Prosím o kontrolu logu z HJT, pomalý PC a nefunkční

[DirtyKing]

Ahoj,
prosím o kontrolu logu z HiJackThis v. 2.0.0.2

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:24, on 14.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Windows\FixCamera.exe
C:\Windows\tsnp325.exe
C:\Windows\vsnp325.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\Profiler\LWEMon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\system32\taskeng.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [asd0.exe] C:\Users\pc\AppData\Local\Temp\asd0.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [lxfuwile] C:\ProgramData\lxfuwile\xitwzedk.exe
O4 - HKCU\..\Run: [uoASF196g5] C:\ProgramData\lyvwlavw\botalcxi.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [InstallProgram] C:\Users\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PA3AX936\setup_225_509_[1].exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter


PC je pomalý prohlížeče nefungují jak mají (IE 7, IE 8, Chrome, Opera, Firefox ...), např.: když se klikne na odkaz tak se nenačte nebo se seknce celý prohlížeč, zejména u javascriptů.

PC jsem projel Nodem, CCcleanerem, AdaAware, Spybotem a stále nic, reinstalačku dělat nechci ..


Díky moc

[Reklama]

[jaro3]

Nedávej logy do code!! Toto ale vypadá...
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

A napiš verzi win vista 32 nebo 64bit.

[DirtyKing]

Win Vista 32bit

Log:

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1761
Windows 6.0.6001 Service Pack 1

14.2.2009 15:52:50
log

Typ skenu: Rychlý sken
Objektu skenováno: 52115
Uplynulý cas: 5 minute(s), 38 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 7
Infikované hodnoty registru: 2
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\InstallProgram (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Poté:
Vypni rez. ochranu NOD32 a štít u windows defenderu.
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)
- zavři program
Restartuj PC.
Po té si stáhni ResetTeaTimer.bat(viz. Poznámka)
a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[DirtyKing]

Log z MbAM:

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1761
Windows 6.0.6001 Service Pack 1

14.2.2009 16:23:12
mbam-log-2009-02-14 (16-23-12).txt

Typ skenu: Rychlý sken
Objektu skenováno: 51828
Uplynulý cas: 16 minute(s), 56 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 7
Infikované hodnoty registru: 2
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\InstallProgram (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)




////// Za chvíli editnu a hodím semka log z ComboFixu

[DirtyKing]

ComboFix

ComboFix 09-02-12.03 - pc 2009-02-14 16:34:57.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.1919.880 [GMT 1:00]
Spuštěný z: c:\users\pc\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *enabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-01-14 do 2009-02-14 )))))))))))))))))))))))))))))))
.

2009-02-14 15:45 . 2009-02-14 15:45 <DIR> d-------- c:\users\pc\AppData\Roaming\Malwarebytes
2009-02-14 15:45 . 2009-02-14 15:45 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-14 15:45 . 2009-02-14 15:45 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-14 15:45 . 2009-02-14 15:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-14 15:45 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-14 15:45 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-14 15:41 . 2009-02-14 15:41 103 --a------ c:\windows\wininit.ini
2009-02-14 14:47 . 2009-02-14 14:47 <DIR> d-------- c:\program files\Trend Micro
2009-02-14 14:35 . 2009-02-14 14:35 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-06 14:48 . 2009-02-06 14:48 <DIR> d-------- c:\users\pc\AppData\Roaming\Alawar
2009-02-06 14:48 . 2009-02-06 14:48 <DIR> d-------- c:\program files\Katčin Rybí krámek
2009-01-31 00:29 . 2009-01-31 00:29 <DIR> d--h----- c:\users\pc\AppData\Roaming\.piratepornload
2009-01-30 17:33 . 2009-01-30 17:33 <DIR> d-------- c:\program files\Sunbelt Software
2009-01-30 17:33 . 2008-06-21 04:54 65,576 --a------ c:\windows\System32\drivers\SbFwIm.sys
2009-01-30 17:17 . 2009-01-30 17:17 <DIR> d-------- c:\program files\ESET
2009-01-14 18:51 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 15:42 --------- d-----w c:\users\pc\AppData\Roaming\Skype
2009-02-14 15:03 --------- d-----w c:\users\pc\AppData\Roaming\skypePM
2009-02-14 14:54 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-14 14:42 --------- d-----w c:\users\pc\AppData\Roaming\OpenOffice.org2
2009-02-12 13:47 --------- d-----w c:\program files\Windows Mail
2009-02-06 13:48 --------- d-----w c:\program files\Katčin Rybí krámek
2009-02-05 14:53 --------- d-----w c:\program files\CCleaner
2009-01-30 16:36 --------- d-----w c:\users\pc\AppData\Roaming\Comodo
2009-01-30 16:36 --------- d-----w c:\program files\COMODO
2009-01-29 15:47 --------- d-----w c:\program files\TeamViewer3
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2008-12-23 09:36 --------- d-----w c:\users\pc\AppData\Roaming\Media Player Classic
2008-12-23 09:35 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-08 11:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-12-07 18:08 795,648 ----a-w c:\windows\System32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll
2008-07-21 19:32 63,488 ----a-w c:\users\pc\xobglu16.dll
2008-07-21 19:32 55,226 ----a-w c:\users\pc\xobglu32.dll
2008-04-24 10:19 174 --sha-w c:\program files\desktop.ini
2008-04-21 11:06 32 ----a-w c:\users\All Users\ezsid.dat
2008-04-21 11:06 32 ----a-w c:\programdata\ezsid.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Google Update"="c:\users\pc\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-29 133104]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-01-14 13996032]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2006-12-14 520192]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp325"="c:\windows\tsnp325.exe" [2006-10-10 270336]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-27 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-27 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"CHotkey"="zHotkey.exe" [2006-11-07 c:\windows\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2005-01-27 c:\windows\ShowWnd.exe]
"ModPS2"="ModPS2Key.exe" [2006-11-07 c:\windows\ModPS2Key.exe]

c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]
openSUSE-uninst.exe [2008-05-20 78371]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{A27025CC-8D5B-4374-9ECD-15E3530A1773}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{311931E6-DFCE-4194-8889-D7F4E454FF9A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-07-01 34312]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-07-19 72192]
R1 SbFw;SbFw;c:\windows\System32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\System32\drivers\sbhips.sys [2008-06-21 66600]
R2 24591;24591;c:\windows\System32\24591.sys [2008-05-05 4096]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-14 1153368]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [2008-04-17 5120]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [2008-02-19 176128]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\System32\drivers\SbFwIm.sys [2009-01-30 65576]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\System32\drivers\snp325.sys [2008-04-21 10251904]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [2008-04-15 241664]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b7bb542-0b1e-11dd-9308-806e6f6e6963}]
\shell\AutoRun\command - D:\START.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2959674287-1197207556-2684936279-1000.job
- c:\users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-29 16:33]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-lxfuwile - c:\programdata\lxfuwile\xitwzedk.exe
HKCU-Run-uoASF196g5 - c:\programdata\lyvwlavw\botalcxi.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\xbdprs9c.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\users\pc\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 16:41:41
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe????????????????????????????????????????????

skenování skrytých souborů ...


c:\users\pc\AppData\Local\Temp\catchme.dll 53248 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
Celkový čas: 2009-02-14 16:45:29
ComboFix-quarantined-files.txt 2009-02-14 15:45:22

Před spuštěním: Volných bajtů: 116 824 805 376
Po spuštění: Volných bajtů: 116,476,723,200

169 --- E O F --- 2009-02-14 15:32:46

[jaro3]

Toto otestuj na Virustotal
c:\windows\System32\SetDepNx.exe
c:\windows\System32\RegisterIEPKEYs.exe
c:\windows\System32\24591.sys

Vlož sem pak odkazy výsledků.

[DirtyKing]

PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x73ba
timedatestamp.....: 0x496f0a0f (Thu Jan 15 10:03:59 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1315d 0x13200 6.06 5ef69f9c1ef68361d1a85d557bf71e20
.data 0x15000 0x3d40 0x3400 1.49 882e6738526de06005f157d1a9475900
.rsrc 0x19000 0x430 0x600 2.60 bdf2d4b129300aff606620f7b1548e97
.reloc 0x1a000 0x2546 0x2600 3.91 fa55e0de2220bdbf2b61d39ee5fc8033

( 10 imports )
> ADVAPI32.dll: RegCloseKey, RegDeleteKeyValueW, RegSetValueExW, RegGetValueW, RegOpenKeyExW, SetNamedSecurityInfoW, SetSecurityDescriptorOwner, RegSetKeySecurity, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorOwner, CryptReleaseContext, CryptDestroyHash, CryptDestroyKey, CryptDecrypt, CryptEncrypt, CryptGetHashParam, CryptGenRandom, CryptDeriveKey, CryptHashData, CryptCreateHash, CryptAcquireContextW, SetSecurityInfo, GetSecurityInfo, IsValidSid, LookupAccountSidW, LookupAccountNameW, GetUserNameW, RegFlushKey, RegDeleteValueW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetSecurityDescriptorDacl, EqualSid, AddAccessAllowedAce, InitializeAcl, GetLengthSid, GetTokenInformation, OpenThreadToken, InitializeSecurityDescriptor, RegDeleteKeyW, RegEnumValueW, RegEnumKeyExW, RegQueryInfoKeyW, RegQueryValueExW, RegCreateKeyExW, RegUnLoadKeyW, RegLoadKeyW
> KERNEL32.dll: GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetProcessHeap, HeapFree, VirtualQuery, MapViewOfFile, CreateFileMappingW, GetFileSize, UnmapViewOfFile, TlsAlloc, GetLocalTime, HeapReAlloc, TlsSetValue, HeapAlloc, TlsGetValue, SetLastError, LocalFree, FormatMessageW, RaiseException, ExitProcess, TlsFree, GetWindowsDirectoryA, CloseHandle, GetCurrentThread, ReleaseMutex, WaitForSingleObject, SetFilePointer, WriteFile, GetCurrentProcessId, CreateMutexW, CreateFileW, GetModuleFileNameW, DeleteFileW, GetVersion, GetSystemInfo, CreateMutexA, CreateFileMappingA, CreateFileA, DeleteFileA, LoadLibraryA, ExpandEnvironmentStringsA, GetProcAddress, GetModuleHandleW, FlushFileBuffers, GetWindowsDirectoryW, MultiByteToWideChar, OutputDebugStringA, IsDebuggerPresent, HeapCreate, HeapDestroy, DeviceIoControl, LocalAlloc, GetEnvironmentVariableW, CompareStringW, GetCommandLineW, GetModuleFileNameA, GetCurrentThreadId, VirtualFree, VirtualAlloc, GetLocaleInfoW, ExpandEnvironmentStringsW, GetExitCodeProcess, LoadLibraryW, GetPrivateProfileStringW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, SetErrorMode, GetFileType, GetOverlappedResult, GetComputerNameW, OpenEventW, SetEndOfFile, SetFileTime, GetVolumeInformationW, OpenProcess, CreateProcessA, CreateProcessW, GetShortPathNameW, GetFullPathNameW, GetTempPathW, SetFileAttributesW, GetFileAttributesW, DuplicateHandle, GetDriveTypeW, GetLogicalDrives, GetLogicalDriveStringsW, MoveFileExW, MoveFileW, CopyFileW, GlobalSize, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, HeapWalk, HeapValidate, HeapCompact, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedCompareExchange, Sleep, InterlockedExchange, GlobalMemoryStatus, ResetEvent, CreateThread, WaitForMultipleObjects, CreateEventW, FreeLibrary, SetEvent, FindFirstFileW, RemoveDirectoryW, FindNextFileW, FindClose, GetTempFileNameW, ReadFile, CreateDirectoryW, DebugBreak, GetVersionExW, GetLastError, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, GetVersionExA, HeapSize
> msvcrt.dll: __3@YAXPAX@Z, __2@YAPAXI@Z, wcsrchr, _purecall, memcpy, _wcsicmp, iswctype, swscanf_s, _wtoi, wcstok, fclose, fgetws, _wfopen, _wcsnicmp, _vsnwprintf, _vsnprintf, free, towlower, malloc, __CxxFrameHandler3, __1type_info@@UAE@XZ, feof, _onexit, _lock, __dllonexit, _unlock, _controlfp, _except_handler4_common, _terminate@@YAXXZ, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, memset
> SHELL32.dll: -, ShellExecuteExW, ExtractIconExW, CommandLineToArgvW
> dbghelp.dll: MiniDumpWriteDump
> OLEAUT32.dll: -, -, -
> USER32.dll: LoadIconW, MessageBoxW, UnregisterClassA, MessageBoxA
> IPHLPAPI.DLL: GetIpAddrTable
> ole32.dll: CreateStreamOnHGlobal, GetHGlobalFromStream, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitializeEx, CoInitialize
> WS2_32.dll: -, WSAIoctl, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 66 exports )
__0_$CDynamicArray@EPAE@@QAE@I@Z, __0_$CDynamicArray@EPAUSKey@@@@QAE@I@Z, __0_$CDynamicArray@EPAUSValue@@@@QAE@I@Z, __0_$CDynamicArray@GPAG@@QAE@I@Z, __0_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAE@I@Z, __0_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAE@I@Z, __0_$CDynamicArray@_KPA_K@@QAE@I@Z, __1_$CDynamicArray@EPAE@@QAE@XZ, __1_$CDynamicArray@EPAUSKey@@@@QAE@XZ, __1_$CDynamicArray@EPAUSValue@@@@QAE@XZ, __1_$CDynamicArray@GPAG@@QAE@XZ, __1_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAE@XZ, __1_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAE@XZ, __1_$CDynamicArray@_KPA_K@@QAE@XZ, __4_$CDynamicArray@EPAE@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@EPAUSKey@@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@EPAUSValue@@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@GPAG@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@_KPA_K@@QAEAAV0@ABV0@@Z, __A_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEAAPAUSEnumBinContext@@I@Z, __A_$CDynamicArray@_KPA_K@@QAEAA_KI@Z, __B_$CDynamicArray@EPAUSKey@@@@QBEPAUSKey@@XZ, __B_$CDynamicArray@EPAUSValue@@@@QBEPAUSValue@@XZ, __B_$CDynamicArray@GPAG@@QBEPAGXZ, __C_$CDynamicArray@EPAUSKey@@@@QBEPAUSKey@@XZ, __C_$CDynamicArray@EPAUSValue@@@@QBEPAUSValue@@XZ, ___F_$CDynamicArray@EPAE@@QAEXXZ, ___F_$CDynamicArray@EPAUSKey@@@@QAEXXZ, ___F_$CDynamicArray@EPAUSValue@@@@QAEXXZ, ___F_$CDynamicArray@GPAG@@QAEXXZ, ___F_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEXXZ, ___F_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEXXZ, ___F_$CDynamicArray@_KPA_K@@QAEXXZ, _Add@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEHAAPAUSEnumBinContext@@@Z, _Add@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHAAUSKeeperEntry@CBlackboardFactory@@@Z, _Add@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHAAUSKeeperEntry@CBlackboardFactory@@AAI@Z, _Add@_$CDynamicArray@_KPA_K@@QAEHAA_K@Z, _ElementAt@_$CDynamicArray@GPAG@@QAEAAGI@Z, _ElementAt@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEAAUSKeeperEntry@CBlackboardFactory@@I@Z, _GetBuffer@_$CDynamicArray@EPAE@@QAEPAEI@Z, _GetBuffer@_$CDynamicArray@EPAUSValue@@@@QAEPAUSValue@@I@Z, _GetBuffer@_$CDynamicArray@GPAG@@QAEPAGI@Z, _GetSize@_$CDynamicArray@EPAE@@QBEIXZ, _GetSize@_$CDynamicArray@GPAG@@QBEIXZ, _GetSize@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QBEIXZ, _GetSize@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QBEIXZ, _GetSize@_$CDynamicArray@_KPA_K@@QBEIXZ, _Init@_$CDynamicArray@EPAE@@IAEXI@Z, _Init@_$CDynamicArray@EPAUSKey@@@@IAEXI@Z, _Init@_$CDynamicArray@EPAUSValue@@@@IAEXI@Z, _Init@_$CDynamicArray@GPAG@@IAEXI@Z, _Init@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@IAEXI@Z, _Init@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@IAEXI@Z, _Init@_$CDynamicArray@_KPA_K@@IAEXI@Z, _RemoveAll@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEXXZ, _RemoveAll@_$CDynamicArray@_KPA_K@@QAEXXZ, _RemoveItemFromTail@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEXXZ, _SetSize@_$CDynamicArray@EPAE@@QAEHK@Z, _SetSize@_$CDynamicArray@EPAUSKey@@@@QAEHK@Z, _SetSize@_$CDynamicArray@EPAUSValue@@@@QAEHK@Z, _SetSize@_$CDynamicArray@GPAG@@QAEHK@Z, _SetSize@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEHK@Z, _SetSize@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHK@Z, _SetSize@_$CDynamicArray@_KPA_K@@QAEHK@Z




a-squared
4.0.0.93
2009.02.15
-
AhnLab-V3
5.0.0.2
2009.02.14
-
AntiVir
7.9.0.79
2009.02.13
-
Authentium
5.1.0.4
2009.02.14
-
Avast
4.8.1335.0
2009.02.14
-
AVG
8.0.0.237
2009.02.14
-
BitDefender
7.2
2009.02.15
-
CAT-QuickHeal
10.00
2009.02.13
-
ClamAV
0.94.1
2009.02.15
-
Comodo
978
2009.02.15
-
DrWeb
4.44.0.09170
2009.02.15
-
eSafe
7.0.17.0
2009.02.15
-
eTrust-Vet
31.6.6358
2009.02.14
-
F-Prot
4.4.4.56
2009.02.13
-
F-Secure
8.0.14470.0
2009.02.15
-
Fortinet
3.117.0.0
2009.02.15
-
GData
19
2009.02.15
-
Ikarus
T3.1.1.45.0
2009.02.15
-
K7AntiVirus
7.10.630
2009.02.14
-
Kaspersky
7.0.0.125
2009.02.15
-
McAfee
5526
2009.02.14
-
McAfee+Artemis
5526
2009.02.14
-
Microsoft
1.4306
2009.02.15
-
NOD32
3853
2009.02.14
-
Norman
6.00.02
2009.02.13
-
nProtect
2009.1.8.0
2009.02.15
-
Panda
10.0.0.10
2009.02.14
-
PCTools
4.4.2.0
2009.02.15
-
Prevx1
V2
2009.02.15
-
Rising
21.16.62.00
2009.02.15
-
SecureWeb-Gateway
6.7.6
2009.02.15
-
Sophos
4.38.0
2009.02.15
-
Sunbelt
3.2.1851.2
2009.02.12
-
Symantec
10
2009.02.15
-
TheHacker
6.3.2.1.257
2009.02.15
-
TrendMicro
8.700.0.1004
2009.02.15
-
VBA32
3.12.8.12
2009.02.15
-
ViRobot
2009.2.14.1607
2009.02.15
-
VirusBuster
4.5.11.0
2009.02.14
-

Rozšiřující informace
File size: 107520 bytes
MD5...: 9ee21f52228cd3773992254587f41dff
SHA1..: 60b7e265ee61046aeebb34d9c7fb36525602793a
SHA256: 8158d2f65e9ffe7cd0fce5975f12cdf078ce8cdd3788a502abed5b8301d780af
SHA512: 6154eca7d741f0fe6c4fb89d8696706391c6ea2b5fbec08795a38eeacfae1c64
f5e3818644206ff8bc1f0445fa521c12d018edd7bb83a2e50ec70a50e8927593
ssdeep: 3072:4rf81VIbVNUrutgrWM0iM8pgfvXVdZbEOLubzWX4pg4PFc6:fpgXXVdZb/u
be4q4PF
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7402
timedatestamp.....: 0x496f0a0f (Thu Jan 15 10:03:59 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x13e54 0x14000 6.06 8baaca711ce8f90025d4e25498b39adf
.data 0x15000 0x3d40 0x3400 1.48 7af2a028a887d961cdff0cec8671942f
.rsrc 0x19000 0x428 0x600 2.59 3443d13390f973a1abaec766bc2bd3ca
.reloc 0x1a000 0x2596 0x2600 3.87 6f3765038fe0fbf8abb40ad5ca1211c5

( 11 imports )
> KERNEL32.dll: GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetProcessHeap, HeapFree, VirtualQuery, MapViewOfFile, CreateFileMappingW, GetFileSize, UnmapViewOfFile, TlsAlloc, GetLocalTime, HeapReAlloc, TlsSetValue, HeapAlloc, TlsGetValue, SetLastError, FormatMessageW, RaiseException, ExitProcess, TlsFree, GetWindowsDirectoryA, CloseHandle, GetCurrentThread, ReleaseMutex, WaitForSingleObject, SetFilePointer, WriteFile, GetModuleFileNameA, CreateMutexW, CreateFileW, GetModuleFileNameW, DeleteFileW, GetVersion, GetSystemInfo, CreateMutexA, CreateFileMappingA, CreateFileA, DeleteFileA, LoadLibraryA, ExpandEnvironmentStringsA, GetProcAddress, GetModuleHandleW, FlushFileBuffers, GetWindowsDirectoryW, MultiByteToWideChar, OutputDebugStringA, IsDebuggerPresent, GetTickCount, HeapCreate, HeapDestroy, DeviceIoControl, LocalAlloc, GetEnvironmentVariableW, WideCharToMultiByte, EncodePointer, DecodePointer, GetDriveTypeW, GetLogicalDrives, GetLogicalDriveStringsW, MoveFileExW, MoveFileW, CopyFileW, GlobalSize, GlobalFree, GlobalUnlock, GetCurrentProcessId, GlobalAlloc, HeapWalk, HeapValidate, HeapCompact, GlobalMemoryStatus, GetVersionExW, ResetEvent, CreateThread, WaitForMultipleObjects, CreateEventW, FreeLibrary, SetEvent, RemoveDirectoryW, GetTempFileNameW, ReadFile, CreateDirectoryW, DebugBreak, HeapSize, GetVersionExA, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, FindFirstFileW, FindNextFileW, FindClose, GetFullPathNameW, SetErrorMode, GetFileAttributesW, ExpandEnvironmentStringsW, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedCompareExchange, Sleep, InterlockedExchange, DuplicateHandle, SetFileAttributesW, LocalFree, GetTempPathW, GetShortPathNameW, CreateProcessW, CreateProcessA, OpenProcess, GetVolumeInformationW, SetFileTime, SetEndOfFile, OpenEventW, GetComputerNameW, GetOverlappedResult, GetFileType, GetDiskFreeSpaceW, GetDiskFreeSpaceExW, GetPrivateProfileStringW, LoadLibraryW, GetExitCodeProcess, GetLocaleInfoW, VirtualAlloc, VirtualFree, IsWow64Process, GlobalLock, GetCurrentThreadId, GetLastError, GetCommandLineW
> msvcrt.dll: wcschr, _cexit, _exit, _XcptFilter, _ismbblead, exit, _acmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode, __set_app_type, _terminate@@YAXXZ, _except_handler4_common, _controlfp, _unlock, __dllonexit, _lock, _onexit, _vsnprintf, _vsnwprintf, __3@YAXPAX@Z, __2@YAPAXI@Z, wcsrchr, __getmainargs, _wcsicmp, memset, __p__fmode, __1type_info@@UAE@XZ, _purecall, memcpy, iswctype, swscanf_s, _wtoi, wcstok, fclose, feof, fgetws, _wfopen, _wcsnicmp, free, towlower, malloc
> SHELL32.dll: CommandLineToArgvW, -, SHGetFolderPathW, ShellExecuteExW, ExtractIconExW
> ADVAPI32.dll: RegDeleteKeyW, SetSecurityDescriptorOwner, RegSetKeySecurity, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorOwner, CryptReleaseContext, CryptDestroyHash, CryptDestroyKey, CryptDecrypt, CryptEncrypt, CryptGetHashParam, CryptGenRandom, CryptDeriveKey, CryptHashData, CryptCreateHash, CryptAcquireContextW, SetSecurityInfo, GetSecurityInfo, IsValidSid, LookupAccountSidW, LookupAccountNameW, GetUserNameW, RegFlushKey, RegCloseKey, RegDeleteValueW, RegEnumValueW, RegSetValueExW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetSecurityDescriptorDacl, EqualSid, AddAccessAllowedAce, InitializeAcl, GetLengthSid, GetTokenInformation, OpenThreadToken, InitializeSecurityDescriptor, RegEnumKeyExW, RegQueryInfoKeyW, RegOpenKeyExW, RegCreateKeyExW, RegUnLoadKeyW, RegLoadKeyW, RegQueryValueExW, SetNamedSecurityInfoW
> dbghelp.dll: MiniDumpWriteDump
> OLEAUT32.dll: -, -, -
> ole32.dll: CreateStreamOnHGlobal, GetHGlobalFromStream, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitializeEx, CoInitialize
> USER32.dll: UnregisterClassA, LoadIconW, MessageBoxA, MessageBoxW
> SHLWAPI.dll: PathRemoveFileSpecW, SHGetValueW
> IPHLPAPI.DLL: GetIpAddrTable
> WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, WSAIoctl, -, -

( 66 exports )
__0_$CDynamicArray@EPAE@@QAE@I@Z, __0_$CDynamicArray@EPAUSKey@@@@QAE@I@Z, __0_$CDynamicArray@EPAUSValue@@@@QAE@I@Z, __0_$CDynamicArray@GPAG@@QAE@I@Z, __0_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAE@I@Z, __0_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAE@I@Z, __0_$CDynamicArray@_KPA_K@@QAE@I@Z, __1_$CDynamicArray@EPAE@@QAE@XZ, __1_$CDynamicArray@EPAUSKey@@@@QAE@XZ, __1_$CDynamicArray@EPAUSValue@@@@QAE@XZ, __1_$CDynamicArray@GPAG@@QAE@XZ, __1_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAE@XZ, __1_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAE@XZ, __1_$CDynamicArray@_KPA_K@@QAE@XZ, __4_$CDynamicArray@EPAE@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@EPAUSKey@@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@EPAUSValue@@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@GPAG@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@_KPA_K@@QAEAAV0@ABV0@@Z, __A_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEAAPAUSEnumBinContext@@I@Z, __A_$CDynamicArray@_KPA_K@@QAEAA_KI@Z, __B_$CDynamicArray@EPAUSKey@@@@QBEPAUSKey@@XZ, __B_$CDynamicArray@EPAUSValue@@@@QBEPAUSValue@@XZ, __B_$CDynamicArray@GPAG@@QBEPAGXZ, __C_$CDynamicArray@EPAUSKey@@@@QBEPAUSKey@@XZ, __C_$CDynamicArray@EPAUSValue@@@@QBEPAUSValue@@XZ, ___F_$CDynamicArray@EPAE@@QAEXXZ, ___F_$CDynamicArray@EPAUSKey@@@@QAEXXZ, ___F_$CDynamicArray@EPAUSValue@@@@QAEXXZ, ___F_$CDynamicArray@GPAG@@QAEXXZ, ___F_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEXXZ, ___F_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEXXZ, ___F_$CDynamicArray@_KPA_K@@QAEXXZ, _Add@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEHAAPAUSEnumBinContext@@@Z, _Add@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHAAUSKeeperEntry@CBlackboardFactory@@@Z, _Add@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHAAUSKeeperEntry@CBlackboardFactory@@AAI@Z, _Add@_$CDynamicArray@_KPA_K@@QAEHAA_K@Z, _ElementAt@_$CDynamicArray@GPAG@@QAEAAGI@Z, _ElementAt@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEAAUSKeeperEntry@CBlackboardFactory@@I@Z, _GetBuffer@_$CDynamicArray@EPAE@@QAEPAEI@Z, _GetBuffer@_$CDynamicArray@EPAUSValue@@@@QAEPAUSValue@@I@Z, _GetBuffer@_$CDynamicArray@GPAG@@QAEPAGI@Z, _GetSize@_$CDynamicArray@EPAE@@QBEIXZ, _GetSize@_$CDynamicArray@GPAG@@QBEIXZ, _GetSize@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QBEIXZ, _GetSize@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QBEIXZ, _GetSize@_$CDynamicArray@_KPA_K@@QBEIXZ, _Init@_$CDynamicArray@EPAE@@IAEXI@Z, _Init@_$CDynamicArray@EPAUSKey@@@@IAEXI@Z, _Init@_$CDynamicArray@EPAUSValue@@@@IAEXI@Z, _Init@_$CDynamicArray@GPAG@@IAEXI@Z, _Init@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@IAEXI@Z, _Init@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@IAEXI@Z, _Init@_$CDynamicArray@_KPA_K@@IAEXI@Z, _RemoveAll@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEXXZ, _RemoveAll@_$CDynamicArray@_KPA_K@@QAEXXZ, _RemoveItemFromTail@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEXXZ, _SetSize@_$CDynamicArray@EPAE@@QAEHK@Z, _SetSize@_$CDynamicArray@EPAUSKey@@@@QAEHK@Z, _SetSize@_$CDynamicArray@EPAUSValue@@@@QAEHK@Z, _SetSize@_$CDynamicArray@GPAG@@QAEHK@Z, _SetSize@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEHK@Z, _SetSize@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHK@Z, _SetSize@_$CDynamicArray@_KPA_K@@QAEHK@Z




a-squared
4.0.0.93
2009.02.15
-
AhnLab-V3
5.0.0.2
2009.02.14
-
AntiVir
7.9.0.79
2009.02.13
-
Authentium
5.1.0.4
2009.02.14
-
Avast
4.8.1335.0
2009.02.14
-
AVG
8.0.0.237
2009.02.14
-
BitDefender
7.2
2009.02.15
-
CAT-QuickHeal
10.00
2009.02.13
-
ClamAV
0.94.1
2009.02.15
-
Comodo
978
2009.02.15
-
DrWeb
4.44.0.09170
2009.02.15
-
eSafe
7.0.17.0
2009.02.15
-
eTrust-Vet
31.6.6358
2009.02.14
-
F-Prot
4.4.4.56
2009.02.13
-
F-Secure
8.0.14470.0
2009.02.15
-
Fortinet
3.117.0.0
2009.02.15
-
GData
19
2009.02.15
-
Ikarus
T3.1.1.45.0
2009.02.15
-
K7AntiVirus
7.10.630
2009.02.14
-
Kaspersky
7.0.0.125
2009.02.15
-
McAfee
5526
2009.02.14
-
McAfee+Artemis
5526
2009.02.14
-
Microsoft
1.4306
2009.02.15
-
NOD32
3853
2009.02.14
-
Norman
6.00.02
2009.02.13
-
nProtect
2009.1.8.0
2009.02.15
-
Panda
10.0.0.10
2009.02.14
-
PCTools
4.4.2.0
2009.02.15
-
Prevx1
V2
2009.02.15
-
Rising
21.16.62.00
2009.02.15
-
SecureWeb-Gateway
6.7.6
2009.02.15
-
Sophos
4.38.0
2009.02.15
-
Sunbelt
3.2.1851.2
2009.02.12
-
Symantec
10
2009.02.15
-
TheHacker
6.3.2.1.257
2009.02.15
-
TrendMicro
8.700.0.1004
2009.02.15
-
VBA32
3.12.8.12
2009.02.15
-
ViRobot
2009.2.14.1607
2009.02.15
-
VirusBuster
4.5.11.0
2009.02.14
-

Rozšiřující informace
File size: 4096 bytes
MD5...: ee50afab5e473da1dc5eaa5239b775f3
SHA1..: fb4272288cbc3cb7c50a6c5a4b3464141512052d
SHA256: 76dd151c50e6f5b81432a5ada37e2fd6376ba6c4b8407bb7738c509f9af524ef
SHA512: 7ee16e3c9c184ca8de7b655323715c5eeddb85127e91717b5fa56b22c3eae99e
229c91fefd77cf8a89ed3321db33782b277cb773c0e8def3b1b4ed4a9e568256
ssdeep: 24:eFGSaDiWlbWAu1nKc3+eYLPnKYoLxGzARkfEfSkq3+VrVbsYUs978JyCmg:i6
7WAu15iLyYoNGs/62BNUsuJB3
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4005
timedatestamp.....: 0x458c5fd9 (Fri Dec 22 22:44:41 2006)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2b6 0x400 4.67 708318f296564e2f8cbb19c98f638868
.rdata 0x2000 0xa3 0x200 1.83 e49a154ed8405d37175af0d88b995ddd
.data 0x3000 0xe8 0x200 1.17 2279501b22ceed58fdcfc9d46707d4c0
INIT 0x4000 0x17e 0x200 4.24 d61da0098122cb8e7b8d8f5b890c7872
.reloc 0x5000 0x7e 0x200 1.20 8c66f3069f05463b8a2e1a90b8be67c7

( 1 imports )
> ntoskrnl.exe: KeCancelTimer, memchr, ExFreePoolWithTag, _stricmp, ExAllocatePoolWithTag, NtQuerySystemInformation, RtlInitString, memset, KeSetTimerEx, KeInitializeDpc, KeInitializeTimer, KeTickCount

( 0 exports )
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ee50afab5e473da1dc5eaa5239b775f3' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ee50afab5e473da1dc5eaa5239b775f3</a>

[jaro3]

To není ono, vlož odkazy na web. stránky kde jsou testy 38 antivirů těch konkrétních souborů.
Např. toto:
http://www.virustotal.com/cs/analisis/b ... f2f5153f69