Prosím o kontrolu logu. Vyřešeno

[bledulka]

Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka

Kód: Vybrat vše

FCOPY::
C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe | C:\Windows\System32\autochk.exe

Driver::
SbAlg
SbFsLock

 


-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš

-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[Reklama]

[Zdendys75]

ComboFix 10-06-14.02 - Renatina 17.06.2010 12:25:28.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.764.203 [GMT 2:00]
Spuštěný z: c:\users\Renatina\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Renatina\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\autochk.exe . . . je infikován!!

.
--------------- FCopy ---------------

c:\windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe --> c:\windows\System32\autochk.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SBALG
-------\Legacy_SBFSLOCK
-------\Service_SbAlg
-------\Service_SbFsLock
-------\Legacy_SBALG
-------\Legacy_SBFSLOCK
-------\Service_SbAlg
-------\Service_SbFsLock


((((((((((((((((((((((((( Soubory vytvořené od 2010-05-17 do 2010-06-17 )))))))))))))))))))))))))))))))
.

2010-06-17 10:55 . 2010-06-17 10:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-17 10:55 . 2010-06-17 10:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-17 10:55 . 2010-06-17 12:33 -------- d-----w- c:\users\Renatina\AppData\Local\temp
2010-06-15 22:28 . 2010-06-15 22:28 -------- d-----w- C:\$RECYCLE(0).BIN
2010-06-15 08:48 . 2010-06-15 08:48 -------- d-----w- c:\users\Renatina\AppData\Roaming\Malwarebytes
2010-06-15 08:48 . 2010-06-15 08:48 -------- d-----w- c:\programdata\Malwarebytes
2010-06-15 08:48 . 2010-06-15 08:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-15 08:20 . 2010-06-15 08:20 -------- d-----w- C:\UsbFix
2010-06-14 11:31 . 2010-06-14 11:31 -------- d-----w- c:\program files\CCleaner
2010-06-14 11:29 . 2010-06-14 11:29 -------- d-----w- c:\program files\Trend Micro
2010-06-13 14:12 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-13 14:12 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-13 14:12 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-13 14:11 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-05-26 12:29 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-17 12:20 . 2008-04-19 19:48 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-06-17 12:20 . 2008-04-19 19:51 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-06-17 12:20 . 2008-08-13 14:11 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-06-17 12:20 . 2008-08-04 13:56 -------- d-----w- c:\programdata\hpqLog
2010-06-17 10:58 . 2008-08-13 18:50 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-14 07:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-14 07:26 . 2008-08-04 14:23 -------- d-----w- c:\programdata\Microsoft Help
2010-06-13 14:04 . 2009-12-29 14:24 -------- d-----w- c:\programdata\FLEXnet
2010-06-13 13:24 . 2008-04-17 10:02 635994 ----a-w- c:\windows\system32\perfh005.dat
2010-06-13 13:24 . 2008-04-17 10:02 134788 ----a-w- c:\windows\system32\perfc005.dat
2010-05-26 21:14 . 2008-08-13 14:01 -------- d-----w- c:\program files\Windows Live
2010-05-12 09:21 . 2009-10-02 19:49 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-13 14:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-13 14:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-13 14:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-13 14:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-15 12:58 . 2009-03-31 20:05 680 ----a-w- c:\users\Renatina\AppData\Local\d3d9caps.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2009-07-21 1339320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-02 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-14 10244096]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-24 197904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"autoclk"="autoclk.exe" [2003-01-30 143360]
"adiras"="adiras.exe" [2003-10-30 1474560]

c:\users\Renatina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-13 727592]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2010-3-21 962663]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-8-4 197904]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
SDL Trados 2007 Speed Launcher.lnk - c:\program files\SDL International\SDL Trados Synergy 2007\Synergy.exe [2007-12-18 765952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,53,b4,2e,f0,8a,ca,01

R2 NewServiceInstall1;NewServiceInstall1;c:\program files\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng [2007-04-23 11264]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S0 SafeBoot;SafeBoot; [x]
S1 aswSP;avast! Self Protection; [x]
S1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\Drivers\NEOFLTR_650_14951.SYS [2009-12-09 85288]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2009-07-21 66288]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-02 18944]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-30 256512]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-14 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [2008-03-27 51040]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-06-17 c:\windows\Tasks\User_Feed_Synchronization-{646B022F-8486-4F46-B564-F86AB5B3175A}.job
- c:\windows\system32\msfeedssync.exe [2010-06-13 04:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ihned.cz/
mStart Page = hxxp://www.t-zones.cz
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {C62645C0-88A5-4432-B8D7-8CF301544B40} = 194.228.41.113 160.218.161.54
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://neo.csa.cz/dana-cached/sc/Junip ... Client.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-17 14:33
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NewServiceInstall1]
"ImagePath"="\"c:\program files\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3088)
c:\program files\Aberger\HfAsistent\FotoSync.dll
c:\program files\Aberger\HfAsistent\xerc2701.dll
c:\program files\Aberger\HfAsistent\fotosynr.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rpcnet.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkový čas: 2010-06-17 14:45:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-17 12:45
ComboFix2.txt 2010-06-15 22:44
ComboFix3.txt 2010-06-14 22:54

Před spuštěním: Volných bajtů: 60 671 070 208
Po spuštění: Volných bajtů: 60 306 661 376

- - End Of File - - D80A1951FC0EFAC04345344544796217

[bledulka]

Otestuj soubor c:\windows\System32\autochk.exe na www.virustotal.com

Jak to teď vypadá s počítačem?

[Zdendys75]

Ahoj. Tak tenhle soubor to zkontrolovalo OK. Tady je ten výsledek. Jinak počítač se teď chová divně. Při každém restartu teď padá do režimu kde to chce vracet k bodu obnovy a nespouští se sám. Takže se někde něco ...

Poslední aktualizace Výsledek
a-squared 5.0.0.26 2010.06.17 -
AhnLab-V3 2010.06.17.02 2010.06.17 -
AntiVir 8.2.2.6 2010.06.17 -
Antiy-AVL 2.0.3.7 2010.06.17 -
Authentium 5.2.0.5 2010.06.17 -
Avast 4.8.1351.0 2010.06.17 -
Avast5 5.0.332.0 2010.06.17 -
AVG 9.0.0.787 2010.06.17 -
BitDefender 7.2 2010.06.17 -
CAT-QuickHeal 10.00 2010.06.17 -
ClamAV 0.96.0.3-git 2010.06.17 -
Comodo 5135 2010.06.17 -
DrWeb 5.0.2.03300 2010.06.17 -
eSafe 7.0.17.0 2010.06.17 -
eTrust-Vet 36.1.7642 2010.06.17 -
F-Prot 4.6.1.107 2010.06.17 -
F-Secure 9.0.15370.0 2010.06.17 -
Fortinet 4.1.133.0 2010.06.17 -
GData 21 2010.06.17 -
Ikarus T3.1.1.84.0 2010.06.17 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.17 -
McAfee 5.400.0.1158 2010.06.17 -
McAfee-GW-Edition 2010.1 2010.06.16 Heuristic.BehavesLike.Exploit.CodeExec.FFMA
Microsoft 1.5902 2010.06.17 -
NOD32 5205 2010.06.17 -
Norman 6.05.06 2010.06.17 -
nProtect 2010-06-17.01 2010.06.17 -
Panda 10.0.2.7 2010.06.17 -
PCTools 7.0.3.5 2010.06.17 -
Prevx 3.0 2010.06.17 -
Rising 22.52.03.04 2010.06.17 -
Sophos 4.54.0 2010.06.17 -
Sunbelt 6463 2010.06.17 -
Symantec 20101.1.0.89 2010.06.17 -
TheHacker 6.5.2.0.299 2010.06.17 -
TrendMicro 9.120.0.1004 2010.06.17 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.17 -
VBA32 3.12.12.5 2010.06.17 -
ViRobot 2010.6.14.3884 2010.06.17 -
VirusBuster 5.0.27.0 2010.06.17 -
Rozšiřující informace
File size: 643072 bytes
MD5...: 6588dbfbaa052bb2299907ceb0e4464e
SHA1..: 2662779d49fc5c1544f5f980c76885ceeb7cf3fe
SHA256: a8d30e698a9539d4bb4c53f76e0ad3ef7a8c2a3b9bd62668688a773ebbfea783
ssdeep: 12288:USEAtt25iCeWblH8BYP7JcCAUC6B+KYQmvFNo:U4/u/VbbPdcC/XBbYFv3
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set-
pdfid.: -
trid..: Photoshop Action (35.6%)OpenGL object (28.4%)Lotus 123 Worksheet (generic) (14.2%)Targa bitmap (Original TGA Format - No Image ID) (7.1%)Adobe PhotoShop Brush (7.1%)
sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: Unsigned
VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!

[bledulka]

Prosím tě, spusť ještě jednou combofix, bez skriptu.

[Zdendys75]

Jo a tady je ten otestovanej: c:\program files\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng

Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.26 2010.06.01 -
AhnLab-V3 2010.06.01.01 2010.06.01 -
AntiVir 8.2.1.242 2010.06.01 -
Antiy-AVL 2.0.3.7 2010.06.01 -
Authentium 5.2.0.5 2010.06.01 -
Avast 4.8.1351.0 2010.06.01 -
Avast5 5.0.332.0 2010.06.01 -
AVG 9.0.0.787 2010.06.01 -
BitDefender 7.2 2010.06.01 -
CAT-QuickHeal 10.00 2010.06.01 -
ClamAV 0.96.0.3-git 2010.06.01 -
Comodo 4977 2010.06.01 -
DrWeb 5.0.2.03300 2010.06.01 -
eSafe 7.0.17.0 2010.06.01 -
eTrust-Vet 35.2.7523 2010.06.01 -
F-Prot 4.6.0.103 2010.06.01 -
F-Secure 9.0.15370.0 2010.06.01 -
Fortinet 4.1.133.0 2010.06.01 -
GData 21 2010.06.01 -
Ikarus T3.1.1.84.0 2010.06.01 -
Jiangmin 13.0.900 2010.05.31 -
Kaspersky 7.0.0.125 2010.06.01 -
McAfee 5.400.0.1158 2010.06.01 -
McAfee-GW-Edition 2010.1 2010.06.01 -
Microsoft 1.5802 2010.06.01 -
NOD32 5164 2010.06.01 -
Norman 6.04.12 2010.06.01 -
nProtect 2010-06-01.02 2010.06.01 -
Panda 10.0.2.7 2010.06.01 -
PCTools 7.0.3.5 2010.06.01 -
Prevx 3.0 2010.06.01 -
Rising 22.50.01.03 2010.06.01 -
Sophos 4.53.0 2010.06.01 -
Sunbelt 6387 2010.06.01 -
Symantec 20101.1.0.89 2010.06.01 -
TheHacker 6.5.2.0.290 2010.05.31 -
TrendMicro 9.120.0.1004 2010.06.01 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.01 -
VBA32 3.12.12.5 2010.06.01 -
ViRobot 2010.6.1.2333 2010.06.01 -
VirusBuster 5.0.27.0 2010.06.01 -
Rozšiřující informace
File size: 11264 bytes
MD5 : 59500ff724b0d35474d16d2fa26fbfa9
SHA1 : 950213d2e7df6aa2a5d2bd53b8a25d8998600c54
SHA256: 74113cc1e5913dfcc5c199d209b228755dcd5892b055a6c6150bccf48a43d306
PEInfo: PE Structure information( base data )entrypointaddress.: 0x0timedatestamp.....: 0x462CA444 (Mon Apr 23 14:19:16 2007)machinetype.......: 0x14C (Intel I386)( 2 sections )name viradd virsiz rawdsiz ntrpy md5.rsrc 0x1000 0x3000 0x2800 3.67 1198da6a2e27a49343cfda986442dda5.reloc 0x4000 0x8 0x200 0.02 2c38765194d27b75f56d0565088a53ee( 0 imports )( 0 exports )
TrID : File type identificationGeneric Win/DOS Executable (49.9%)DOS Executable Generic (49.8%)Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ssdeep: 192:rcTIGcHKMe9p7yhtsPBlFvusg33boWkVQPV+U4w8:rcTIfHah3msWfuSB4w
sigcheck: publisher....: n/acopyright....: Copyright (c) 2005 SDL International. Copyright (c) 1992-2005 TRADOS Inc.product......: TW4Windescription..: Dialogs DLLoriginal name: Dialogs.DLLinternal name: Dialogsfile version.: TW4Win 2.2.5, Build 79comments.....: n/asigners......: -signing date.: -verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set-
VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!

P.S. ComboFix mužu spustit až za chvily. Teď je na druhém (problémovém PC) nějaká neodkladná práce.

[bledulka]

Nevadí, pusť ho až budeš moci.

[Zdendys75]

Tak dnes ráno se spouští vista dle normálu, tak nevím, co to včera bylo. Log pro jistotu zasílám. Ještě jeden dotaz. Proč windows pořád blokuje po spuštění tenhle program "ADI RAS setup application"? Nechci to odblokovávat, abych nenadělal nějakou paseku.

ComboFix 10-06-14.02 - Renatina 18.06.2010 11:05:58.3.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.764.90 [GMT 2:00]
Spuštěný z: c:\users\Renatina\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-05-18 do 2010-06-18 )))))))))))))))))))))))))))))))
.

2010-06-18 09:20 . 2010-06-18 09:21 -------- d-----w- c:\users\Renatina\AppData\Local\temp
2010-06-18 09:20 . 2010-06-18 09:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-18 09:20 . 2010-06-18 09:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-15 22:28 . 2010-06-15 22:28 -------- d-----w- C:\$RECYCLE(0).BIN
2010-06-15 08:48 . 2010-06-15 08:48 -------- d-----w- c:\users\Renatina\AppData\Roaming\Malwarebytes
2010-06-15 08:48 . 2010-06-15 08:48 -------- d-----w- c:\programdata\Malwarebytes
2010-06-15 08:48 . 2010-06-15 08:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-15 08:20 . 2010-06-15 08:20 -------- d-----w- C:\UsbFix
2010-06-14 11:45 . 2010-06-14 11:46 388096 ----a-r- c:\users\Renatina\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-14 11:31 . 2010-06-14 11:31 -------- d-----w- c:\program files\CCleaner
2010-06-14 11:29 . 2010-06-14 11:29 -------- d-----w- c:\program files\Trend Micro
2010-06-13 14:12 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-13 14:12 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-13 14:12 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-13 14:11 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-05-26 21:01 . 2006-10-24 05:47 534528 ------w- c:\programdata\HP\Installer\Temp\dpinst_x32\dpinst.exe
2010-05-26 12:29 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 08:56 . 2008-04-19 19:48 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-06-18 08:56 . 2008-08-13 14:11 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-06-18 08:56 . 2008-08-04 13:56 -------- d-----w- c:\programdata\hpqLog
2010-06-18 00:03 . 2008-08-13 18:50 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-17 13:00 . 2008-04-19 19:51 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-06-17 10:01 . 2009-11-09 22:49 1 ----a-w- c:\users\Renatina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-14 07:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-14 07:26 . 2008-08-04 14:23 -------- d-----w- c:\programdata\Microsoft Help
2010-06-13 14:04 . 2009-12-29 14:24 -------- d-----w- c:\programdata\FLEXnet
2010-06-13 13:24 . 2008-04-17 10:02 635994 ----a-w- c:\windows\system32\perfh005.dat
2010-06-13 13:24 . 2008-04-17 10:02 134788 ----a-w- c:\windows\system32\perfc005.dat
2010-05-26 21:14 . 2008-08-13 14:01 -------- d-----w- c:\program files\Windows Live
2010-05-26 13:24 . 2010-04-28 16:08 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-12 09:21 . 2009-10-02 19:49 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-13 14:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-13 14:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-13 14:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-13 14:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-15 16:49 . 2010-03-03 17:49 1335048 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-04-15 12:58 . 2009-03-31 20:05 680 ----a-w- c:\users\Renatina\AppData\Local\d3d9caps.dat
2010-04-08 14:48 . 2010-03-24 17:05 17160 ----a-w- c:\windows\Help\OEM\scripts\HPHCDisableObject.exe
2010-04-06 15:52 . 2010-04-28 16:08 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_Launch.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2009-07-21 1339320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-02 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-14 10244096]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-24 197904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"autoclk"="autoclk.exe" [2003-01-30 143360]
"adiras"="adiras.exe" [2003-10-30 1474560]

c:\users\Renatina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-13 727592]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2010-3-21 962663]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-8-4 197904]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
SDL Trados 2007 Speed Launcher.lnk - c:\program files\SDL International\SDL Trados Synergy 2007\Synergy.exe [2007-12-18 765952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,53,b4,2e,f0,8a,ca,01

R2 NewServiceInstall1;NewServiceInstall1;c:\program files\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng [2007-04-23 11264]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSP;avast! Self Protection; [x]
S1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\Drivers\NEOFLTR_650_14951.SYS [2009-12-09 85288]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2009-07-21 66288]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-02 18944]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-30 256512]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-14 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [2008-03-27 51040]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-06-18 c:\windows\Tasks\User_Feed_Synchronization-{646B022F-8486-4F46-B564-F86AB5B3175A}.job
- c:\windows\system32\msfeedssync.exe [2010-06-13 04:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ihned.cz/
mStart Page = hxxp://www.t-zones.cz
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {C62645C0-88A5-4432-B8D7-8CF301544B40} = 194.228.41.113 160.218.161.54
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://neo.csa.cz/dana-cached/sc/Junip ... Client.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 11:21
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NewServiceInstall1]
"ImagePath"="\"c:\program files\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\System32\APSHook.dll

- - - - - - - > 'lsass.exe'(640)
c:\windows\System32\APSHook.dll

- - - - - - - > 'Explorer.exe'(6016)
c:\windows\system32\btmmhook.dll
c:\program files\Aberger\HfAsistent\FotoSync.dll
c:\program files\Aberger\HfAsistent\xerc2701.dll
c:\program files\Aberger\HfAsistent\fotosynr.dll
.
Celkový čas: 2010-06-18 11:28:26
ComboFix-quarantined-files.txt 2010-06-18 09:28
ComboFix2.txt 2010-06-17 12:45
ComboFix3.txt 2010-06-15 22:44
ComboFix4.txt 2010-06-14 22:54

Před spuštěním: Volných bajtů: 60 311 654 400
Po spuštění: Volných bajtů: 60 268 048 384

- - End Of File - - 94BCD6E0C4D043ED2C6294676E87FE8E

[bledulka]

A je to tam zase zpátky.
Nedělali jste náhodou obnovu systému?

Prosím tě otestuj na www.virustotal.com
c:\programdata\HP\Installer\Temp\dpinst_x32\dpinst.exe
c:\windows\adiras.exe
c:\windows\autoclk.exe

[Zdendys75]

jj, včera jak to nechtělo naskočit. Tak já to projedu dle předešlích instrukcí, asi.

Soubor adiras.exe přijatý 2010.06.18 17:04:59 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 14.
Odhadovaný čas začátku mezi 122 a 175 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.26 2010.06.18 -
AhnLab-V3 2010.06.18.05 2010.06.18 -
AntiVir 8.2.2.6 2010.06.18 -
Antiy-AVL 2.0.3.7 2010.06.18 -
Authentium 5.2.0.5 2010.06.18 -
Avast 4.8.1351.0 2010.06.18 -
Avast5 5.0.332.0 2010.06.18 -
AVG 9.0.0.787 2010.06.18 -
BitDefender 7.2 2010.06.18 -
CAT-QuickHeal 10.00 2010.06.18 -
ClamAV 0.96.0.3-git 2010.06.18 -
Comodo 5143 2010.06.18 -
DrWeb 5.0.2.03300 2010.06.18 -
eSafe 7.0.17.0 2010.06.17 -
eTrust-Vet 36.1.7646 2010.06.18 -
F-Prot 4.6.1.107 2010.06.17 -
F-Secure 9.0.15370.0 2010.06.18 -
Fortinet 4.1.133.0 2010.06.18 -
GData 21 2010.06.18 -
Ikarus T3.1.1.84.0 2010.06.18 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.18 -
McAfee 5.400.0.1158 2010.06.18 -
McAfee-GW-Edition 2010.1 2010.06.18 -
Microsoft None 2010.06.18 -
NOD32 5208 2010.06.18 -
Norman 6.05.06 2010.06.17 -
nProtect 2010-06-18.01 2010.06.18 -
Panda 10.0.2.7 2010.06.18 -
PCTools 7.0.3.5 2010.06.18 -
Prevx 3.0 2010.06.18 -
Rising 22.52.04.04 2010.06.18 -
Sophos 4.54.0 2010.06.18 -
Sunbelt 6467 2010.06.18 -
Symantec 20101.1.0.89 2010.06.18 -
TheHacker 6.5.2.0.300 2010.06.18 -
TrendMicro 9.120.0.1004 2010.06.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.18 -
VBA32 3.12.12.5 2010.06.18 -
ViRobot 2010.6.14.3884 2010.06.18 -
VirusBuster 5.0.27.0 2010.06.18 -
Rozšiřující informace
File size: 1474560 bytes
MD5...: 4f86135ac277f7bc0b2dffbaa3de51f9
SHA1..: 732440020c97629015e45243995368ce8d4e4535
SHA256: edb26784ba97e7eb9b77ee513ac4157046e571ab683a75fec1280e91b0d74ffd
ssdeep: 24576:J7imC02ofzvK5+AcR6IgJxfj1g2vIRfrt4kVFk2vkK:NEkOQcdjSAf8kK

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7f021
timedatestamp.....: 0x3fa0bce5 (Thu Oct 30 07:25:25 2003)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.textbss 0x1000 0x76749 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.text 0x78000 0x1104ed 0x111000 5.31 f79fd4bbcccd62f52dd6f5f932f42c4a
.rdata 0x189000 0x1c3fc 0x1d000 4.25 3089da4c6d60f1e99d9b72e7a439c57e
.data 0x1a6000 0x34968 0x30000 4.72 34ec422b5a36e46b45ddbec720a5f1bf
.idata 0x1db000 0x5b59 0x6000 5.01 863212b578bfa6c88b549314da07b39f
.rsrc 0x1e1000 0x26d3 0x3000 2.39 68d7511ffb5c0215a13c39ced7056a85

( 13 imports )
> RASAPI32.dll: RasEnumConnectionsA, RasHangUpA, RasGetConnectStatusA, RasDeleteEntryA, RasEnumDevicesA, RasSetEntryPropertiesA, RasGetEntryPropertiesA
> KERNEL32.dll: GetFullPathNameA, GetVersion, GlobalFree, GlobalAlloc, GetPrivateProfileStringA, GetVersionExA, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, Sleep, lstrcpyA, WritePrivateProfileStringA, IsBadStringPtrA, FindResourceA, SizeofResource, LockResource, LoadResource, WideCharToMultiByte, GetEnvironmentVariableW, MultiByteToWideChar, GetEnvironmentVariableA, CompareStringW, CompareStringA, lstrlenW, GetStringTypeExW, GetStringTypeExA, lstrcmpiW, lstrcmpiA, lstrlenA, CloseHandle, CreateFileA, GetCurrentProcess, FindResourceExA, GetUserDefaultLangID, lstrcpynA, GetProcAddress, GetModuleHandleA, lstrcmpW, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, OpenEventA, lstrcpyW, OutputDebugStringW, FileTimeToLocalFileTime, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, OpenFileMappingA, GetModuleFileNameW, GlobalGetAtomNameA, GetCurrentThreadId, GetLastError, FreeLibrary, SetEnvironmentVariableA, GetLocaleInfoW, SetStdHandle, GetTimeZoneInformation, VirtualQuery, GetSystemInfo, GetUserDefaultLCID, EnumSystemLocalesA, IsValidCodePage, IsValidLocale, GetDateFormatA, GetTimeFormatA, IsBadCodePtr, GetStringTypeW, GetStringTypeA, SetUnhandledExceptionFilter, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, UnhandledExceptionFilter, LCMapStringW, LCMapStringA, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, HeapReAlloc, SetConsoleCtrlHandler, FatalAppExitA, GetProcessHeap, HeapAlloc, HeapFree, ExitThread, CreateThread, TerminateProcess, ExitProcess, GetCommandLineA, GetStartupInfoA, HeapValidate, OutputDebugStringA, GetStdHandle, RaiseException, DebugBreak, RtlUnwind, LocalLock, LocalUnlock, SetFileAttributesA, LocalFileTimeToFileTime, GetDiskFreeSpaceA, GetTempFileNameA, GetFileTime, SetFileTime, GetFileAttributesA, GetShortPathNameA, LoadLibraryA, GetVolumeInformationA, FindFirstFileA, FindClose, DeleteFileA, MoveFileA, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, DuplicateHandle, GetCurrentDirectoryA, SystemTimeToFileTime, FileTimeToSystemTime, GetProfileIntA, VirtualProtect, IsBadReadPtr, IsBadWritePtr, InterlockedIncrement, CopyFileA, GetOEMCP, GetCPInfo, GlobalFlags, InterlockedDecrement, SetErrorMode, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalAlloc, GetPrivateProfileIntA, CreateEventA, SetEvent, WaitForSingleObject, lstrcmpA, GetModuleFileNameA, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesA, GlobalSize, FormatMessageA, LocalFree, GlobalLock, GlobalUnlock, MulDiv, SetLastError, SuspendThread, ResumeThread, GetThreadPriority, SetThreadPriority, FreeResource, lstrcatA
> USER32.dll: SetMenuContextHelpId, LoadMenuIndirectA, RemoveMenu, ModifyMenuA, InsertMenuItemA, InsertMenuA, SetMenuItemInfoA, GetMenuItemInfoA, GetMenuStringA, GetMenuState, GetMenuItemID, GetMenuDefaultItem, SetMenuDefaultItem, EnableMenuItem, CheckMenuItem, AppendMenuA, DeleteMenu, IsMenu, CreatePopupMenu, CreateMenu, ScrollDC, GrayStringA, GetTabbedTextExtentA, DrawTextExA, DrawTextA, DrawFocusRect, DrawFrameControl, DrawEdge, DrawStateA, DrawIcon, InvertRect, FrameRect, FillRect, ExcludeUpdateRgn, WindowFromDC, GetSysColorBrush, wsprintfA, GetMenuItemCount, GetSubMenu, UnpackDDElParam, ReuseDDElParam, LoadMenuA, DestroyMenu, SetCursor, ReleaseCapture, TranslateAcceleratorA, LoadAcceleratorsA, TabbedTextOutA, GetMenuCheckMarkDimensions, LoadBitmapA, SetMenuItemBitmaps, OpenIcon, CloseWindow, PostThreadMessageA, MapDialogRect, GetWindowContextHelpId, SetWindowContextHelpId, SendNotifyMessageA, GetForegroundWindow, SetForegroundWindow, ShowCaret, HideCaret, SetCaretPos, GetCaretPos, CreateCaret, GetClipboardViewer, GetClipboardOwner, GetOpenClipboardWindow, OpenClipboard, SetClipboardViewer, ChangeClipboardChain, FlashWindow, WindowFromPoint, SetParent, GetLastActivePopup, FindWindowExA, FindWindowA, ChildWindowFromPointEx, ChildWindowFromPoint, ShowScrollBar, GetNextDlgTabItem, GetNextDlgGroupItem, DlgDirSelectComboBoxExA, DlgDirSelectExA, DlgDirListComboBoxA, GetMenuContextHelpId, GetDesktopWindow, SetCapture, GetActiveWindow, KillTimer, SetTimer, DrawCaption, DrawAnimatedRects, EnableScrollBar, RedrawWindow, LockWindowUpdate, GetDCEx, ShowOwnedPopups, IsWindowVisible, ValidateRgn, ValidateRect, LoadCursorA, DefWindowProcA, PostQuitMessage, CharLowerW, CharLowerA, CharUpperW, CharUpperA, MsgWaitForMultipleObjects, IsWindowUnicode, GetMessageW, DispatchMessageW, SubtractRect, UnionRect, InflateRect, SetRect, InvalidateRgn, InvalidateRect, GetUpdateRgn, GetUpdateRect, UpdateWindow, ReleaseDC, GetWindowDC, GetDC, EndPaint, BeginPaint, ClientToScreen, BringWindowToTop, GetWindowRgn, SetWindowRgn, ArrangeIconicWindows, IsZoomed, HiliteMenuItem, GetSystemMenu, DrawMenuBar, CheckMenuRadioItem, EndDialog, TranslateMessage, GetMessageA, GetCursorPos, GetClipboardFormatNameA, GetAsyncKeyState, SetRectEmpty, GetKeyNameTextA, MapVirtualKeyA, SetMenu, GetMenu, DragDetect, PostMessageA, EnableWindow, IsWindowEnabled, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, ScrollWindowEx, IsDlgButtonChecked, SetDlgItemTextA, SetDlgItemInt, GetDlgItemTextA, GetDlgItemInt, CheckRadioButton, CheckDlgButton, LoadIconA, SendDlgItemMessageA, GetClientRect, MapWindowPoints, GetSysColor, PeekMessageA, DispatchMessageA, GetFocus, SetActiveWindow, SetFocus, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, BeginDeferWindowPos, CopyRect, EndDeferWindowPos, ScrollWindow, GetScrollInfo, GetDialogBaseUnits, DestroyIcon, IsClipboardFormatAvailable, MessageBeep, DlgDirListA, PtInRect, IsRectEmpty, MessageBoxA, ExitWindowsEx, GetSystemMetrics, GetWindowRect, GetWindowPlacement, IsIconic, SystemParametersInfoA, IntersectRect, OffsetRect, RegisterWindowMessageA, SetWindowPos, SetWindowLongA, GetWindowLongA, GetMessagePos, GetMessageTime, RemovePropA, CallWindowProcA, GetPropA, UnhookWindowsHookEx, SetPropA, SetScrollInfo, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, GetTopWindow, IsChild, GetParent, GetWindow, GetCapture, WinHelpA, GetClassInfoA, RegisterClassA, UnregisterClassA, TrackPopupMenuEx, TrackPopupMenu, SetWindowPlacement, GetDlgItem, GetWindowTextLengthA, GetWindowTextA, GetKeyState, DestroyWindow, SendMessageA, GetDlgCtrlID, IsWindow, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, GetClassInfoExA, GetClassNameA, CreateDialogIndirectParamA
> GDI32.dll: SetStretchBltMode, SetROP2, SetPolyFillMode, SetBkMode, SelectPalette, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, ExtTextOutA, CloseEnhMetaFile, CreateEnhMetaFileA, CloseMetaFile, CreateMetaFileA, CreateBitmap, GetObjectA, SetBkColor, SetTextColor, GetClipBox, GetDCOrgEx, GetNearestPaletteIndex, ResizePalette, CreateRectRgnIndirect, CreateEllipticRgn, CreateEllipticRgnIndirect, CreatePolygonRgn, CreatePolyPolygonRgn, CreateRoundRectRgn, PathToRegion, ExtCreateRegion, GetRegionData, SetRectRgn, CombineRgn, EqualRgn, OffsetRgn, GetRgnBox, PtInRegion, RectInRegion, CreateDCA, CreateICA, CreateCompatibleDC, GetBrushOrgEx, SetBrushOrgEx, EnumObjects, GetNearestColor, RealizePalette, UpdateColors, GetBkColor, GetBkMode, GetPolyFillMode, GetROP2, GetStretchBltMode, GetTextColor, GetMapMode, GetViewportOrgEx, GetViewportExtEx, GetWindowOrgEx, GetWindowExtEx, DPtoLP, LPtoDP, FillRgn, FrameRgn, InvertRgn, PaintRgn, PtVisible, RectVisible, Arc, Polyline, SetMapMode, Ellipse, Pie, Polygon, PolyPolygon, Rectangle, RoundRect, PatBlt, BitBlt, StretchBlt, GetPixel, SetPixel, FloodFill, ExtFloodFill, TextOutA, GetTextExtentPoint32A, GetTextAlign, GetTextFaceA, GetTextMetricsA, GetTextCharacterExtra, GetCharWidthA, GetFontLanguageInfo, GetCharacterPlacementA, GetAspectRatioFilterEx, Escape, SetBoundsRect, GetBoundsRect, ResetDCA, GetOutlineTextMetricsA, GetCharABCWidthsA, GetFontData, GetKerningPairsA, GetGlyphOutlineA, StartDocA, StartPage, EndPage, SetAbortProc, AbortDoc, EndDoc, MaskBlt, PlgBlt, SetPixelV, AngleArc, GetArcDirection, PolyPolyline, GetColorAdjustment, GetCurrentObject, PolyBezier, DrawEscape, ExtEscape, GetCharABCWidthsFloatA, GetCharWidthFloatA, AbortPath, BeginPath, CloseFigure, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, EndPath, FillPath, FlattenPath, GetMiterLimit, GetPath, SetMiterLimit, StrokeAndFillPath, StrokePath, WidenPath, GdiComment, PlayEnhMetaFile, CopyMetaFileA, StretchDIBits, ScaleViewportExtEx, SetWindowOrgEx, OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, SelectClipRgn, ExcludeClipRect, IntersectClipRect, OffsetClipRgn, MoveToEx, LineTo, SetTextAlign, SetTextJustification, SetTextCharacterExtra, SetMapperFlags, GetCurrentPositionEx, ArcTo, SetArcDirection, PolyDraw, PolylineTo, SetColorAdjustment, PolyBezierTo, DeleteObject, GetClipRgn, CreateRectRgn, SelectClipPath, ExtSelectClipRgn, PlayMetaFileRecord, GetObjectType, EnumMetaFile, PlayMetaFile, GetDeviceCaps, CreatePen, ExtCreatePen, CreateSolidBrush, CreateHatchBrush, CreatePatternBrush, CreateDIBPatternBrushPt, UnrealizeObject, CreatePenIndirect, CreateBrushIndirect, CreateFontIndirectA, CreateFontA, CreateBitmapIndirect, SetBitmapBits, AnimatePalette, GetBitmapBits, SetBitmapDimensionEx, GetBitmapDimensionEx, CreateCompatibleBitmap, CreateDiscardableBitmap, CreatePalette, CreateHalftonePalette, GetPaletteEntries, SetPaletteEntries, Chord
> comdlg32.dll: GetSaveFileNameA, GetFileTitleA, ChooseColorA, ReplaceTextA, FindTextA, PageSetupDlgA, PrintDlgA, CommDlgExtendedError, GetOpenFileNameA
> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA, GetJobA
> ADVAPI32.dll: OpenThreadToken, SetThreadToken, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegEnumValueA, RegQueryValueExA, RegOpenKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegSetValueA, RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegCreateKeyA, SetFileSecurityA, GetFileSecurityA, RevertToSelf
> SHELL32.dll: SHGetFileInfoA, SHGetSpecialFolderLocation, SHGetMalloc, SHGetDesktopFolder, DragAcceptFiles, ExtractIconA, SHGetPathFromIDListA, DragQueryFileA, DragFinish
> COMCTL32.dll: ImageList_GetImageCount, -, ImageList_Write, ImageList_Read, ImageList_Merge, ImageList_LoadImageA, ImageList_Add, ImageList_Destroy, -, CreatePropertySheetPageA, DestroyPropertySheetPage, PropertySheetA, -, -, ImageList_AddMasked, ImageList_Remove, ImageList_Replace, ImageList_Copy, ImageList_SetImageCount, ImageList_DragLeave, ImageList_DragEnter, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_EndDrag, ImageList_BeginDrag, ImageList_GetImageInfo, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_DrawEx, ImageList_Draw, ImageList_GetIcon, ImageList_Create, ImageList_DragMove, ImageList_ReplaceIcon
> SHLWAPI.dll: PathRemoveExtensionA, PathFindFileNameA, PathIsUNCA, PathFindExtensionA, PathStripToRootA
> ole32.dll: CreateBindCtx, CoTaskMemAlloc, OleDuplicateData, CoUninitialize, CoInitialize, CoCreateInstance, CoDisconnectObject, StringFromGUID2, CoTaskMemFree, CLSIDFromProgID, OleRun, SetConvertStg, WriteFmtUserTypeStg, WriteClassStg, OleRegGetUserType, ReadFmtUserTypeStg, ReadClassStg, CoReleaseMarshalData, CoMarshalInterface, CreateStreamOnHGlobal, CoUnmarshalInterface, CoRevokeClassObject, CoRegisterClassObject, StringFromCLSID, CoTreatAsClass, CLSIDFromString, ReleaseStgMedium
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> OLEACC.dll: LresultFromObject, AccessibleObjectFromWindow, CreateStdAccessibleObject

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....:
copyright....: Copyright (C) 2001 Analog Devices
product......: adiras Application
description..: ADI RAS setup Application
original name: adiras.exe
internal name: adiras
file version.: 1, 0, 0, 1
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned



VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!


Soubor autoclk.exe přijatý 2010.06.18 17:09:11 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 43 a 62 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.26 2010.06.18 -
AhnLab-V3 2010.06.18.05 2010.06.18 -
AntiVir 8.2.2.6 2010.06.18 -
Antiy-AVL 2.0.3.7 2010.06.18 -
Authentium 5.2.0.5 2010.06.18 -
Avast 4.8.1351.0 2010.06.18 -
Avast5 5.0.332.0 2010.06.18 -
AVG 9.0.0.787 2010.06.18 -
BitDefender 7.2 2010.06.18 -
CAT-QuickHeal 10.00 2010.06.18 -
ClamAV 0.96.0.3-git 2010.06.18 -
Comodo 5143 2010.06.18 -
DrWeb 5.0.2.03300 2010.06.18 -
eSafe 7.0.17.0 2010.06.17 -
eTrust-Vet 36.1.7646 2010.06.18 -
F-Prot 4.6.1.107 2010.06.17 -
F-Secure 9.0.15370.0 2010.06.18 -
Fortinet 4.1.133.0 2010.06.18 -
GData 21 2010.06.18 -
Ikarus T3.1.1.84.0 2010.06.18 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.18 -
McAfee 5.400.0.1158 2010.06.18 -
McAfee-GW-Edition 2010.1 2010.06.18 -
Microsoft 1.5902 2010.06.18 -
NOD32 5208 2010.06.18 -
Norman 6.05.06 2010.06.17 -
nProtect 2010-06-18.01 2010.06.18 -
Panda 10.0.2.7 2010.06.18 -
PCTools 7.0.3.5 2010.06.18 -
Prevx 3.0 2010.06.18 -
Rising 22.52.04.04 2010.06.18 -
Sophos 4.54.0 2010.06.18 -
Sunbelt 6467 2010.06.18 -
Symantec 20101.1.0.89 2010.06.18 -
TheHacker 6.5.2.0.300 2010.06.18 -
TrendMicro 9.120.0.1004 2010.06.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.18 -
VBA32 3.12.12.5 2010.06.18 -
ViRobot 2010.6.14.3884 2010.06.18 -
VirusBuster 5.0.27.0 2010.06.18 -
Rozšiřující informace
File size: 143360 bytes
MD5...: aebc034888efd533001b741e172e6463
SHA1..: 8f3418c33a92d62774ed9d91a6ee8dc1773a566a
SHA256: 68e28a9070b44dbc7966c22a436329d24b39e97e8a74c05ccae7a2d97dce1795
ssdeep: 3072:6lh2Y1Ja5eBzmnwAJd0qlVQJo3DBIGPKi:0zxAj7RI

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x251a
timedatestamp.....: 0x3e38d90f (Thu Jan 30 07:49:35 2003)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1340e 0x14000 6.43 acabbb1b1591e507ed0d11f082b3d07c
.rdata 0x15000 0x50c2 0x6000 4.24 c864a3a5c08be60442519082b9019d03
.data 0x1b000 0x6f7c 0x4000 1.72 2e85916b696bcb0798a3a22c9cf90988
.rsrc 0x22000 0x3b78 0x4000 3.69 80fdeda3894191ddd2b830ffb78eb624

( 7 imports )
> KERNEL32.dll: RtlUnwind, GetStartupInfoA, GetCommandLineA, ExitProcess, TerminateProcess, HeapFree, HeapAlloc, RaiseException, HeapReAlloc, HeapSize, GetACP, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetFileType, VirtualFree, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, GetCurrentThread, GetCurrentThreadId, GlobalLock, GlobalUnlock, GlobalFree, CloseHandle, GetVersion, LoadLibraryA, FreeLibrary, SetFilePointer, FlushFileBuffers, GetCurrentProcess, WriteFile, GetOEMCP, SetErrorMode, GetCPInfo, GetProcessVersion, TlsSetValue, TlsGetValue, LocalReAlloc, LeaveCriticalSection, EnterCriticalSection, GlobalReAlloc, DeleteCriticalSection, TlsFree, GlobalHandle, LocalAlloc, TlsAlloc, InitializeCriticalSection, GetEnvironmentVariableA, GlobalFlags, GetLastError, LoadResource, FindResourceA, GetVersionExA, MultiByteToWideChar, LockResource, InterlockedIncrement, InterlockedDecrement, LocalFree, WideCharToMultiByte, SetLastError, lstrcpynA, MulDiv, GlobalAddAtomA, lstrcatA, GlobalGetAtomNameA, GetModuleHandleA, GlobalFindAtomA, lstrcpyA, WritePrivateProfileStringA, GetProcAddress, lstrlenA, GetModuleFileNameA, lstrcmpA, GlobalAlloc, GlobalDeleteAtom, HeapDestroy, lstrcmpiA, HeapCreate, GetStdHandle
> USER32.dll: GetSubMenu, GetMenuItemCount, GetMenu, RegisterClassA, GetClassInfoA, WinHelpA, GetCapture, GetTopWindow, EndDeferWindowPos, CopyRect, BeginDeferWindowPos, GetClientRect, DeferWindowPos, EqualRect, ScreenToClient, AdjustWindowRectEx, GetSysColor, MapWindowPoints, LoadIconA, ClientToScreen, GetDC, ReleaseDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, SetRectEmpty, LoadAcceleratorsA, TranslateAcceleratorA, ReleaseCapture, DestroyMenu, LoadMenuA, SetMenu, ReuseDDElParam, UnpackDDElParam, InvalidateRect, BringWindowToTop, GetClassNameA, PtInRect, GetSysColorBrush, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, GetMenuItemID, GetMessagePos, GetForegroundWindow, SetForegroundWindow, CreateWindowExA, RegisterWindowMessageA, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, wsprintfA, SetFocus, ShowWindow, SetWindowPos, SetWindowLongA, GetDlgCtrlID, SetWindowTextA, IsDialogMessageA, SendDlgItemMessageA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetMessageA, TranslateMessage, DispatchMessageA, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetLastActivePopup, MessageBoxA, SetCursor, ShowOwnedPopups, GetNextDlgTabItem, EndDialog, GetActiveWindow, SetActiveWindow, IsWindow, GetSystemMetrics, CreateDialogIndirectParamA, DestroyWindow, GetParent, GetWindowLongA, GetDlgItem, IsWindowEnabled, SendMessageA, GetWindowTextA, PostMessageA, KillTimer, DefWindowProcA, GetMessageTime, RemovePropA, GetWindow, PostQuitMessage, GetDesktopWindow, EnumChildWindows, SetTimer, LoadCursorA, EnableWindow, LoadStringA, UpdateWindow, LoadBitmapA, GetMenuCheckMarkDimensions, UnregisterClassA
> GDI32.dll: CreateBitmap, SetTextColor, SetBkColor, GetClipBox, DeleteDC, GetObjectA, RestoreDC, SelectObject, SaveDC, GetStockObject, SetViewportOrgEx, OffsetViewportOrgEx, SetMapMode, ScaleViewportExtEx, SetViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, DeleteObject, GetDeviceCaps, PtVisible, RectVisible, ExtTextOutA, Escape, TextOutA
> WINSPOOL.DRV: DocumentPropertiesA, ClosePrinter, OpenPrinterA
> ADVAPI32.dll: RegOpenKeyExA, RegCloseKey, RegQueryValueExA, RegCreateKeyExA, RegDeleteValueA, RegEnumValueA, RegSetValueExA
> SHELL32.dll: DragFinish, DragQueryFileA
> COMCTL32.dll: -

( 0 exports )

RDS...: NSRL Reference Data Set
-
trid..: Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
sigcheck:
publisher....:
copyright....: Copyright (C) 2002
product......: autoclk Application
description..: autoclk MFC Application
original name: autoclk.EXE
internal name: autoclk
file version.: 1, 0, 0, 1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

pdfid.: -


Soubor dpinst.exe přijatý 2010.06.18 17:14:48 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 43 a 62 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.26 2010.06.18 -
AhnLab-V3 2010.06.18.05 2010.06.18 -
AntiVir 8.2.2.6 2010.06.18 -
Antiy-AVL 2.0.3.7 2010.06.18 -
Authentium 5.2.0.5 2010.06.18 -
Avast 4.8.1351.0 2010.06.18 -
Avast5 5.0.332.0 2010.06.18 -
AVG 9.0.0.787 2010.06.18 -
BitDefender 7.2 2010.06.18 -
CAT-QuickHeal 10.00 2010.06.18 -
ClamAV 0.96.0.3-git 2010.06.18 -
Comodo 5144 2010.06.18 -
DrWeb 5.0.2.03300 2010.06.18 -
eSafe 7.0.17.0 2010.06.17 -
eTrust-Vet 36.1.7646 2010.06.18 -
F-Prot 4.6.1.107 2010.06.17 -
F-Secure 9.0.15370.0 2010.06.18 -
Fortinet 4.1.133.0 2010.06.18 -
GData 21 2010.06.18 -
Ikarus T3.1.1.84.0 2010.06.18 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.18 -
McAfee 5.400.0.1158 2010.06.18 -
McAfee-GW-Edition 2010.1 2010.06.18 -
Microsoft 1.5902 2010.06.18 -
NOD32 5208 2010.06.18 -
Norman 6.05.06 2010.06.17 -
nProtect 2010-06-18.01 2010.06.18 -
Panda 10.0.2.7 2010.06.18 -
PCTools 7.0.3.5 2010.06.18 -
Prevx 3.0 2010.06.18 -
Rising 22.52.04.04 2010.06.18 -
Sophos 4.54.0 2010.06.18 -
Sunbelt 6467 2010.06.18 -
Symantec 20101.1.0.89 2010.06.18 -
TheHacker 6.5.2.0.300 2010.06.18 -
TrendMicro 9.120.0.1004 2010.06.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.18 -
VBA32 3.12.12.5 2010.06.18 -
ViRobot 2010.6.14.3884 2010.06.18 -
VirusBuster 5.0.27.0 2010.06.18 -
Rozšiřující informace
File size: 534528 bytes
MD5...: 959d935eca4113ca0c0cc0bfc5739c0a
SHA1..: bb3f140a7b4323e40ea930746e52ff74930849c6
SHA256: 1379960d47b79370e8dd7a07ca8c384fc5c92de42e1b71cb9cf449274549f312
ssdeep: 12288:sqQ3qCyaGWcB9YVfHm170KJut5LzP7Uu:szwW1+0xzPA

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2122a
timedatestamp.....: 0x44c05c8c (Fri Jul 21 04:48:12 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x60eba 0x61000 6.25 f7afbb94efb5b30c7e79862daef0df45
.data 0x62000 0x3d40 0x1800 3.35 165b9e608cc994ec2e76ea242918b012
.rsrc 0x66000 0x19e60 0x1a000 4.32 694a79f8d46890a2559f00b44b90f294
.reloc 0x80000 0x5b1c 0x5c00 5.52 5805abc28a06efc0cbd3f66c886ac503

( 14 imports )
> ADVAPI32.dll: RegCloseKey, RegQueryValueExW, RegOpenKeyExW, FreeSid, EqualSid, AllocateAndInitializeSid, GetTokenInformation, OpenProcessToken, IsTextUnicode, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, CheckTokenMembership, ConvertStringSecurityDescriptorToSecurityDescriptorW, SetEntriesInAclW, DeleteService, StartServiceW, ControlService, OpenSCManagerW, CloseServiceHandle, OpenServiceW, QueryServiceStatus, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegDeleteKeyW
> KERNEL32.dll: DeleteFileW, ReleaseMutex, SetFilePointer, HeapFree, GetProcessHeap, HeapAlloc, CreateMutexW, FreeLibrary, FreeConsole, SetConsoleCursorPosition, FillConsoleOutputCharacterW, ReadConsoleOutputW, GetConsoleScreenBufferInfo, SetConsoleMode, GetConsoleMode, GetStdHandle, GetProcAddress, LoadLibraryW, WriteConsoleOutputW, WriteConsoleW, IsValidLocale, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, GetVersionExA, HeapDestroy, HeapReAlloc, HeapSize, InterlockedExchange, WideCharToMultiByte, CompareStringW, GetEnvironmentVariableW, GetStartupInfoW, RtlUnwind, VirtualProtect, VirtualAlloc, GetModuleHandleW, GetSystemInfo, VirtualQuery, GetModuleHandleA, ExitProcess, GetModuleFileNameA, UnhandledExceptionFilter, GetModuleFileNameW, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, SetHandleCount, GetFileType, GetStartupInfoA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, OutputDebugStringA, SetUnhandledExceptionFilter, TerminateProcess, GetCPInfo, GetACP, GetOEMCP, LCMapStringA, LCMapStringW, ReadFile, LoadLibraryA, Sleep, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetConsoleCP, SetStdHandle, FlushFileBuffers, WriteConsoleA, GetConsoleOutputCP, SetEndOfFile, CreateFileA, GetFileAttributesW, lstrcmpW, lstrlenW, lstrcmpiW, GetTempFileNameW, FindFirstFileW, FindNextFileW, FindClose, CopyFileW, SetFileAttributesW, FormatMessageW, RaiseException, GetFileSize, CreateFileMappingW, MapViewOfFile, EnumResourceLanguagesW, WaitForMultipleObjects, InterlockedCompareExchange, SetEvent, CreateEventW, LocalReAlloc, DeviceIoControl, GetSystemDirectoryW, VerSetConditionMask, VerifyVersionInfoW, CreateDirectoryW, RemoveDirectoryW, GetCurrentDirectoryW, GetShortPathNameW, GetFullPathNameW, GetSystemWindowsDirectoryW, MoveFileExW, LocalFree, SearchPathW, GetSystemDefaultUILanguage, LoadLibraryExW, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, CloseHandle, GetLastError, GetCurrentProcess, GlobalFree, LocalAlloc, GetCommandLineW, GetExitCodeProcess, WaitForSingleObject, SetCurrentDirectoryW, GetWindowsDirectoryW, GetLocalTime, UnmapViewOfFile, InterlockedDecrement, InterlockedIncrement, CreateFileW, GetVersionExW, GetUserDefaultUILanguage, SetThreadLocale, GetThreadLocale, CreateThread, WriteFile, MultiByteToWideChar
> GDI32.dll: CreateCompatibleDC, SetLayout, DeleteDC, GetObjectW, CreateCompatibleBitmap, CreateBitmap, SelectObject, StartPage, EndPage, StartDocW, EndDoc, GetTextMetricsW, GetDeviceCaps, CreateFontIndirectW, DeleteObject
> USER32.dll: CharLowerW, UnregisterClassA, GetIconInfo, DrawIconEx, CreateIconIndirect, LoadIconW, LoadBitmapW, LoadImageW, GetSystemMetrics, GetSysColor, DestroyWindow, GetWindowLongW, SendDlgItemMessageW, InvalidateRect, SetWindowTextW, SystemParametersInfoW, GetDC, ReleaseDC, SetWindowLongW, SetDlgItemTextW, GetParent, PostMessageW, IsDlgButtonChecked, CheckDlgButton, SetFocus, CallWindowProcW, DestroyIcon, DialogBoxParamW, EndDialog, GetDlgItem, SendMessageW, MessageBoxW, GetProcessWindowStation, CharPrevW, GetUserObjectInformationW, DrawTextExW
> SHELL32.dll: ShellExecuteExW, CommandLineToArgvW, SHGetFolderPathW, -
> SETUPAPI.dll: SetupCloseFileQueue, SetupTermDefaultQueueCallback, SetupCommitFileQueueW, SetupDefaultQueueCallbackW, SetupInitDefaultQueueCallbackEx, SetupOpenFileQueue, SetupQueueCopyW, SetupQueueCopyIndirectW, SetupGetTargetPathW, SetupDiGetDeviceRegistryPropertyW, SetupDiCallClassInstaller, SetupDiBuildDriverInfoList, SetupDiGetDeviceInstallParamsW, SetupDiSetSelectedDevice, SetupDiOpenDeviceInfoW, SetupDiSetDeviceRegistryPropertyW, CM_Get_DevNode_Status, SetupDiEnumDeviceInfo, SetupCopyOEMInfW, SetupDiOpenDevRegKey, SetupDiGetDeviceInstanceIdW, SetupDiDestroyDeviceInfoList, SetupDiCreateDeviceInfoList, SetupDiGetDriverInfoDetailW, SetupDiGetSelectedDriverW, SetupDiSetDeviceInstallParamsW, SetupDiSetClassInstallParamsW, SetupOpenAppendInfFileW, SetupGetIntField, SetupGetFieldCount, pSetupGetGlobalFlags, pSetupSetGlobalFlags, SetupGetStringFieldW, SetupFindFirstLineW, SetupCloseInfFile, SetupGetLineCountW, SetupOpenInfFileW, SetupFindNextMatchLineW, SetupFindNextLine, SetupDiGetActualSectionToInstallW, SetupInstallServicesFromInfSectionW, SetupInstallFromInfSectionW, SetupPromptReboot, SetupInstallFilesFromInfSectionW, SetupDiOpenClassRegKey, SetupDiClassNameFromGuidW, CM_Enumerate_Classes, CM_Locate_DevNodeW, CM_Get_Device_ID_List_SizeW, CM_Get_Device_ID_ListW, CM_Get_Device_IDW, CM_Setup_DevNode, CM_Query_And_Remove_SubTreeW, CMP_WaitNoPendingInstallEvents, SetupDiGetClassDevsW
> WINTRUST.dll: CryptCATAdminCalcHashFromFileHandle, WinVerifyTrust
> ole32.dll: CoTaskMemFree, CoUninitialize, CoCreateInstance, CoInitialize, StringFromCLSID
> OLEAUT32.dll: -, -, -, -, -
> COMCTL32.dll: ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Create, CreatePropertySheetPageW, PropertySheetW
> COMDLG32.dll: PrintDlgExW, GetSaveFileNameW
> ntdll.dll: RtlNtStatusToDosError, NtClose, NtOpenThreadToken, NtOpenProcessToken, NtQueryInformationToken
> CRYPT32.dll: CertFreeCertificateContext, CertFreeCTLContext, CertGetCTLContextProperty, CryptQueryObject
> VERSION.dll: GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Driver Package Installer (DPInst)
description..: Driver Package Installer
original name: DPInst.exe
internal name: DPInst
file version.: 2.1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

[bledulka]

Sice jsou an virustotalu čisté, ale stejně bych je dala pryč. nebo víš, k jakému programu patří?
A ta obnova včera pomohla?

[Zdendys75]

nevím k čemu patří, tak to můžem zkusit. Jinak se mi zdá, že se nic moc nezměnilo. No, není to žádnej rychlík, ale každopádně tu očistu potřeboval.