Program Files\EasyReminder\EasyReminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [CnOServerLauncher] CNOServerLauncher.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EssentialPIM] "C:\Program Files\EssentialPIM\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [POV] C:\Program Files\IPEVO\POV\POV.exe -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CPU Status.lnk = C:\Program Files\CPU Status\CPUStatus.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: ScreenHunter 5.1 Free.lnk = C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
O4 - Startup: Seagate 2GE4WXH8 Product Registration.lnk = ?
O4 - Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O4 - Global Startup: EIZO ScreenSlicer.lnk = ?
O4 - Global Startup: ImageFox.lnk = ?

[Sephontaine]

O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

[motji]

Hezké odpoledne

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe



- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[Sephontaine]

Děkuji.
Omlouvám se. Nepodařilo se mě zatím nahrát celý výpis RSIT. Stále vypadává spojení se serverem a nedá se celý výpis uložit Takže nevím jestli combofix mohu spustit?
Snažím se nahrát celý výpis ale zatím se nedaří.

Zde je celý log z RSI: http://www.mat-nabytkova-dvirka.cz/log-RSI.txt

[Sephontaine]

ComboFix 10-06-24.03 - MAT 25.06.2010 19:26:57.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1381 [GMT 2:00]
Spuštěný z: c:\documents and settings\MAT\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MAT\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\MAT\Data aplikací\Microsoft\profile.dat
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlservice.exe
c:\windows\d.ini
c:\windows\Fonts\'
c:\windows\system32\libmysql41.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
M:\autorun.inf

Nakažená kopie c:\windows\system32\drivers\tcpip.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-05-25 do 2010-06-25 )))))))))))))))))))))))))))))))
.

2010-06-25 12:34 . 2010-06-25 16:46 -------- d-----w- c:\program files\trend micro
2010-06-25 12:34 . 2010-06-25 16:47 -------- d-----w- C:\rsit
2010-06-25 12:25 . 2010-06-25 12:25 -------- d-----w- C:\hijackthis
2010-06-25 07:00 . 2008-10-31 05:09 270888 ----a-w- c:\windows\system32\drivers\SbFw.sys
2010-06-25 07:00 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-06-25 07:00 . 2010-06-25 07:00 -------- d-----w- c:\program files\Sunbelt Software
2010-06-24 11:54 . 2010-06-24 11:54 147456 ----a-w- c:\windows\system32\vbzip10.dll
2010-06-24 10:00 . 2010-06-25 07:42 -------- d-----w- c:\documents and settings\MAT\Incomplete
2010-06-24 06:58 . 2010-06-24 06:58 -------- d-----w- c:\documents and settings\MAT\.spamassassin
2010-06-24 06:58 . 2010-06-24 06:58 -------- d-----w- c:\documents and settings\MAT\.razor
2010-06-24 06:31 . 2010-06-24 06:31 115 ----a-w- c:\windows\amapro.dat
2010-06-24 06:25 . 2010-06-24 06:25 -------- d-----w- c:\program files\AmaPro
2010-06-24 06:14 . 2010-06-24 06:14 -------- d-----w- C:\PMAIL
2010-06-18 15:25 . 2010-06-18 15:25 -------- d-----w- c:\program files\NOS
2010-06-15 06:52 . 2010-06-15 08:12 -------- d-----w- C:\www
2010-06-04 08:34 . 2010-06-04 08:34 -------- d-----w- c:\documents and settings\MAT\.leo
2010-06-04 08:33 . 2010-06-04 08:33 -------- d-----w- C:\Python26
2010-06-04 08:23 . 2010-06-04 08:24 -------- d-----w- c:\program files\Leo-4.7.1-final

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 17:42 . 2010-04-13 06:26 -------- d-----w- c:\program files\Taskbar Shuffle
2010-06-25 17:27 . 2001-10-25 11:00 74000 ----a-w- c:\windows\system32\perfc005.dat
2010-06-25 17:27 . 2001-10-25 11:00 418840 ----a-w- c:\windows\system32\perfh005.dat
2010-06-25 13:39 . 2008-10-04 15:33 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-25 08:56 . 2010-04-10 13:02 -------- d-----w- c:\program files\Spyware Terminator
2010-06-24 06:31 . 2009-09-18 07:12 -------- d-----w- c:\program files\SendMails
2010-06-15 06:17 . 2010-01-19 07:13 -------- d-----w- c:\program files\Gopas
2010-06-10 06:07 . 2010-05-05 06:16 -------- d-----w- c:\program files\Offline Explorer Enterprise
2010-06-09 14:03 . 2008-09-22 23:58 -------- d-----w- c:\program files\Opera
2010-05-25 13:46 . 2002-01-01 00:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-25 13:46 . 2010-05-25 13:45 -------- d-----w- c:\program files\Seagate
2010-05-25 13:45 . 2010-05-25 13:45 -------- d-----w- c:\program files\MSXML 6.0
2010-05-25 13:45 . 2010-05-25 13:45 -------- d-----w- c:\program files\Carbonite
2010-05-25 13:45 . 2010-05-25 13:45 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-05-25 13:43 . 2010-05-25 13:43 -------- d-----w- c:\program files\MSBuild
2010-05-25 13:40 . 2010-05-25 13:40 -------- d-----w- c:\program files\Reference Assemblies
2010-05-19 14:22 . 2010-05-19 14:21 -------- d-----w- c:\program files\Notepad++
2010-05-19 14:21 . 2010-05-19 14:21 3336170 ----a-w- C:\npp.5.6.8.Installer.exe
2010-05-18 09:19 . 2010-05-18 09:19 -------- d-----w- c:\program files\OVH
2010-05-18 09:19 . 2010-05-18 09:19 12694766 ----a-w- C:\MoM.exe
2010-05-17 11:13 . 2010-05-17 11:13 -------- d-----w- c:\program files\DatAdmin3
2010-05-17 11:04 . 2010-05-17 11:04 454656 ----a-w- C:\putty.exe
2010-05-14 13:38 . 2010-05-14 13:38 -------- d-----w- c:\program files\Software Informer
2010-05-14 13:15 . 2010-05-14 13:15 -------- d-----w- c:\program files\EMS
2010-05-14 09:59 . 2010-05-14 08:22 -------- d-----w- c:\program files\Bitvise WinSSHD
2010-05-07 08:08 . 2010-04-28 06:27 -------- d-----w- c:\program files\ReNamer
2010-05-05 09:30 . 2010-05-05 09:30 1988968 ----a-w- C:\kupplungstechn_cs.zip
2010-05-05 09:29 . 2010-05-05 09:29 1796135 ----a-w- C:\aufstecktechn_cs.zip
2010-04-30 12:23 . 2010-04-30 12:23 -------- d-----w- c:\program files\MagneticOne
2010-04-29 08:09 . 2009-04-15 07:02 -------- d-----w- c:\program files\Google
2010-04-12 09:09 . 2009-02-23 07:20 331776 ------w- c:\windows\Setup1.exe
2010-04-12 09:09 . 2009-02-23 07:20 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-04-10 13:04 . 2010-04-10 13:04 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-04-07 19:08 . 2008-08-18 12:27 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-04-07 19:07 . 2009-11-16 08:03 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-07 19:03 . 2008-08-18 12:18 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-11-10 07:28 . 2008-10-17 08:36 61921312 --sha-w- c:\windows\system32\drivers\fidbox.dat
2008-11-10 07:28 . 2008-10-17 08:36 254496 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
2007-07-17 13:59 1379352 ----a-w- c:\program files\Wisdom-soft\tbWisd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
"EssentialPIM"="c:\program files\EssentialPIM\EssentialPIM.exe" [2009-12-30 1848416]
"POV"="c:\program files\IPEVO\POV\POV.exe" [2007-12-14 1720320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-15 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-10 3037696]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-16 818176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"CmSkype0d8c0010"="c:\program files\VoIP Gateway\CmSkype.exe" [2006-05-09 491520]
"WinSubst"="c:\program files\WorkSoft\WinSubst\winsubst.exe" [2002-09-18 245760]
"EasyReminder"="c:\program files\EasyReminder\EasyReminder.exe" [2005-10-01 293888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-05 98304]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-03-26 210208]
"CnOServerLauncher"="CNOServerLauncher.exe" [1999-05-15 106496]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-29 198160]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"ScreenManager Pro for LCD"="c:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2009-11-18 9094832]
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe" [2009-12-30 1208832]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\MAT\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CPU Status.lnk - c:\program files\CPU Status\CPUStatus.exe [2010-4-13 1067520]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
ScreenHunter 5.1 Free.lnk - c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe [2009-5-14 5689344]
Seagate 2GE4WXH8 Product Registration.lnk - c:\documents and settings\MAT\Data aplikacˇ\Leadertech\PowerRegister\Seagate 2GE4WXH8 Product Registration.exe [2010-5-25 1731736]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ATITool.lnk - c:\program files\ATITool\ATITool.exe [2006-12-8 3035136]
EIZO ScreenSlicer.lnk - c:\windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\ESCSlicer.exe1_87A06423E78E426E924121140A36B659.exe [2009-12-1 61440]
ImageFox.lnk - c:\windows\Installer\{92E64C51-5096-442F-9A44-61CB2941391D}\NewShortcut1.exe [2008-10-4 45056]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 10:03 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 14:27 95872]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [10.12.2009 9:24 19064]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [25.6.2010 9:00 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.4.2010 15:04 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.4.2010 21:07 810120]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [25.9.2009 23:32 189736]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [25.6.2010 9:00 65576]
S2 gupdate1c9f8a64561bc64;Služba Google Update (gupdate1c9f8a64561bc64);c:\program files\Google\Update\GoogleUpdate.exe [29.6.2009 12:42 133104]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [11.2.2008 12:58 151552]
S3 BS_DEF;BS_DEF;\??\c:\windows\BS_DEF.sys --> c:\windows\BS_DEF.sys [?]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys --> c:\windows\system32\Drivers\gHidPnp.Sys [?]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys --> c:\windows\system32\DRIVERS\gMouPS2.sys [?]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys --> c:\windows\system32\DRIVERS\gMouUsb.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10.3.2010 8:18 24216]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 17:21 30720]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.11.2008 14:57 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 11:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5084F01D-458E-45EB-A6FD-692D4C9D2789}]
2005-05-04 13:45 78848 ----a-w- c:\windows\system32\msiexec.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 10:42]

2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 10:42]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.starmicronics.com/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - c:\program files\Altova\XMLSpy2008\spy.htm
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Zend Studio - Debug current page - c:\program files\Zend\Zend Studio - 7.0.1\toolbars\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files\Zend\Zend Studio - 7.0.1\toolbars\ZendIEToolbar.dll/DebugNext.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\MAT\Data aplikací\Mozilla\Firefox\Profiles\v47bz6vk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - component: c:\documents and settings\MAT\Data aplikací\Mozilla\Firefox\Profiles\v47bz6vk.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\MAT\Data aplikací\Mozilla\Firefox\Profiles\v47bz6vk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\MAT\Data aplikací\Mozilla\Firefox\Profiles\v47bz6vk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\MAT\Data aplikací\Mozilla\Firefox\Profiles\v47bz6vk.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-fsm - (no file)
AddRemove-Money S3 - c:\program files\CIGLER SOFTWARE\Common Files\SETUP\s3mngr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 19:41
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1123561945-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{09D8DE2A-0D82-2033-A75C-B59411EB9100}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ealbokjmjl"=hex:66,61,66,66,6a,6d,6b,6d,6d,63,6d,68,00,31
"daefpkkl"=hex:64,62,70,68,6f,62,6e,62,6d,69,6a,6d,61,67,62,65,66,70,6f,67,65,
66,6d,69,6d,65,6f,6d,69,62,65,6d,6b,69,67,68,67,6c,6f,64,00,00
"iadimoammpandlmbdo"=hex:6a,61,6d,61,65,65,70,68,61,6d,65,6f,64,61,63,62,6b,64,
69,69,00,00
"hanhoaipnfiaegfa"=hex:6a,61,6d,61,65,65,70,68,61,6d,65,6f,64,61,63,62,6b,64,
69,69,00,d0

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{09D8DE2A-0D82-2033-A75C-B59411EB9100}\InProcServer32*]
"fajinabmmcll"=hex:67,61,66,66,64,6a,66,6c,66,63,61,6e,61,6e,00,77
"eajiaaammh"=hex:6d,63,6d,68,69,68,6a,66,70,6c,70,69,6e,68,62,6d,66,65,61,6f,
66,6a,6a,61,6e,70,61,70,6c,70,6b,63,6a,70,65,67,64,68,68,62,6f,6c,65,6e,64,\
"gajinabmmcllkg"=hex:67,61,66,66,64,6a,66,6c,66,63,61,6e,61,6e,00,77
"fajiaaammhej"=hex:6d,63,6d,68,69,68,6a,66,70,6c,70,69,6e,68,62,6d,66,65,61,6f,
66,6a,6a,61,6e,70,61,70,6c,70,6b,63,6a,70,65,67,64,68,68,62,6f,6c,65,6e,64,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3004)
c:\program files\ACD Systems\ImageFox\IFOXDLL.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\EIZO\ScreenSlicer\liblatticehook.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FileZilla Server\FileZilla Server.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\CNOServerLauncher.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\EIZO\ScreenSlicer\ESCSlicer.exe
c:\program files\ACD Systems\ImageFox\ImageFox.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-06-25 19:51:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-25 17:51

Před spuštěním: Volných bajtů: 34 906 308 608
Po spuštění: Volných bajtů: 34 806 583 296

- - End Of File - - 98D1A647A03966ECEE5087F9D48B2141

[motji]

Měl jste infikovaný systémový souboor, který je důležitý k připojení na internet.
Jak to ted vypadá s počítačem?

tento program znáte?
c:\program files\ATITool\ATITool.exe

Otestujte na www.virustotal.com

c:\windows\BS_DEF.sys --> c:\windows\BS_DEF.sys
c:\windows\system32\Drivers\gHidPnp.Sys
c:\windows\system32\DRIVERS\gMouPS2.sys
c:\program files\WorkSoft\WinSubst\winsubst.exe
C:\putty.exe
C:\MoM.exe


-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

[Sephontaine]

c:\program files\ATITool\ATITool.exe - program pro nastavení grafické karty
c:\windows\BS_DEF.sys --> c:\windows\BS_DEF.sys *
c:\windows\system32\Drivers\gHidPnp.Sys *
c:\windows\system32\DRIVERS\gMouPS2.sys *
*Tyto soubory nemohu najít.

c:\program files\WorkSoft\WinSubst\winsubst.exe
Soubor winsubst.exe přijatý 2010.06.28 06:04:13 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 1/41 (2.44%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 40 a 57 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.30 2010.06.28 -
AhnLab-V3 2010.06.27.01 2010.06.27 -
AntiVir 8.2.4.2 2010.06.27 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.27 -
Avast 4.8.1351.0 2010.06.27 -
Avast5 5.0.332.0 2010.06.27 -
AVG 9.0.0.836 2010.06.27 -
BitDefender 7.2 2010.06.28 -
CAT-QuickHeal 10.00 2010.06.28 -
ClamAV 0.96.0.3-git 2010.06.28 -
Comodo 5240 2010.06.28 Heur.Suspicious
DrWeb 5.0.2.03300 2010.06.28 -
eSafe 7.0.17.0 2010.06.27 -
eTrust-Vet 36.1.7668 2010.06.25 -
F-Prot 4.6.1.107 2010.06.27 -
F-Secure 9.0.15370.0 2010.06.28 -
Fortinet 4.1.133.0 2010.06.27 -
GData 21 2010.06.28 -
Ikarus T3.1.1.84.0 2010.06.28 -
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.28 -
McAfee 5.400.0.1158 2010.06.28 -
McAfee-GW-Edition 2010.1 2010.06.27 -
Microsoft 1.5902 2010.06.27 -
NOD32 5232 2010.06.27 -
Norman 6.05.10 2010.06.27 -
nProtect 2010-06-27.02 2010.06.27 -
Panda 10.0.2.7 2010.06.27 -
PCTools 7.0.3.5 2010.06.28 -
Prevx 3.0 2010.06.28 -
Rising 22.54.00.03 2010.06.28 -
Sophos 4.54.0 2010.06.28 -
Sunbelt 6515 2010.06.28 -
Symantec 20101.1.0.89 2010.06.28 -
TheHacker 6.5.2.0.304 2010.06.28 -
TrendMicro 9.120.0.1004 2010.06.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.28 -
VBA32 3.12.12.5 2010.06.25 -
ViRobot 2010.6.26.3907 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.27 -
Rozšiřující informace
File size: 245760 bytes
MD5...: ca26d45b4815f04ea9f8d35ab4ac4567
SHA1..: e4e13e062ff9f050bf7369292ca07bf1af99c6ed
SHA256: dc5b03a03ab491f0f94c779ca4f750b05bb4d44e2fcd806bed4f460ff05f045b
ssdeep: 6144:yillxhYoia/6YmkTPCcVzpGlSmB5i8+TUMWvyj:TlxhY8/PhCcppGlSmTiX
TUMh
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xacdf0
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x74000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x75000 0x38000 0x38000 7.92 a8349575495fe314afa3ad52107d135a
.rsrc 0xad000 0x4000 0x3c00 5.01 9ddd83fa1e6133d0a09cceb97917dab5

( 9 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess, -
> advapi32.dll: RegCloseKey
> comctl32.dll: ImageList_Add
> comdlg32.dll: GetOpenFileNameA
> gdi32.dll: SaveDC
> oleaut32.dll: VariantCopy
> shell32.dll: -
> user32.dll: GetDC
> version.dll: VerQueryValueA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.4%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Win16/32 Executable Delphi generic (2.6%)
packers (Kaspersky): UPX
packers (F-Prot): UPX
sigcheck:
publisher....: WorkSoft, Ltd.
copyright....: (c) 2001-2002. WorkSoft,Ltd.
product......: WorkSoft WinSubst
description..: WinSubst Utility
original name: winsubst.exe
internal name: winsubst
file version.: 1.0.0.29
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned

C:\putty.exe
Soubor putty.exe přijatý 2010.06.28 06:10:12 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 1/40 (2.5%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.30 2010.06.28 -
AhnLab-V3 2010.06.27.01 2010.06.27 -
AntiVir 8.2.4.2 2010.06.27 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.27 -
Avast 4.8.1351.0 2010.06.27 -
Avast5 5.0.332.0 2010.06.27 -
AVG 9.0.0.836 2010.06.27 -
BitDefender 7.2 2010.06.28 -
CAT-QuickHeal 10.00 2010.06.28 -
ClamAV 0.96.0.3-git 2010.06.28 -
Comodo 5240 2010.06.28 -
DrWeb 5.0.2.03300 2010.06.28 -
eSafe 7.0.17.0 2010.06.27 Win32.Corrupt.Ep
eTrust-Vet 36.1.7668 2010.06.25 -
F-Prot 4.6.1.107 2010.06.27 -
F-Secure 9.0.15370.0 2010.06.28 -
Fortinet 4.1.133.0 2010.06.27 -
GData 21 2010.06.28 -
Ikarus T3.1.1.84.0 2010.06.28 -
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.28 -
McAfee 5.400.0.1158 2010.06.28 -
McAfee-GW-Edition 2010.1 2010.06.27 -
Microsoft 1.5902 2010.06.28 -
NOD32 5232 2010.06.27 -
Norman 6.05.10 2010.06.27 -
nProtect 2010-06-27.02 2010.06.27 -
Panda 10.0.2.7 2010.06.27 -
PCTools 7.0.3.5 2010.06.28 -
Rising 22.54.00.03 2010.06.28 -
Sophos 4.54.0 2010.06.28 -
Sunbelt 6515 2010.06.28 -
Symantec 20101.1.0.89 2010.06.28 -
TheHacker 6.5.2.0.304 2010.06.28 -
TrendMicro 9.120.0.1004 2010.06.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.28 -
VBA32 3.12.12.5 2010.06.25 -
ViRobot 2010.6.26.3907 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.27 -
Rozšiřující informace
File size: 454656 bytes
MD5...: 9bb6826905965c13be1c84cc0ff83f42
SHA1..: ae7734e7a54353ab13ecba780ed62344332fbc6f
SHA256: cfa4f56807405fd36e406688feb970a0d0d4854456ba2da72e4a33a27b01d9ae
ssdeep: 12288:yLXmgMb4Xd+Uh8ggdE8Ox4GoyPV4qOr1nBMIQn6:yDmgMbVujg9u4GBPVL
Or1nvM6
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4777f
timedatestamp.....: 0x463484d0 (Sun Apr 29 11:43:12 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4e4d1 0x4f000 6.63 2f6fa9117dbe61d9723c63816f6e49fd
.rdata 0x50000 0x19536 0x1a000 6.12 528f4201171d63b6057d28346d31f26b
.data 0x6a000 0x7064 0x1000 3.97 427740272b7cbb5da523a05992b88b4f
.rsrc 0x72000 0x3ab0 0x4000 3.78 d0531fa0b83a47042fed7f07849032ff

( 10 imports )
> ADVAPI32.dll: RegCloseKey, RegCreateKeyA, RegSetValueExA, RegOpenKeyA, RegQueryValueExA, RegDeleteKeyA, RegEnumKeyA
> COMCTL32.dll: -, -, -, -
> comdlg32.dll: GetOpenFileNameA, ChooseFontA, ChooseColorA, GetSaveFileNameA
> GDI32.dll: CreateBitmap, IntersectClipRect, ExcludeClipRect, UpdateColors, DeleteDC, GetTextExtentPoint32A, CreateCompatibleDC, DeleteObject, TextOutA, SetBkColor, SetTextColor, Rectangle, CreateSolidBrush, GetStockObject, SelectObject, CreateFontIndirectA, GetTextExtentExPointA, SetMapMode, GetDeviceCaps, RealizePalette, SelectPalette, CreatePalette, ExtTextOutA, GetCharacterPlacementW, ExtTextOutW, GetPixel, SetBkMode, SetTextAlign, CreateCompatibleBitmap, TranslateCharsetInfo, GetObjectA, GetTextMetricsA, CreateFontA, LineTo, MoveToEx, CreatePen, SetPixel, Polyline, GetCharWidthW, GetCharWidth32W, GetCharWidthA, GetCharWidth32A, SetPaletteEntries, UnrealizeObject
> IMM32.dll: ImmReleaseContext, ImmGetCompositionStringW, ImmSetCompositionFontA, ImmGetContext, ImmSetCompositionWindow
> SHELL32.dll: ShellExecuteA
> USER32.dll: SetForegroundWindow, CreateMenu, GetDoubleClickTime, WinHelpA, GetForegroundWindow, GetClipboardOwner, FindWindowA, MessageBoxIndirectA, GetQueueStatus, UpdateWindow, DefWindowProcA, InvalidateRect, SetWindowPos, EndPaint, GetWindowTextA, GetWindowTextLengthA, GetClientRect, BeginPaint, SetWindowTextA, PeekMessageA, MsgWaitForMultipleObjects, IsWindow, CreateCaret, ShowCaret, HideCaret, DestroyCaret, TranslateMessage, EnableMenuItem, GetCursorPos, TrackPopupMenu, GetKeyboardLayout, SetKeyboardState, ToAsciiEx, SetScrollInfo, GetMessageTime, PostMessageA, GetSystemMenu, CheckMenuItem, IsZoomed, FlashWindow, GetClipboardData, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, SetCaretPos, KillTimer, SetTimer, GetKeyboardState, SetClassLongA, SetCursor, ShowCursor, CreatePopupMenu, InsertMenuA, DeleteMenu, AppendMenuA, IsIconic, GetSystemMetrics, GetCapture, ReleaseCapture, LoadIconA, GetDesktopWindow, MoveWindow, DefDlgProcA, LoadCursorA, CreateDialogParamA, GetMessageA, GetWindowLongA, IsDialogMessageA, DispatchMessageA, PostQuitMessage, EnableWindow, DialogBoxParamA, EndDialog, GetParent, SetActiveWindow, GetWindowPlacement, SetWindowPlacement, RegisterWindowMessageA, DrawEdge, SetCapture, MessageBoxA, SetFocus, GetDlgItem, GetDlgItemTextA, SetDlgItemTextA, CheckDlgButton, IsDlgButtonChecked, CheckRadioButton, SetWindowLongA, MessageBeep, SendDlgItemMessageA, GetDC, ReleaseDC, SendMessageA, MapDialogRect, GetCaretBlinkTime, DestroyWindow, RegisterClassA, GetSysColor, SystemParametersInfoA, GetWindowRect, CreateWindowExA, ShowWindow, RegisterClipboardFormatA
> WINMM.dll: PlaySoundA
> WINSPOOL.DRV: StartDocPrinterA, WritePrinter, EndDocPrinter, ClosePrinter, EnumPrintersA, EndPagePrinter, StartPagePrinter, OpenPrinterA
> KERNEL32.dll: SetEnvironmentVariableA, CompareStringW, CompareStringA, HeapSize, SetEndOfFile, InterlockedExchange, RtlUnwind, SetStdHandle, SetFilePointer, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, UnhandledExceptionFilter, VirtualFree, HeapCreate, HeapDestroy, LCMapStringW, LCMapStringA, GetFileType, GetStdHandle, SetHandleCount, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, GetTimeZoneInformation, FlushFileBuffers, GetStringTypeW, GetStringTypeA, GetCommandLineA, GetStartupInfoA, GetSystemTimeAsFileTime, DeleteFileA, TerminateProcess, ExitProcess, HeapFree, HeapReAlloc, HeapAlloc, GetDateFormatA, GetTimeFormatA, GetCurrentDirectoryA, SetCurrentDirectoryA, GetACP, GetLocalTime, GetEnvironmentVariableA, SetCommBreak, CreateFileA, GetCommState, SetCommState, SetCommTimeouts, ClearCommBreak, CreatePipe, SetHandleInformation, GetCurrentThreadId, GetWindowsDirectoryA, FindFirstFileA, FindNextFileA, FindClose, GetCurrentProcessId, QueryPerformanceCounter, GlobalMemoryStatus, GetCurrentThread, GetThreadTimes, GetCurrentProcess, GetProcessTimes, GetSystemTime, GetSystemTimeAdjustment, FreeLibrary, CreateThread, WriteFile, CreateEventA, ReadFile, GetLastError, WaitForSingleObject, GetOverlappedResult, SetEvent, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, GetModuleFileNameA, CreateProcessA, CloseHandle, Beep, LoadLibraryA, WideCharToMultiByte, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, MultiByteToWideChar, IsDBCSLeadByteEx, GetLocaleInfoA, GetOEMCP, GetCPInfo, lstrcpynA, GetModuleHandleA, GetProcAddress, GetVersionExA, MulDiv, GetTickCount

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: InstallShield setup (37.7%)
Win32 Executable MS Visual C++ (generic) (33.0%)
Windows Screen Saver (11.4%)
Win32 Executable Generic (7.4%)
Win32 Dynamic Link Library (generic) (6.6%)
sigcheck:
publisher....: Simon Tatham
copyright....: Copyright (c) 1997-2007 Simon Tatham.
product......: PuTTY suite
description..: SSH, Telnet and Rlogin client
original name: PuTTY
internal name: PuTTY
file version.: Release 0.60
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

C:\MoM.exe
Soubor MoM.exe přijatý 2010.06.28 06:17:06 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.30 2010.06.28 -
AhnLab-V3 2010.06.27.01 2010.06.27 -
AntiVir 8.2.4.2 2010.06.27 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.27 -
Avast 4.8.1351.0 2010.06.27 -
Avast5 5.0.332.0 2010.06.27 -
AVG 9.0.0.836 2010.06.27 -
BitDefender 7.2 2010.06.28 -
CAT-QuickHeal 10.00 2010.06.28 -
ClamAV 0.96.0.3-git 2010.06.28 -
Comodo 5240 2010.06.28 -
DrWeb 5.0.2.03300 2010.06.28 -
eSafe 7.0.17.0 2010.06.27 -
eTrust-Vet 36.1.7668 2010.06.25 -
F-Prot 4.6.1.107 2010.06.27 -
F-Secure 9.0.15370.0 2010.06.28 -
Fortinet 4.1.133.0 2010.06.27 -
GData 21 2010.06.28 -
Ikarus T3.1.1.84.0 2010.06.28 -
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.28 -
McAfee 5.400.0.1158 2010.06.28 -
McAfee-GW-Edition 2010.1 2010.06.27 -
Microsoft 1.5902 2010.06.28 -
NOD32 5232 2010.06.27 -
Norman 6.05.10 2010.06.27 -
nProtect 2010-06-27.02 2010.06.27 -
Panda 10.0.2.7 2010.06.27 -
PCTools 7.0.3.5 2010.06.28 -
Prevx 3.0 2010.06.28 -
Rising 22.54.00.03 2010.06.28 -
Sophos 4.54.0 2010.06.28 -
Sunbelt 6515 2010.06.28 -
Symantec 20101.1.0.89 2010.06.28 -
TheHacker 6.5.2.0.304 2010.06.28 -
TrendMicro 9.120.0.1004 2010.06.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.28 -
VBA32 3.12.12.5 2010.06.25 -
ViRobot 2010.6.26.3907 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.27 -
Rozšiřující informace
File size: 12694766 bytes
MD5...: 7c1205a49c3994b99a3f80235bbd2104
SHA1..: dd51c2966b5425edcd901f7ac40edf6b2e84b1aa
SHA256: 72e45ea4b0812e008ac34cdc66f4541be23e86afa3049d4298735e0df22a6289
ssdeep: 393216:bqlI6PizU67A+Et+Yp2rUW3YSFRtDMxPZqcFP:bqS6oU67A+C+K2FYS7t
DMxAcFP
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x354b
timedatestamp.....: 0x4aa7ac4b (Wed Sep 09 13:23:23 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x63a2 0x6400 6.48 3291075913c14a1799655a261fb21cca
.rdata 0x8000 0x18f2 0x1a00 4.89 170563e94de7ebfd6e622a164ce38c8a
.data 0xa000 0x6669c 0x200 1.43 23d69b1e3a55dee07701198b7650a06b
.ndata 0x71000 0x145000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x1b6000 0x10b0 0x1200 4.05 0b6d2996586639e8c1d8c648c489ab82

( 8 imports )
> KERNEL32.dll: SetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, CloseHandle, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, MulDiv, lstrlenA, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrcpynA
> USER32.dll: ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, FindWindowExW, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, IsWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): NSIS, UTF-8, UPX

[motji]

Ani když zkopírujete cestu do toho spodního okénka na virustotalu?

[Sephontaine]

Bohužel ne.
Počítač i prohlížeč se zdají být už v pořádku.
Moc Vám děkuji

[motji]

Ještě mi neutíkejte

tuto stránku znáte?
hxxp://www.starmicronics.com/

Stahněte SAS http://portable.superantispyware.com/sassaferun.php
-proveďte aktualizaci a dejte uplný sken.
-Co najde, smažte,a napište co našel.
(tato verze se neinstaluje, je v angličtině. Pokud potřebujete uplný návod, klikněte mi v podpisu na SAS)