prosim o kontrolu Vyřešeno

[pitrisek_brno]

tak a COMBA je konec, ufff a nyni VIRUSTOTAL

LOCAL ANALYZE RESULT

Rozšiřující informace
File size: 21194 bytes
MD5...: 7f08817f2b52ea1f622af93c6e576dac
SHA1..: 9dbea1c08bfdaa1ac57dc9c3ee441bfdfa24a6a5
SHA256: 6debf527d714e21e51d638e15f41fa9ff8b3c3ed38f37005301c24641a0741a0
SHA512: a96e3adb313fcf43f75f6db938eb8f089de1add6c36d51eb8daeb6c3e3755745
73232793ed0cb2b31f741963f0aa4a0825b0966c89d3c471a2e4d44baf6c1dd6
ssdeep: 96:t1VPDXTKAg81C8UC8/9j8wj8Vd8KU8DC84j8xmTj8SC87Y8m3i8qH8Qy8RB82
C8c:tnKAD3LuwP
PEiD..: -
TrID..: File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
PEInfo: -


Remote analyze reset

Rozšiřující informace File size: 20738 bytes
MD5...: d3f7b4d4759f6c34a617fe025426043cSHA1..: 221e3e3fb171229081a2933884ccba4ccf8c396a
SHA256: 1f94091b639e718e0d73df290c2d410162ad8fc5ea1791df927464d3b2847ba7
SHA512: a6a5551ef15c640acb4e7d6215af710c26b958803a5a470aeedbb9778aee1dfc
fa15604267412bf4eeaa36788ade3876d52f596cdee711778f2cb97274415faa
ssdeep: 96:tgVPDXTKAg81C8UC8/9j8wj8Vd8KU8DC84j8xmTj8SC87Y8m3i8qH8Qy8RB81
C8o:tgKAD3EuwP
PEiD..: -TrID..: File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
PEInfo: -

Log reset

Rozšiřující informace File size: 1650 bytes
MD5...: 2b065842e447d2f0d05fa2b1de684d25SHA1..: cd511e943cacdb98ef768f4822a980058736b63b
SHA256: 543a904f5302cb0432484cbcd1f6e1ecbd085d36796669ba9d09f057bd1f4593
SHA512: d113f244d61ac95e21ce4bc26a60c657d5c0f5242103f8c0982fca5d02d9e340
39c79b5ecceb9b419e7f59b4178690d8a493fa02c8fb724f5a16df56e2d32223
ssdeep: 24:WYtJZqVPDX/rKAcidi6eTx26eTxa9H6eTx46eTx26eTxa9H6eTxsy:ntJ4VPD
X/rKAxibTUbTgbT+bTUbTgbTp
PEiD..: -TrID..: File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)PEInfo: -

Ntf10

Rozšiřující informace File size: 67 bytes
MD5...: e3bee6a882abc9faa25ef59d935334d9SHA1..: 146adefeb939f1dadf9a373843355f7e728107ba
SHA256: f7299b09b22ddf643f30947672a5e96ba03a03b4d1a744d3005d369a161496f2
SHA512: 9434183bb4fe4d56a0790da45aeec182d467d5a5344543cb2618f72c55a5cd48
ca85e5c71b1b06b42f7fd15e03df06890234f088a4d8c0a4245e1499798e421d
ssdeep: 3:8GXKRj2AEei4SXyFRiaMKNFwgLQtK:8ZbJiLa5FFQtK
PEiD..: -TrID..: File type identification
Unknown!PEInfo: -

PDF CREATOR
Rozšiřující informace File size: 253139 bytes
MD5...: b999a292a7836c518891e754121323feSHA1..: f77a16121b55c5137cdf4efdcb0ae933d3094a5c
SHA256: 88d570d511e0fa8ca22cd756fc0b59a0e9b49189cd481517dddf5478eed5c834SHA512: 8bb68edcd4bb3cac4b03a1516fcb2225f5261d9dc15655ff0061e57cd937fb8b
261ae98f5025f8f621d7511432ac93e36034b1be07551f1c6aae52c60e3e2fe4
ssdeep: 3072:SRA51Jvbg5LJjomKu0YGGiEBJMLjHxSGVW0qRTDxsXWBHn23wtTgAe5d5t/
kB/a0:vSK3YW+JCbQR3xsGBHYis3PyIBAqa
PEiD..: -TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403178
timedatestamp.....: 0x43cc30d6 (Mon Jan 16 23:48:38 2006)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6616 0x6800 6.47 df62686099011bb9eb18068e8594ef8d
.rdata 0x8000 0x1848 0x1a00 5.19 e68dfe8ae6b4885affcb5ac407b22a90
.data 0xa000 0x2a1b4 0x200 1.74 f75aff4aba0d3b9f39701fc1c61a8d9e
.rsro 0x35000 0x31000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x66000 0x7000 0x6200 4.01 058a29c4494f66afa087eeb695b1a58a

( 9 imports )
> KERNEL32.dll: SetFileTime, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, lstrcatA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, ExitProcess, GetCurrentProcess, CopyFileA, lstrcpynA, GetCommandLineA, GetWindowsDirectoryA, CloseHandle, GetUserDefaultLangID, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, GlobalAlloc, CreateThread, CreateProcessA, CreateFileA, GetTempFileNameA, lstrcpyA, lstrlenA, SetEndOfFile, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetSystemDirectoryA, RemoveDirectoryA, lstrcmpA, GetVolumeInformationA, InterlockedExchange, RtlUnwind, lstrcmpiA, GetEnvironmentVariableA, ExpandEnvironmentStringsA, GlobalFree, WaitForSingleObject, GetExitCodeProcess, SetErrorMode, GetModuleHandleA, LoadLibraryA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, VirtualQuery, WriteFile, ReadFile, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA, MulDiv
> USER32.dll: CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuA, CreatePopupMenu, GetSystemMetrics, EndDialog, SetWindowPos, SetClassLongA, IsWindowEnabled, DialogBoxParamA, LoadBitmapA, GetClassInfoA, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, CharPrevA, LoadCursorA, GetWindowLongA, GetSysColor, CharNextA, ExitWindowsEx, CreateDialogParamA, DestroyWindow, SetTimer, SetCursor, IsWindowVisible, CallWindowProcA, GetMessagePos, ScreenToClient, CheckDlgButton, RegisterClassA, SetWindowTextA, wsprintfA, SetForegroundWindow, ShowWindow, SendMessageTimeoutA, FindWindowExA, IsWindow, GetDlgItem, SetWindowLongA, GetClientRect, LoadImageA, GetDC, EnableWindow, PeekMessageA, DispatchMessageA, SendMessageA, InvalidateRect, PostQuitMessage
> GDI32.dll: SetTextColor, SetBkMode, SetBkColor, CreateBrushIndirect, DeleteObject, CreateFontIndirectA, GetDeviceCaps
> SHELL32.dll: SHFileOperationA, SHGetSpecialFolderLocation, SHGetMalloc, SHBrowseForFolderA, SHGetPathFromIDListA, ShellExecuteA
> ADVAPI32.dll: RegEnumValueA, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyA, RegDeleteValueA, RegDeleteKeyA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Create, ImageList_Destroy, -
> ole32.dll: OleInitialize, CoCreateInstance, OleUninitialize
> VERSION.dll: VerQueryValueA, GetFileVersionInfoA, GetFileVersionInfoSizeA
> snmpapi.dll: SnmpUtilOidCpy, SnmpUtilOidNCmp, SnmpUtilVarBindFree

( 0 exports )
packers (Kaspersky): PE_Patch.NSIS

[Reklama]

[jaro3]

Chtěl jsem poslat odkazy těch výsledků z VT , to je celá stránka (0/38+jednotlivé antiviry.) atd.
Další script vypracuji později.Momentálně jsem časově zaneprádněn.

[pitrisek_brno]

tak jsem to nepochopil:o( moc se omlouvam - z virus total je samozrejme ten posledni prispevek. Moc se omlouvam

[jaro3]

Jdi na VT stránku, zadej první soubor ke kontrole, až bude hotov, tak se objeví celá stránka se všemi antivirovými programy . Zkopíruješ odkaz na celou tuto stránku myší v prohlížeči a odkaz dáš sem.Pak budeš pokračovat druhým souborem atd.
C:\Local Analyze Result.html
C:\Remote Analyze Result.html
C:\Log Result.html
C:\Ntf10.tmp
c:\windows\PDFCreator_Toolbar_Uninstaller_5812.exe

[pitrisek_brno]

log result

http://www.virustotal.com/cs/analisis/2 ... 6e5b88add3

[pitrisek_brno]

local analyze result

http://www.virustotal.com/cs/analisis/0 ... 068bdd9264

[pitrisek_brno]

Remote_Analyze_Result.html

http://www.virustotal.com/cs/analisis/0 ... 511ad7a5f9

[pitrisek_brno]

Ntf10.tmp

http://www.virustotal.com/cs/analisis/7 ... e2a1d11b0d

[pitrisek_brno]

PDFCreator_Toolbar



http://www.virustotal.com/cs/analisis/7 ... 059f35828b


Tak snad jsem to udelal uz dobre...

[jaro3]

Fajn , to je ono.
Vypni zase rez .ochranu u Spy Sweeper
Ještě jeden script v CF , postup stejný.:

Kód: Vybrat vše

Folder::
C:\SDFix
c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP

File::
c:\windows\setupapi.old
c:\windows\av_affiliate.ini
c:\windows\as_affiliate.ini
c:\windows\system32\drivers\CDAVFS.sys
c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP

DRIVER::
CDAVFS


Zase log z CF a nový z HJT.

[pitrisek_brno]

jen se zeptam ten log z combo fix bude mit opet miliony radek? a opet jej mam cely zkopirovat?

[jaro3]

To netuším , někdy to vypisuje úplně vše....
Zkus to dát na www.edisk.cz a sem dát odkaz- tedy pokud to bude zase dlouhý.