Prosím o kontrolu. Problém s explorer.exe

[jaboos]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:50, on 3.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Opera\opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8651 bytes



Uz asi týden mi počítač každou hodinu vyhodí okno - V aplikaci explorer.exe došlo k problému.. atd. Když dám neodesílat,okno zmizí,plocha se jakoby restartuje a počítač běží dál.

/ale notak. trochu slušnější nadpis by neuškodil. upraveno.memphisto

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[jaboos]

Malwarebytes' Anti-Malware 1.31
Verze databáze: 1602
Windows 5.1.2600 Service Pack 3

3.1.2009 19:01:04
mbam-log-2009-01-03 (19-01-00).txt

Typ skenu: Rychlý sken
Objektu skenováno: 103940
Uplynulý cas: 10 minute(s), 54 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Documents and Settings\Dušánek.DU-BMH2FDQ3BF7U\Local Settings\Temp\lwpwer.exe (Trojan.FakeAlert) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log + nový log z HJT.

Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[jaboos]

ComboFix 09-02-06.04 - Dušan 2009-02-08 13:34:20.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.895.419 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dušan\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090207-0] *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dušan\Data aplikací\inst.exe
c:\windows\regedit.com
c:\windows\system32\ntos.exe
c:\windows\system32\nvaux32.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\wsnpoem
c:\windows\system32\wsnpoem\audio.dll
c:\windows\system32\wsnpoem\video.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-08 do 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d-------- c:\documents and settings\Administrator.DU-C98609251519\Plocha
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d--h----- c:\documents and settings\Administrator.DU-C98609251519\Okolní tiskárny
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d--h----- c:\documents and settings\Administrator.DU-C98609251519\Okolní síť
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d-------- c:\documents and settings\Administrator.DU-C98609251519\Oblíbené položky
2009-02-08 12:21 . 2008-10-04 10:07 <DIR> d--h----- c:\documents and settings\Administrator.DU-C98609251519\Šablony
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> dr------- c:\documents and settings\Administrator.DU-C98609251519\Nabídka Start
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d-------- c:\documents and settings\Administrator.DU-C98609251519\Dokumenty
2009-02-08 12:21 . 2009-02-08 12:24 <DIR> dr-h----- c:\documents and settings\Administrator.DU-C98609251519\Data aplikací
2009-02-08 12:21 . 2009-02-08 12:21 <DIR> d-------- c:\documents and settings\Administrator.DU-C98609251519
2009-02-03 13:29 . 2009-02-03 13:29 <DIR> d-------- c:\documents and settings\Dominik.DU-C98609251519\Data aplikací\Logitech
2009-02-01 15:41 . 2009-02-01 15:41 <DIR> d-------- c:\program files\Quicksys
2009-02-01 15:41 . 2009-02-01 15:41 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Quicksys
2009-02-01 15:41 . 2008-04-14 07:52 578,560 --a------ c:\windows\system32\ltqzwir
2009-02-01 15:41 . 2009-02-01 15:41 111,104 --a------ c:\windows\system32\azton.mt
2009-01-31 11:58 . 2009-01-31 11:58 <DIR> d---s---- c:\program files\Xfire
2009-01-31 11:58 . 2009-01-31 23:06 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\Xfire
2009-01-31 11:57 . 2003-03-16 00:15 90,112 --a------ c:\windows\unvise32.exe
2009-01-31 11:44 . 2009-01-31 20:26 <DIR> d-------- c:\program files\The Guild 2
2009-01-30 12:03 . 2009-01-30 12:03 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\AVS4YOU
2009-01-30 12:02 . 2009-01-30 12:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\AVS4YOU
2009-01-30 12:01 . 2009-01-30 12:54 <DIR> d-------- c:\program files\Common Files\AVSMedia
2009-01-30 12:01 . 2009-01-30 13:00 <DIR> d-------- c:\program files\AVS4YOU
2009-01-30 12:01 . 2008-08-13 10:22 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
2009-01-30 11:57 . 2009-01-30 11:57 <DIR> d-------- c:\program files\VideoLAN
2009-01-30 11:50 . 2009-01-30 11:50 <DIR> d-------- c:\program files\Combined Community Codec Pack
2009-01-30 11:44 . 2009-01-30 11:46 156 --a------ c:\windows\Eztoo MKV Video Converter.ini
2009-01-30 11:44 . 2009-01-30 11:45 118 --a------ c:\windows\pro Eztoo MKV Video Converter.ini
2009-01-30 11:44 . 2009-01-30 11:46 1 --a------ c:\windows\system32\Eztoo MKV Video Converter.dat
2009-01-30 11:40 . 2009-01-30 11:42 <DIR> d-------- c:\program files\MKV to DVD Converter
2009-01-30 11:40 . 2009-01-30 11:40 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\DVD Flick
2009-01-30 11:40 . 2004-03-09 00:00 662,288 --a------ c:\windows\system32\mscomct2.ocx
2009-01-30 11:40 . 2004-03-09 00:00 212,240 --a------ c:\windows\system32\richtx32.ocx
2009-01-30 11:40 . 2000-05-19 17:56 81,920 --a------ c:\windows\system32\mbmouse.ocx
2009-01-30 11:40 . 2000-11-05 15:27 36,864 --a------ c:\windows\system32\trayicon.ocx
2009-01-29 21:03 . 2009-01-29 21:03 <DIR> d-------- c:\program files\Common Files\CyberLink
2009-01-20 17:13 . 2009-01-20 17:13 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\EPSON
2009-01-17 20:22 . 2009-01-17 20:30 <DIR> d-------- c:\program files\RegCleaner
2009-01-13 19:45 . 2009-01-13 19:45 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\skypePM
2009-01-13 19:45 . 2009-01-13 19:45 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-13 19:42 . 2009-01-13 19:42 <DIR> d-------- c:\program files\Skype
2009-01-13 19:42 . 2009-01-14 19:33 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\Skype
2009-01-13 19:41 . 2009-01-13 19:42 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Skype
2009-01-12 18:03 . 2009-01-12 18:03 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Raxco
2009-01-12 18:03 . 2009-01-05 14:16 71,184 -ra------ c:\windows\system32\drivers\DefragFS.sys
2009-01-12 18:02 . 2009-01-12 18:03 <DIR> d-------- c:\program files\Raxco

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 12:28 --------- d-----w c:\documents and settings\Dušan\Data aplikací\uTorrent
2009-02-07 15:56 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Data aplikací\TEMP
2009-02-07 09:14 --------- d-----w c:\program files\QIP
2009-02-04 16:01 --------- d-----w c:\program files\Warcraft III
2009-02-03 15:54 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\DriverScanner
2009-01-30 10:34 47,360 ----a-w c:\documents and settings\Dušan\Data aplikací\pcouffin.sys
2009-01-30 10:34 --------- d-----w c:\documents and settings\Dušan\Data aplikací\Vso
2009-01-29 20:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 20:04 --------- d-----w c:\documents and settings\Dušan\Data aplikací\CyberLink
2009-01-29 20:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\CyberLink
2009-01-29 20:02 --------- d-----w c:\program files\CyberLink
2009-01-29 19:31 --------- d-----w c:\documents and settings\Dušan\Data aplikací\dvdcss
2009-01-27 22:15 --------- d-----w c:\documents and settings\Dušan\Data aplikací\Hamachi
2009-01-26 16:14 --------- d-----w c:\program files\Kooperativa
2009-01-26 15:03 --------- d-----w c:\documents and settings\Dušan\Data aplikací\ICQ
2009-01-20 16:37 --------- d-----w c:\program files\ABBYY FineReader 6.0 Sprint
2009-01-13 18:42 --------- d-----w c:\program files\Common Files\Skype
2009-01-12 16:09 --------- d-----w c:\program files\RegScrubXP
2009-01-10 10:18 --------- d-----w c:\program files\EA GAMES
2009-01-07 16:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-06 17:04 626,688 ----a-w c:\windows\system32\msvcr80.dll
2009-01-06 17:04 548,864 ----a-w c:\windows\system32\msvcp80.dll
2009-01-06 17:04 28,672 ----a-w c:\windows\system32\eEmpty.exe
2009-01-06 17:03 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\MicroWorld
2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-04 17:21 --------- d-----w c:\program files\RegistryFix6
2009-01-03 17:48 --------- d-----w c:\documents and settings\Dušan\Data aplikací\Malwarebytes
2009-01-03 17:48 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2008-12-31 12:12 230,664 ----a-w c:\windows\system32\PDBoot.exe
2008-12-30 09:57 --------- d-----w c:\program files\Xilisoft
2008-12-25 09:18 --------- d-----w c:\program files\OLYMPUS
2008-12-23 17:24 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-23 17:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-23 17:14 --------- d-----w c:\documents and settings\Dušan\Data aplikací\SUPERAntiSpyware.com
2008-12-23 10:26 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\LogiShrd
2008-12-23 09:50 --------- d-----w c:\program files\Common Files\Logitech
2008-12-23 09:50 --------- d-----w c:\documents and settings\Dušan\Data aplikací\InstallShield
2008-12-22 17:33 --------- d-----w c:\documents and settings\Mamka.DU-C98609251519\Data aplikací\Logitech
2008-12-22 15:53 --------- d-----w c:\program files\PKR
2008-12-22 15:36 387 ----a-w c:\documents and settings\Dušan\Cossacks.reg
2008-12-22 15:36 387 ----a-w c:\documents and settings\Dušan\Cossacks.reg
2008-12-22 15:08 --------- d-----w c:\documents and settings\Dušan\Data aplikací\Logitech
2008-12-22 15:07 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-22 15:07 --------- d-----w c:\program files\Logitech
2008-12-22 15:06 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Logitech
2008-12-22 12:49 --------- dc-h--w c:\documents and settings\All Users.WINDOWS\Data aplikací\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-12-21 19:35 --------- d-----w c:\program files\ICQ6.5
2008-12-20 18:51 --------- d-----w c:\program files\Realtek AC97
2008-12-20 18:33 --------- dc-h--w c:\documents and settings\All Users.WINDOWS\Data aplikací\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2008-12-20 18:33 --------- d-----w c:\program files\Uniblue DriverScanner 2009
2008-12-17 16:55 --------- d-----w c:\program files\Opera
2008-12-12 23:08 --------- d-----w c:\program files\RadLight Company
2008-12-12 23:08 --------- d-----w c:\documents and settings\Dušan\Data aplikací\RadLight Company
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 18:09 --------- d-----w c:\program files\QIP Infium
2008-12-09 16:20 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2008-11-19 18:25 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-06 18:58 88 --sh--r c:\documents and settings\All Users.WINDOWS\Data aplikací\20E5E011EE.sys
2008-10-06 18:58 2,516 --sha-w c:\documents and settings\All Users.WINDOWS\Data aplikací\KGyGaAvL.sys
2007-06-04 14:54 47,360 ----a-w c:\documents and settings\Dušánek\Data aplikací\pcouffin.sys
2007-05-31 15:37 12 ----a-w c:\documents and settings\Dušánek\USERDATA.DAT
2004-08-17 13:49 27,648 ----a-w c:\documents and settings\Dušánek\findstr.exe
2004-08-17 13:49 147,968 ----a-w c:\documents and settings\Dušánek\regedit.exe
2001-10-25 14:00 9,216 ----a-w c:\documents and settings\Dušánek\find.exe
2001-10-25 14:00 11,264 ----a-w c:\documents and settings\Dušánek\attrib.exe
2008-10-04 09:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100420081005\index.dat
.

------- Sigcheck -------

2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-04-13 23:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-02-06 3367424]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2008-10-08 270128]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
"Google Update"="c:\documents and settings\Dušan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-01-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-17 7307264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-17 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-11-07 54576]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"nwiz"="nwiz.exe" [2005-10-17 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Duçan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-11-10 625952]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-22 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-23 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2008-12-22 43936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-06 111184]
R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2008-12-22 11264]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-10-07 20:31:38 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-06 20560]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-04-13 69120]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]
.
Obsah adresáře 'Naplánované úlohy'

2009-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1450960922-682003330-1003.job
- c:\documents and settings\Dua []
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 13:36:46
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1450960922-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
.
Celkový čas: 2009-02-08 13:38:29
ComboFix-quarantined-files.txt 2009-02-08 12:38:26

Před spuštěním: 7,285,755,904
Po spuštění: 7,512,711,168

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /tutag=mqxsv5 /NoExecute=OptOut
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

254 --- E O F --- 2009-01-14 18:45:02

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\eEmpty.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
"FirewallOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\documents and settings\All Users.WINDOWS\Data aplikací\20E5E011EE.sys
c:\windows\system32\ltqzwir
c:\windows\system32\azton.mt
c:\documents and settings\Dušánek\regedit.exe
c:\documents and settings\Dušánek\find.exe
:\documents and settings\Dušánek\attrib.exe
Vlož sem pak odkazy výsledků.

[jaboos]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.93 2009.02.08 -
AhnLab-V3 5.0.0.2 2009.02.07 -
AntiVir 7.9.0.76 2009.02.07 -
Authentium 5.1.0.4 2009.02.07 -
Avast 4.8.1335.0 2009.02.07 -
AVG 8.0.0.229 2009.02.07 -
BitDefender 7.2 2009.02.08 -
CAT-QuickHeal 10.00 2009.02.07 -
ClamAV 0.94.1 2009.02.08 Worm.Pinit-4
Comodo 971 2009.02.08 -
DrWeb 4.44.0.09170 2009.02.08 -
eSafe 7.0.17.0 2009.02.08 -
eTrust-Vet 31.6.6346 2009.02.07 -
F-Prot 4.4.4.56 2009.02.07 -
F-Secure 8.0.14470.0 2009.02.08 -
Fortinet 3.117.0.0 2009.02.08 -
GData 19 2009.02.08 -
Ikarus T3.1.1.45.0 2009.02.08 -
K7AntiVirus 7.10.623 2009.02.07 -
Kaspersky 7.0.0.125 2009.02.08 -
McAfee 5518 2009.02.07 -
McAfee+Artemis 5519 2009.02.07 -
Microsoft 1.4306 2009.02.08 -
NOD32 3836 2009.02.07 -
Norman 6.00.02 2009.02.06 -
nProtect 2009.1.8.0 2009.02.08 -
Panda 9.5.1.2 2009.02.08 -
PCTools 4.4.2.0 2009.02.08 -
Prevx1 V2 2009.02.08 -
Rising 21.15.50.00 2009.02.07 -
SecureWeb-Gateway 6.7.6 2009.02.08 -
Sophos 4.38.0 2009.02.08 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.08 -
TheHacker 6.3.1.5.249 2009.02.08 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.08 -
ViRobot 2009.2.6.1594 2009.02.06 -
VirusBuster 4.5.11.0 2009.02.08 -
Rozšiřující informace
File size: 578560 bytes
MD5...: e16e0990967374e76f3e40cacafd3d53
SHA1..: ba27aea7ff2fc295a04d1f3c43b8153c3da91992
SHA256: 1e80fa123c1d2557e1dc519d72b3fba6113dd1d8933efe0b96581cd067f0fa70
SHA512: 836edffa2778feb9fee0f2804768813c9ad85088b8b2976c329a386171e8c6a0
c46c0ec1eb9e9a82412105adf3a767a5ff91b7d3515b772d66677079176ba37c
ssdeep: 6144:QMtUG2qbvmfPYjo6QK86tQGdscawPX10BhTruuGVuKtNYmLlLyUTuyGEDSu
3ZmDk:b2++fsZ86q5caW0VhG86xxcEPZmzn
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xb217
timedatestamp.....: 0x4802cd7a (Mon Apr 14 03:20:26 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5f283 0x5f400 6.65 6d8251c614bd1d941a7e50353a1b314c
.data 0x61000 0x1180 0xc00 2.37 775119e98796af9b8a849dd1f6e4f377
.rsrc 0x63000 0x2a10c 0x2a200 5.01 ebe666284220151c4d9906a1ef1cff9e
.reloc 0x8e000 0x2de4 0x2e00 6.77 68ebe5a2d822be0663a3e935b39d0bae

( 3 imports )
> GDI32.dll: GetClipRgn, ExtSelectClipRgn, GetHFONT, GetMapMode, SetGraphicsMode, GetClipBox, CreateRectRgn, CreateRectRgnIndirect, SetLayout, GetBoundsRect, ExcludeClipRect, PlayEnhMetaFile, GdiGetBitmapBitsSize, CreatePen, Ellipse, CreateEllipticRgn, GdiFixUpHandle, GetTextCharacterExtra, SetTextCharacterExtra, GetCurrentObject, GetViewportOrgEx, SetViewportOrgEx, PolyPatBlt, CreateBrushIndirect, SetBoundsRect, CopyEnhMetaFileW, CopyMetaFileW, GetPaletteEntries, CreatePalette, SetPaletteEntries, bInitSystemAndFontsDirectoriesW, bMakePathNameW, cGetTTFFromFOT, GetPixel, ExtTextOutA, GetTextCharsetInfo, QueryFontAssocStatus, GetCharWidthInfo, GetCharWidthA, GetTextFaceW, GetCharABCWidthsA, GetCharABCWidthsW, SetBrushOrgEx, CreateFontIndirectW, EnumFontsW, GetTextFaceAliasW, GetTextMetricsW, GetTextColor, GetBkMode, GetViewportExtEx, GetWindowExtEx, GdiGetCharDimensions, GdiGetCodePage, GetTextCharset, GdiPrinterThunk, GdiAddFontResourceW, TranslateCharsetInfo, SaveDC, OffsetWindowOrgEx, RestoreDC, ExtTextOutW, GetObjectType, GetDIBits, CreateDIBSection, SetStretchBltMode, SelectPalette, RealizePalette, SetDIBits, CreateDCW, CreateDIBitmap, CreateCompatibleBitmap, SetBitmapBits, DeleteDC, GdiValidateHandle, GdiDllInitialize, CreateSolidBrush, GetStockObject, CreateCompatibleDC, GdiConvertBitmapV5, GdiCreateLocalEnhMetaFile, GdiCreateLocalMetaFilePict, GetRgnBox, CombineRgn, OffsetRgn, MirrorRgn, EnableEUDC, GdiConvertToDevmodeW, GetTextExtentPointA, GetTextExtentPointW, CreateBitmap, SetLayoutWidth, PatBlt, TextOutA, TextOutW, BitBlt, GdiConvertAndCheckDC, StretchBlt, SetRectRgn, GdiReleaseDC, GdiConvertEnhMetaFile, GdiConvertMetaFilePict, DeleteEnhMetaFile, DeleteMetaFile, DeleteObject, GetDIBColorTable, GetDeviceCaps, StretchDIBits, GetLayout, SetBkColor, SetTextColor, GetObjectW, GetBkColor, SetBkMode, SelectObject, IntersectClipRect, GetTextAlign, SetTextAlign, GdiProcessSetup
> KERNEL32.dll: LocalSize, SizeofResource, LoadResource, FindResourceExW, FindResourceExA, GetModuleHandleW, DisableThreadLibraryCalls, GetCurrentThreadId, IsDBCSLeadByteEx, SearchPathW, ExpandEnvironmentStringsW, LoadLibraryExW, GlobalAddAtomW, GetSystemDirectoryW, GetComputerNameW, GetCurrentProcess, GetCurrentThread, ExitThread, GetExitCodeThread, CreateThread, HeapReAlloc, GlobalHandle, FoldStringW, Sleep, GetStringTypeW, GetStringTypeA, GetCPInfo, HeapSize, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, GetFileSize, ReadFile, SetFileTime, GetFileTime, GetSystemWindowsDirectoryW, CopyFileW, MoveFileW, DeleteFileW, CreateProcessW, AddAtomA, AddAtomW, GetAtomNameW, GetAtomNameA, IsValidLocale, ConvertDefaultLocale, CompareStringW, GetCurrentDirectoryW, SetCurrentDirectoryW, lstrlenW, GetLogicalDrives, FindClose, FindNextFileW, FindFirstFileW, GetThreadLocale, ProcessIdToSessionId, GetCurrentProcessId, InterlockedCompareExchange, IsDBCSLeadByte, LCMapStringW, QueryPerformanceCounter, QueryPerformanceFrequency, GetTickCount, lstrlenA, GlobalFindAtomA, GetModuleFileNameA, GetModuleHandleA, GlobalAddAtomA, DelayLoadFailureHook, LoadLibraryA, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, LocalUnlock, LocalLock, LocalReAlloc, GetACP, GetOEMCP, InterlockedIncrement, InterlockedDecrement, SetLastError, GlobalFindAtomW, GlobalAlloc, MultiByteToWideChar, GlobalReAlloc, GetLastError, GetProcAddress, LoadLibraryW, FreeLibrary, lstrcpynW, CreateFileW, WritePrivateProfileStringW, lstrcmpiW, SetEvent, WaitForMultipleObjectsEx, WideCharToMultiByte, GlobalFlags, GetLocaleInfoW, GlobalFree, GetModuleFileNameW, GlobalGetAtomNameW, GlobalGetAtomNameA, InterlockedExchange, DeleteAtom, LocalAlloc, GlobalDeleteAtom, LocalFree, GlobalSize, GlobalLock, GlobalUnlock, GetUserDefaultLCID, HeapAlloc, HeapFree, lstrcpyW, lstrcatW, GetPrivateProfileStringW, RegisterWaitForInputIdle
> ntdll.dll: NtQueryVirtualMemory, RtlUnwind, RtlNtStatusToDosError, NlsAnsiCodePage, RtlAllocateHeap, qsort, RtlMultiByteToUnicodeSize, LdrFlushAlternateResourceModules, RtlPcToFileHeader, wcsrchr, NtRaiseHardError, RtlIsNameLegalDOS8Dot3, strrchr, sscanf, NtQueryKey, NtEnumerateValueKey, RtlRunEncodeUnicodeString, RtlRunDecodeUnicodeString, _wcsicmp, CsrAllocateCaptureBuffer, CsrCaptureMessageBuffer, CsrFreeCaptureBuffer, NtOpenThreadToken, NtOpenProcessToken, NtQueryInformationToken, CsrClientCallServer, memmove, NtCallbackReturn, RtlUnicodeToMultiByteSize, RtlActivateActivationContextUnsafeFast, RtlDeactivateActivationContextUnsafeFast, RtlInitializeCriticalSection, NtQuerySystemInformation, swprintf, RtlDeleteCriticalSection, RtlImageNtHeader, CsrClientConnectToServer, NtYieldExecution, NtCreateKey, NtSetValueKey, NtDeleteValueKey, RtlQueryInformationActiveActivationContext, RtlReleaseActivationContext, RtlFreeHeap, wcsncpy, wcscmp, wcstoul, wcscat, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlCreateUnicodeStringFromAsciiz, RtlFreeUnicodeString, NtOpenDirectoryObject, _chkstk, wcscpy, wcsncat, NtSetSecurityObject, NtQuerySecurityObject, NtQueryInformationProcess, wcstol, wcslen, RtlFindActivationContextSectionString, RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlOpenCurrentUser, NtEnumerateKey, NtOpenKey, NtClose, NtQueryValueKey, RtlInitUnicodeString, RtlUnicodeStringToInteger

( 732 exports )
ActivateKeyboardLayout, AdjustWindowRect, AdjustWindowRectEx, AlignRects, AllowForegroundActivation, AllowSetForegroundWindow, AnimateWindow, AnyPopup, AppendMenuA, AppendMenuW, ArrangeIconicWindows, AttachThreadInput, BeginDeferWindowPos, BeginPaint, BlockInput, BringWindowToTop, BroadcastSystemMessage, BroadcastSystemMessageA, BroadcastSystemMessageExA, BroadcastSystemMessageExW, BroadcastSystemMessageW, BuildReasonArray, CalcMenuBar, CallMsgFilter, CallMsgFilterA, CallMsgFilterW, CallNextHookEx, CallWindowProcA, CallWindowProcW, CascadeChildWindows, CascadeWindows, ChangeClipboardChain, ChangeDisplaySettingsA, ChangeDisplaySettingsExA, ChangeDisplaySettingsExW, ChangeDisplaySettingsW, ChangeMenuA, ChangeMenuW, CharLowerA, CharLowerBuffA, CharLowerBuffW, CharLowerW, CharNextA, CharNextExA, CharNextW, CharPrevA, CharPrevExA, CharPrevW, CharToOemA, CharToOemBuffA, CharToOemBuffW, CharToOemW, CharUpperA, CharUpperBuffA, CharUpperBuffW, CharUpperW, CheckDlgButton, CheckMenuItem, CheckMenuRadioItem, CheckRadioButton, ChildWindowFromPoint, ChildWindowFromPointEx, CliImmSetHotKey, ClientThreadSetup, ClientToScreen, ClipCursor, CloseClipboard, CloseDesktop, CloseWindow, CloseWindowStation, CopyAcceleratorTableA, CopyAcceleratorTableW, CopyIcon, CopyImage, CopyRect, CountClipboardFormats, CreateAcceleratorTableA, CreateAcceleratorTableW, CreateCaret, CreateCursor, CreateDesktopA, CreateDesktopW, CreateDialogIndirectParamA, CreateDialogIndirectParamAorW, CreateDialogIndirectParamW, CreateDialogParamA, CreateDialogParamW, CreateIcon, CreateIconFromResource, CreateIconFromResourceEx, CreateIconIndirect, CreateMDIWindowA, CreateMDIWindowW, CreateMenu, CreatePopupMenu, CreateSystemThreads, CreateWindowExA, CreateWindowExW, CreateWindowStationA, CreateWindowStationW, CsrBroadcastSystemMessageExW, CtxInitUser32, DdeAbandonTransaction, DdeAccessData, DdeAddData, DdeClientTransaction, DdeCmpStringHandles, DdeConnect, DdeConnectList, DdeCreateDataHandle, DdeCreateStringHandleA, DdeCreateStringHandleW, DdeDisconnect, DdeDisconnectList, DdeEnableCallback, DdeFreeDataHandle, DdeFreeStringHandle, DdeGetData, DdeGetLastError, DdeGetQualityOfService, DdeImpersonateClient, DdeInitializeA, DdeInitializeW, DdeKeepStringHandle, DdeNameService, DdePostAdvise, DdeQueryConvInfo, DdeQueryNextServer, DdeQueryStringA, DdeQueryStringW, DdeReconnect, DdeSetQualityOfService, DdeSetUserHandle, DdeUnaccessData, DdeUninitialize, DefDlgProcA, DefDlgProcW, DefFrameProcA, DefFrameProcW, DefMDIChildProcA, DefMDIChildProcW, DefRawInputProc, DefWindowProcA, DefWindowProcW, DeferWindowPos, DeleteMenu, DeregisterShellHookWindow, DestroyAcceleratorTable, DestroyCaret, DestroyCursor, DestroyIcon, DestroyMenu, DestroyReasons, DestroyWindow, DeviceEventWorker, DialogBoxIndirectParamA, DialogBoxIndirectParamAorW, DialogBoxIndirectParamW, DialogBoxParamA, DialogBoxParamW, DisableProcessWindowsGhosting, DispatchMessageA, DispatchMessageW, DisplayExitWindowsWarnings, DlgDirListA, DlgDirListComboBoxA, DlgDirListComboBoxW, DlgDirListW, DlgDirSelectComboBoxExA, DlgDirSelectComboBoxExW, DlgDirSelectExA, DlgDirSelectExW, DragDetect, DragObject, DrawAnimatedRects, DrawCaption, DrawCaptionTempA, DrawCaptionTempW, DrawEdge, DrawFocusRect, DrawFrame, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawMenuBarTemp, DrawStateA, DrawStateW, DrawTextA, DrawTextExA, DrawTextExW, DrawTextW, EditWndProc, EmptyClipboard, EnableMenuItem, EnableScrollBar, EnableWindow, EndDeferWindowPos, EndDialog, EndMenu, EndPaint, EndTask, EnterReaderModeHelper, EnumChildWindows, EnumClipboardFormats, EnumDesktopWindows, EnumDesktopsA, EnumDesktopsW, EnumDisplayDevicesA, EnumDisplayDevicesW, EnumDisplayMonitors, EnumDisplaySettingsA, EnumDisplaySettingsExA, EnumDisplaySettingsExW, EnumDisplaySettingsW, EnumPropsA, EnumPropsExA, EnumPropsExW, EnumPropsW, EnumThreadWindows, EnumWindowStationsA, EnumWindowStationsW, EnumWindows, EqualRect, ExcludeUpdateRgn, ExitWindowsEx, FillRect, FindWindowA, FindWindowExA, FindWindowExW, FindWindowW, FlashWindow, FlashWindowEx, FrameRect, FreeDDElParam, GetActiveWindow, GetAltTabInfo, GetAltTabInfoA, GetAltTabInfoW, GetAncestor, GetAppCompatFlags, GetAppCompatFlags2, GetAsyncKeyState, GetCapture, GetCaretBlinkTime, GetCaretPos, GetClassInfoA, GetClassInfoExA, GetClassInfoExW, GetClassInfoW, GetClassLongA, GetClassLongW, GetClassNameA, GetClassNameW, GetClassWord, GetClientRect, GetClipCursor, GetClipboardData, GetClipboardFormatNameA, GetClipboardFormatNameW, GetClipboardOwner, GetClipboardSequenceNumber, GetClipboardViewer, GetComboBoxInfo, GetCursor, GetCursorFrameInfo, GetCursorInfo, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetDialogBaseUnits, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetDlgItemTextA, GetDlgItemTextW, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetGUIThreadInfo, GetGuiResources, GetIconInfo, GetInputDesktop, GetInputState, GetInternalWindowPos, GetKBCodePage, GetKeyNameTextA, GetKeyNameTextW, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetLastInputInfo, GetLayeredWindowAttributes, GetListBoxInfo, GetMenu, GetMenuBarInfo, GetMenuCheckMarkDimensions, GetMenuContextHelpId, GetMenuDefaultItem, GetMenuInfo, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuItemInfoW, GetMenuItemRect, GetMenuState, GetMenuStringA, GetMenuStringW, GetMessageA, GetMessageExtraInfo, GetMessagePos, GetMessageTime, GetMessageW, GetMonitorInfoA, GetMonitorInfoW, GetMouseMovePointsEx, GetNextDlgGroupItem, GetNextDlgTabItem, GetOpenClipboardWindow, GetParent, GetPriorityClipboardFormat, GetProcessDefaultLayout, GetProcessWindowStation, GetProgmanWindow, GetPropA, GetPropW, GetQueueStatus, GetRawInputBuffer, GetRawInputData, GetRawInputDeviceInfoA, GetRawInputDeviceInfoW, GetRawInputDeviceList, GetReasonTitleFromReasonCode, GetRegisteredRawInputDevices, GetScrollBarInfo, GetScrollInfo, GetScrollPos, GetScrollRange, GetShellWindow, GetSubMenu, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetTabbedTextExtentA, GetTabbedTextExtentW, GetTaskmanWindow, GetThreadDesktop, GetTitleBarInfo, GetTopWindow, GetUpdateRect, GetUpdateRgn, GetUserObjectInformationA, GetUserObjectInformationW, GetUserObjectSecurity, GetWinStationInfo, GetWindow, GetWindowContextHelpId, GetWindowDC, GetWindowInfo, GetWindowLongA, GetWindowLongW, GetWindowModuleFileName, GetWindowModuleFileNameA, GetWindowModuleFileNameW, GetWindowPlacement, GetWindowRect, GetWindowRgn, GetWindowRgnBox, GetWindowTextA, GetWindowTextLengthA, GetWindowTextLengthW, GetWindowTextW, GetWindowThreadProcessId, GetWindowWord, GrayStringA, GrayStringW, HideCaret, HiliteMenuItem, IMPGetIMEA, IMPGetIMEW, IMPQueryIMEA, IMPQueryIMEW, IMPSetIMEA, IMPSetIMEW, ImpersonateDdeClientWindow, InSendMessage, InSendMessageEx, InflateRect, InitializeLpkHooks, InitializeWin32EntryTable, InsertMenuA, InsertMenuItemA, InsertMenuItemW, InsertMenuW, InternalGetWindowText, IntersectRect, InvalidateRect, InvalidateRgn, InvertRect, IsCharAlphaA, IsCharAlphaNumericA, IsCharAlphaNumericW, IsCharAlphaW, IsCharLowerA, IsCharLowerW, IsCharUpperA, IsCharUpperW, IsChild, IsClipboardFormatAvailable, IsDialogMessage, IsDialogMessageA, IsDialogMessageW, IsDlgButtonChecked, IsGUIThread, IsHungAppWindow, IsIconic, IsMenu, IsRectEmpty, IsServerSideWindow, IsWinEventHookInstalled, IsWindow, IsWindowEnabled, IsWindowInDestroy, IsWindowUnicode, IsWindowVisible, IsZoomed, KillSystemTimer, KillTimer, LoadAcceleratorsA, LoadAcceleratorsW, LoadBitmapA, LoadBitmapW, LoadCursorA, LoadCursorFromFileA, LoadCursorFromFileW, LoadCursorW, LoadIconA, LoadIconW, LoadImageA, LoadImageW, LoadKeyboardLayoutA, LoadKeyboardLayoutEx, LoadKeyboardLayoutW, LoadLocalFonts, LoadMenuA, LoadMenuIndirectA, LoadMenuIndirectW, LoadMenuW, LoadRemoteFonts, LoadStringA, LoadStringW, LockSetForegroundWindow, LockWindowStation, LockWindowUpdate, LockWorkStation, LookupIconIdFromDirectory, LookupIconIdFromDirectoryEx, MBToWCSEx, MB_GetString, MapDialogRect, MapVirtualKeyA, MapVirtualKeyExA, MapVirtualKeyExW, MapVirtualKeyW, MapWindowPoints, MenuItemFromPoint, MenuWindowProcA, MenuWindowProcW, MessageBeep, MessageBoxA, MessageBoxExA, MessageBoxExW, MessageBoxIndirectA, MessageBoxIndirectW, MessageBoxTimeoutA, MessageBoxTimeoutW, MessageBoxW, ModifyMenuA, ModifyMenuW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow, MoveWindow, MsgWaitForMultipleObjects, MsgWaitForMultipleObjectsEx, NotifyWinEvent, OemKeyScan, OemToCharA, OemToCharBuffA, OemToCharBuffW, OemToCharW, OffsetRect, OpenClipboard, OpenDesktopA, OpenDesktopW, OpenIcon, OpenInputDesktop, OpenWindowStationA, OpenWindowStationW, PackDDElParam, PaintDesktop, PaintMenuBar, PeekMessageA, PeekMessageW, PostMessageA, PostMessageW, PostQuitMessage, PostThreadMessageA, PostThreadMessageW, PrintWindow, PrivateExtractIconExA, PrivateExtractIconExW, PrivateExtractIconsA, PrivateExtractIconsW, PrivateSetDbgTag, PrivateSetRipFlags, PtInRect, QuerySendMessage, QueryUserCounters, RealChildWindowFromPoint, RealGetWindowClass, RealGetWindowClassA, RealGetWindowClassW, ReasonCodeNeedsBugID, ReasonCodeNeedsComment, RecordShutdownReason, RedrawWindow, RegisterClassA, RegisterClassExA, RegisterClassExW, RegisterClassW, RegisterClipboardFormatA, RegisterClipboardFormatW, RegisterDeviceNotificationA, RegisterDeviceNotificationW, RegisterHotKey, RegisterLogonProcess, RegisterMessagePumpHook, RegisterRawInputDevices, RegisterServicesProcess, RegisterShellHookWindow, RegisterSystemThread, RegisterTasklist, RegisterUserApiHook, RegisterWindowMessageA, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, RemoveMenu, RemovePropA, RemovePropW, ReplyMessage, ResolveDesktopForWOW, ReuseDDElParam, ScreenToClient, ScrollChildren, ScrollDC, ScrollWindow, ScrollWindowEx, SendDlgItemMessageA, SendDlgItemMessageW, SendIMEMessageExA, SendIMEMessageExW, SendInput, SendMessageA, SendMessageCallbackA, SendMessageCallbackW, SendMessageTimeoutA, SendMessageTimeoutW, SendMessageW, SendNotifyMessageA, SendNotifyMessageW, SetActiveWindow, SetCapture, SetCaretBlinkTime, SetCaretPos, SetClassLongA, SetClassLongW, SetClassWord, SetClipboardData, SetClipboardViewer, SetConsoleReserveKeys, SetCursor, SetCursorContents, SetCursorPos, SetDebugErrorLevel, SetDeskWallpaper, SetDlgItemInt, SetDlgItemTextA, SetDlgItemTextW, SetDoubleClickTime, SetFocus, SetForegroundWindow, SetInternalWindowPos, SetKeyboardState, SetLastErrorEx, SetLayeredWindowAttributes, SetLogonNotifyWindow, SetMenu, SetMenuContextHelpId, SetMenuDefaultItem, SetMenuInfo, SetMenuItemBitmaps, SetMenuItemInfoA, SetMenuItemInfoW, SetMessageExtraInfo, SetMessageQueue, SetParent, SetProcessDefaultLayout, SetProcessWindowStation, SetProgmanWindow, SetPropA, SetPropW, SetRect, SetRectEmpty, SetScrollInfo, SetScrollPos, SetScrollRange, SetShellWindow, SetShellWindowEx, SetSysColors, SetSysColorsTemp, SetSystemCursor, SetSystemMenu, SetSystemTimer, SetTaskmanWindow, SetThreadDesktop, SetTimer, SetUserObjectInformationA, SetUserObjectInformationW, SetUserObjectSecurity, SetWinEventHook, SetWindowContextHelpId, SetWindowLongA, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowRgn, SetWindowStationUser, SetWindowTextA, SetWindowTextW, SetWindowWord, SetWindowsHookA, SetWindowsHookExA, SetWindowsHookExW, SetWindowsHookW, ShowCaret, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowStartGlass, ShowWindow, ShowWindowAsync, SoftModalMessageBox, SubtractRect, SwapMouseButton, SwitchDesktop, SwitchToThisWindow, SystemParametersInfoA, SystemParametersInfoW, TabbedTextOutA, TabbedTextOutW, TileChildWindows, TileWindows, ToAscii, ToAsciiEx, ToUnicode, ToUnicodeEx, TrackMouseEvent, TrackPopupMenu, TrackPopupMenuEx, TranslateAccelerator, TranslateAcceleratorA, TranslateAcceleratorW, TranslateMDISysAccel, TranslateMessage, TranslateMessageEx, UnhookWinEvent, UnhookWindowsHook, UnhookWindowsHookEx, UnionRect, UnloadKeyboardLayout, UnlockWindowStation, UnpackDDElParam, UnregisterClassA, UnregisterClassW, UnregisterDeviceNotification, UnregisterHotKey, UnregisterMessagePumpHook, UnregisterUserApiHook, UpdateLayeredWindow, UpdatePerUserSystemParameters, UpdateWindow, User32InitializeImmEntryTable, UserClientDllInitialize, UserHandleGrantAccess, UserLpkPSMTextOut, UserLpkTabbedTextOut, UserRealizePalette, UserRegisterWowHandlers, VRipOutput, VTagOutput, ValidateRect, ValidateRgn, VkKeyScanA, VkKeyScanExA, VkKeyScanExW, VkKeyScanW, WCSToMBEx, WINNLSEnableIME, WINNLSGetEnableStatus, WINNLSGetIMEHotkey, WaitForInputIdle, WaitMessage, Win32PoolAllocationStats, WinHelpA, WinHelpW, WindowFromDC, WindowFromPoint, keybd_event, mouse_event, wsprintfA, wsprintfW, wvsprintfA, wvsprintfW
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=e16e0990967374e76f3e40cacafd3d53' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=e16e0990967374e76f3e40cacafd3d53</a>






Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.93 2009.02.08 Trojan-Dropper.Win32.Mudrop!IK
AhnLab-V3 5.0.0.2 2009.02.07 Dropper/User32Hk.111104
AntiVir 7.9.0.76 2009.02.07 TR/Dropper.Gen
Authentium 5.1.0.4 2009.02.07 -
Avast 4.8.1335.0 2009.02.07 Win32:Trojan-gen {Other}
AVG 8.0.0.229 2009.02.07 Dropper.Generic.AGYA
BitDefender 7.2 2009.02.08 Trojan.Dropper.MarioFev.G
CAT-QuickHeal 10.00 2009.02.07 TrojanDropper.Mudrop.vq
ClamAV 0.94.1 2009.02.08 -
Comodo 971 2009.02.08 TrojWare.Win32.TrojanDropper.Mudrop.~BT
DrWeb 4.44.0.09170 2009.02.08 BackDoor.Zapinit.origin
eSafe 7.0.17.0 2009.02.08 Win32.Mariofev.worm
eTrust-Vet 31.6.6346 2009.02.07 Win32/Pruserinf!generic
F-Prot 4.4.4.56 2009.02.07 -
F-Secure 8.0.14470.0 2009.02.08 Trojan-Dropper.Win32.Mudrop.vq
Fortinet 3.117.0.0 2009.02.08 W32/Mudrop.VQ!tr
GData 19 2009.02.08 Trojan.Dropper.MarioFev.G
Ikarus T3.1.1.45.0 2009.02.08 Trojan-Dropper.Win32.Mudrop
K7AntiVirus 7.10.623 2009.02.07 Trojan-Dropper.Win32.Mudrop.vq
Kaspersky 7.0.0.125 2009.02.08 Trojan-Dropper.Win32.Mudrop.vq
McAfee 5518 2009.02.07 W32/Mariofev.worm
McAfee+Artemis 5519 2009.02.07 Generic!Artemis
Microsoft 1.4306 2009.02.08 TrojanDropper:Win32/Mariofev.A
NOD32 3836 2009.02.07 Win32/TrojanDropper.Agent.ZLH
Norman 6.00.02 2009.02.06 W32/Mudrop.AWH
nProtect 2009.1.8.0 2009.02.08 Trojan-Dropper/W32.MultiDrop.111104
Panda 9.5.1.2 2009.02.08 W32/MarioF.R.worm
PCTools 4.4.2.0 2009.02.08 -
Prevx1 V2 2009.02.08 Worm
Rising 21.15.50.00 2009.02.07 Trojan.Win32.Patched.bs
SecureWeb-Gateway 6.7.6 2009.02.08 Trojan.Dropper.Gen
Sophos 4.38.0 2009.02.08 W32/MarioF-Gen
Sunbelt 3.2.1847.2 2009.02.07 Trojan-Dropper.Gen
Symantec 10 2009.02.08 W32.Spamuzle.D
TheHacker 6.3.1.5.249 2009.02.08 Trojan/Dropper.Mudrop.vq
TrendMicro 8.700.0.1004 2009.02.06 Possible_Mariof
VBA32 3.12.8.12 2009.02.08 -
ViRobot 2009.2.6.1594 2009.02.06 Trojan.Win32.Mariofev.111104
VirusBuster 4.5.11.0 2009.02.08 Trojan.DR.Mudrop.VJ
Rozšiřující informace
File size: 111104 bytes
MD5...: 4f369fcaf670c23016842633f9e8d419
SHA1..: c6e80c4271ebedf80c7e1620c0e0dce26c3fe93b
SHA256: 18696dd3a918e7a357407a85d3c4a32af3e497042fdd6975b39aab2d7e52964a
SHA512: c8e4220912c06d55abed50e3369b748dd383d6eddae1e0dd523297c52bb7cecb
84a9f8fc590aafa7f66f4fb42545fcbe8ef2c6f4834508cadcc205dd0f629f39
ssdeep: 3072:3MNw5Z4o5UEzOS9lhO1hKL/z2buuX+olvyFod7xIxc:3j4oGEzObh8/0Fxs
9c
PEiD..: ASPack v2.12
TrID..: File type identification
Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4a001
timedatestamp.....: 0x49848926 (Sat Jan 31 17:23:50 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2000 0xc00 7.58 ddd38f4ea8b816ef136f408add5cc3e5
.rdata 0x3000 0x1000 0x600 7.62 f273ebb45d79cdb923233944d8151e5f
.data 0x4000 0x1000 0x200 4.75 02f8eedb8d3e8f3228158ecadf5556b5
.rsrc 0x5000 0x45000 0x18600 7.99 d8d49e0a635c72b4338a92acc2418557
.aspack 0x4a000 0x2000 0x1200 5.78 b51cee893654a932ead409f285bbaabc
.adata 0x4c000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 6 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> mfc42.dll: -
> msvcrt.dll: _controlfp
> user32.dll: GetMessageA
> advapi32.dll: RegOpenKeyExA
> ntdll.dll: NtQueryObject

( 0 exports )
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=4f369fcaf670c23016842633f9e8d419' target='_blank'>http://www.threatexpert.com/report.aspx?md5=4f369fcaf670c23016842633f9e8d419</a>
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=46C56767009F4921B2D501A836C73B00E9E43639' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=46C56767009F4921B2D501A836C73B00E9E43639</a>
packers (Kaspersky): ASPack
packers (F-Prot): Aspack





Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.93 2009.02.08 -
AhnLab-V3 5.0.0.2 2009.02.07 -
AntiVir 7.9.0.76 2009.02.07 -
Authentium 5.1.0.4 2009.02.07 -
Avast 4.8.1335.0 2009.02.07 -
AVG 8.0.0.229 2009.02.07 -
BitDefender 7.2 2009.02.08 -
CAT-QuickHeal 10.00 2009.02.07 -
ClamAV 0.94.1 2009.02.08 -
Comodo 971 2009.02.08 -
DrWeb 4.44.0.09170 2009.02.08 -
eSafe 7.0.17.0 2009.02.08 -
eTrust-Vet 31.6.6346 2009.02.07 -
F-Prot 4.4.4.56 2009.02.07 -
F-Secure 8.0.14470.0 2009.02.08 -
Fortinet 3.117.0.0 2009.02.08 -
GData 19 2009.02.08 -
Ikarus T3.1.1.45.0 2009.02.08 -
K7AntiVirus 7.10.623 2009.02.07 -
Kaspersky 7.0.0.125 2009.02.08 -
McAfee 5518 2009.02.07 -
McAfee+Artemis 5519 2009.02.07 -
Microsoft 1.4306 2009.02.08 -
NOD32 3836 2009.02.07 -
Norman 6.00.02 2009.02.06 -
nProtect 2009.1.8.0 2009.02.08 -
Panda 9.5.1.2 2009.02.08 -
PCTools 4.4.2.0 2009.02.08 -
Prevx1 V2 2009.02.08 -
Rising 21.15.50.00 2009.02.07 -
SecureWeb-Gateway 6.7.6 2009.02.08 -
Sophos 4.38.0 2009.02.08 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.08 -
TheHacker 6.3.1.5.249 2009.02.08 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.08 -
ViRobot 2009.2.6.1594 2009.02.06 -
VirusBuster 4.5.11.0 2009.02.08 -
Rozšiřující informace
File size: 147968 bytes
MD5...: cb5a91928d94224e7e30ee277b45e8a3
SHA1..: c275744429f017d518138027c1a5bca3fb7b4043
SHA256: 96050a1db0567f64adc8273963a0709bed504b5b6581fdb5c8d6d45c016cded3
SHA512: 0ae7dba7eaf273b1113458ccf6792f121ac8350c011359e13edd6d422352290b
67129eaebeef2c9fa1ce25ccfd78434ee885258750fa29bb9f4412604ab355c4
ssdeep: 3072:9veatQxJtrK4LSZqLckUem27ri1vwBI+huFdb8MuTELr3vGVql5l6wfa:9v
ePPMqLckUet72FwBI+AFdb8MuZ
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x168ec
timedatestamp.....: 0x41107c0f (Wed Aug 04 06:02:55 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x178d2 0x17a00 6.36 7e7cbed25b02b3bf92f7c446d1b85239
.data 0x19000 0x40da0 0x400 1.20 608604848080cee7338324c4556bee35
.rsrc 0x5a000 0xbf88 0xc000 3.93 1a64a1adac9179f9b1e8fab9a5d7eefe

( 14 imports )
> msvcrt.dll: __p__commode, _adjust_fdiv, __p__fmode, _initterm, __getmainargs, _acmdln, __set_app_type, _except_handler3, __setusermatherr, _controlfp, exit, _XcptFilter, _exit, _c_exit, swprintf, iswprint, wcsncpy, wcslen, wcscat, wcscpy, _purecall, iswctype, wcscmp, wcschr, wcsncmp, wcsrchr, _cexit, memmove
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, InitializeSecurityDescriptor, RegDeleteValueW, InitializeAcl, SetSecurityDescriptorDacl, SetSecurityDescriptorSacl, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetInheritanceSourceW, LookupAccountSidW, GetSidSubAuthorityCount, GetSidSubAuthority, GetSecurityDescriptorControl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, SetSecurityInfo, SetNamedSecurityInfoW, GetNamedSecurityInfoW, MapGenericMask, RegSetValueExA, RegSetValueW, RegFlushKey, RegSaveKeyW, RegRestoreKeyW, RegConnectRegistryW, RegQueryValueExW, RegCloseKey, RegOpenKeyW, RegSetValueExW, RegCreateKeyW, RegEnumValueW, RegEnumKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegUnLoadKeyW, RegLoadKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegDeleteKeyW
> KERNEL32.dll: ReadFile, DeleteFileW, WriteFile, WideCharToMultiByte, CreateFileW, OutputDebugStringW, GetLastError, SetFilePointer, GetFileSize, SearchPathW, GetTimeFormatW, GetDateFormatW, GetSystemDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, FreeLibrary, LoadLibraryW, MulDiv, lstrcpynW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, MultiByteToWideChar, lstrcmpW, FormatMessageW, GetThreadLocale, GetModuleHandleW, ExitProcess, GetCommandLineW, GetProcessHeap, lstrcatW, LocalAlloc, GetCurrentProcess, CloseHandle, LocalFree, GetComputerNameW, lstrcmpiW, lstrlenW, lstrcpyW, LocalReAlloc, GlobalAlloc, GlobalLock, GlobalUnlock, GetProcAddress, LoadLibraryA
> GDI32.dll: GetStockObject, SetAbortProc, StartDocW, StartPage, SetViewportOrgEx, EndPage, EndDoc, AbortDoc, DeleteDC, CreateBitmap, CreatePatternBrush, PatBlt, ExcludeClipRect, SelectClipRgn, DeleteObject, SetBkColor, SetTextColor, ExtTextOutW, GetDeviceCaps, CreateFontIndirectW, SelectObject, GetTextMetricsW
> USER32.dll: SendDlgItemMessageW, SetDlgItemTextW, SetWindowLongW, DefWindowProcW, ReleaseDC, GetDC, SetScrollInfo, wsprintfW, DestroyCaret, ReleaseCapture, KillTimer, SetCaretPos, ScrollWindowEx, ShowCaret, HideCaret, InvalidateRect, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, GetClipboardData, WinHelpW, EndDialog, GetWindowLongW, EndPaint, BeginPaint, CreateCaret, SetTimer, SetCapture, SetFocus, CharLowerW, GetDlgItem, DestroyMenu, TrackPopupMenuEx, IsClipboardFormatAvailable, EnableMenuItem, GetSubMenu, LoadMenuW, GetKeyState, RegisterClassW, LoadCursorW, RegisterClipboardFormatW, CheckRadioButton, SendMessageW, GetWindowTextW, GetParent, GetDlgItemTextW, IsDlgButtonChecked, GetDlgCtrlID, CallWindowProcW, GetWindowTextLengthW, GetDlgItemInt, PostQuitMessage, GetWindowPlacement, SetWindowTextW, EnableWindow, GetWindowRect, DrawMenuBar, InsertMenuItemW, DeleteMenu, SetMenuItemInfoW, GetMenu, GetMenuItemInfoW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsIconic, DestroyIcon, LoadImageW, GetSysColor, SetCursor, ShowCursor, ShowWindow, SetWindowPlacement, CreateWindowExW, GetProcessDefaultLayout, GetMessageW, ScreenToClient, SetCursorPos, DispatchMessageW, ClientToScreen, GetDesktopWindow, LoadIconW, PostMessageW, SetMenuDefaultItem, InsertMenuW, GetMenuItemID, CheckMenuItem, UpdateWindow, RegisterClassExW, CharNextW, GetClientRect, DestroyWindow, CreateDialogParamW, CheckDlgButton, DrawAnimatedRects, IntersectRect, ModifyMenuW, GetMessagePos, TranslateMessage, TranslateAcceleratorW, LoadAcceleratorsW, SetForegroundWindow, GetLastActivePopup, BringWindowToTop, FindWindowW, LoadStringW, GetWindow, IsDialogMessageW, PeekMessageW, MessageBoxW, CharUpperBuffW, CharUpperW, IsCharAlphaNumericW, GetSystemMetrics, MoveWindow, MapWindowPoints, DialogBoxParamW, SetWindowPos, MessageBeep
> COMCTL32.dll: -, -, -, -, InitCommonControlsEx, -, -, ImageList_SetBkColor, ImageList_Create, ImageList_Destroy, -, -, ImageList_ReplaceIcon, -, -, -, -, CreateStatusWindowW
> comdlg32.dll: GetOpenFileNameW, GetSaveFileNameW, PrintDlgExW
> SHELL32.dll: ShellAboutW, DragQueryFileW, DragFinish
> AUTHZ.dll: AuthzInitializeContextFromSid, AuthzAccessCheck, AuthzFreeContext, AuthzFreeResourceManager, AuthzInitializeResourceManager
> ACLUI.dll: -
> ole32.dll: CoCreateInstance, CoUninitialize, CoInitializeEx, ReleaseStgMedium
> ulib.dll: _Resize@DSTRING@@UAEEK@Z, _Initialize@ARRAY@@QAEEKK@Z, _NewBuf@DSTRING@@UAEEK@Z, __1DSTRING@@UAE@XZ, __1OBJECT@@UAE@XZ, __0OBJECT@@IAE@XZ, _Compare@OBJECT@@UBEJPBV1@@Z, __0DSTRING@@QAE@XZ, _Initialize@WSTRING@@QAEEPBV1@KK@Z, _Strcat@WSTRING@@QAEEPBV1@@Z, __0ARRAY@@QAE@XZ, _Initialize@WSTRING@@QAEEPBGK@Z
> clb.dll: ClbAddData, ClbSetColumnWidths
> ntdll.dll: RtlFreeHeap, RtlAllocateHeap

( 0 exports )
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=cb5a91928d94224e7e30ee277b45e8a3' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=cb5a91928d94224e7e30ee277b45e8a3</a>



Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.93 2009.02.08 -
AhnLab-V3 5.0.0.2 2009.02.07 -
AntiVir 7.9.0.76 2009.02.07 -
Authentium 5.1.0.4 2009.02.07 -
Avast 4.8.1335.0 2009.02.07 -
AVG 8.0.0.229 2009.02.07 -
BitDefender 7.2 2009.02.08 -
CAT-QuickHeal 10.00 2009.02.07 -
ClamAV 0.94.1 2009.02.08 -
Comodo 971 2009.02.08 -
DrWeb 4.44.0.09170 2009.02.08 -
eSafe 7.0.17.0 2009.02.08 -
eTrust-Vet 31.6.6346 2009.02.07 -
F-Prot 4.4.4.56 2009.02.07 -
F-Secure 8.0.14470.0 2009.02.08 -
Fortinet 3.117.0.0 2009.02.08 -
GData 19 2009.02.08 -
Ikarus T3.1.1.45.0 2009.02.08 -
K7AntiVirus 7.10.623 2009.02.07 -
Kaspersky 7.0.0.125 2009.02.08 -
McAfee 5518 2009.02.07 -
McAfee+Artemis 5519 2009.02.07 -
Microsoft 1.4306 2009.02.08 -
NOD32 3836 2009.02.07 -
Norman 6.00.02 2009.02.06 -
nProtect 2009.1.8.0 2009.02.08 -
Panda 9.5.1.2 2009.02.08 -
PCTools 4.4.2.0 2009.02.08 -
Prevx1 V2 2009.02.08 -
Rising 21.15.50.00 2009.02.07 -
SecureWeb-Gateway 6.7.6 2009.02.08 -
Sophos 4.38.0 2009.02.08 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.08 -
TheHacker 6.3.1.5.249 2009.02.08 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.08 -
ViRobot 2009.2.6.1594 2009.02.06 -
VirusBuster 4.5.11.0 2009.02.08 -
Rozšiřující informace
File size: 9216 bytes
MD5...: 5aa80cedda399c3574d6025cf6949dcc
SHA1..: 6663eec2801b47abe2487a502d078bc104b684be
SHA256: 6eaa1bdee8793ad16579fd761720366323344cbebb304ed9979a3e254ce33573
SHA512: d00dbd1ccbd60f977e621fbe288e692d32129fb9c328abf48f7586654c56ec3d
b72493dbe1b81cfe6aa4d32e9747195b69f1c07c3b10b62b2967f6b451a9f3b6
ssdeep: 192:FyqQ4coKZLHRkb6OWuFqPMk/3ElG4WXIW:FtFcRbibLqt3E84WXIW
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1c72
timedatestamp.....: 0x3b7d8438 (Fri Aug 17 20:53:12 2001)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1996 0x1a00 6.27 30914a14c3316dcdedeb37105c55a454
.data 0x3000 0x24 0x200 0.02 9475a59226943a3ad422e18169989f66
.rsrc 0x4000 0x3e0 0x400 3.28 bff400c1afb322deb464b966ae0bd2ad

( 4 imports )
> msvcrt.dll: _exit, _XcptFilter, _cexit, __initenv, __getmainargs, _initterm, __setusermatherr, _c_exit, __p__commode, __p__fmode, __set_app_type, _controlfp, _except_handler3, _wcsupr, _adjust_fdiv, exit
> KERNEL32.dll: CompareStringW, GetModuleHandleA
> ulib.dll: _GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ, _GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ, _GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ, _Fatal@PROGRAM@@UBEXXZ, _Fatal@PROGRAM@@UBAXKKPADZZ, _DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z, _DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ, _Compare@OBJECT@@UBEJPBV1@@Z, __0STREAM_MESSAGE@@QAE@XZ, __0MULTIPLE_PATH_ARGUMENT@@QAE@XZ, __0DSTRING@@QAE@XZ, __0PROGRAM@@IAE@XZ, __1PROGRAM@@UAE@XZ, __1DSTRING@@UAE@XZ, __1MULTIPLE_PATH_ARGUMENT@@UAE@XZ, _Usage@PROGRAM@@UBEXXZ, __1OBJECT@@UAE@XZ, _Initialize@WSTRING@@QAEEPBGK@Z, _ReadLine@STREAM@@QAEEPAVWSTRING@@E@Z, _SetConsoleConversions@WSTRING@@SGXXZ, _Initialize@WSTRING@@QAEEXZ, _QueryWSTR@WSTRING@@QBEPAGKKPAGKE@Z, _QueryStream@FSN_FILE@@QAEPAVFILE_STREAM@@W4STREAMACCESS@@K@Z, _QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z, _IsDrive@PATH@@QBEEXZ, _QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z, _Initialize@WSTRING@@QAEEPBV1@KK@Z, _Get_Standard_Input_Stream@@YGPAVSTREAM@@XZ, __1ARGUMENT_LEXEMIZER@@UAE@XZ, __1ARRAY@@UAE@XZ, __1STRING_ARGUMENT@@UAE@XZ, _IsValueSet@ARGUMENT@@QAEEXZ, _DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z, _PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z, _SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z, _PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z, _PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z, _Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z, _Put@ARRAY@@UAEEPAVOBJECT@@@Z, _Initialize@MULTIPLE_PATH_ARGUMENT@@QAEEPADEE@Z, _Initialize@FLAG_ARGUMENT@@QAEEPAD@Z, _Initialize@STRING_ARGUMENT@@QAEEPAD@Z, _Initialize@ARRAY@@QAEEKK@Z, _IsCorrectVersion@SYSTEM@@SGEXZ, _Initialize@PROGRAM@@QAEEKKK@Z, __0FLAG_ARGUMENT@@QAE@XZ, __0STRING_ARGUMENT@@QAE@XZ, __0ARRAY@@QAE@XZ, __0ARGUMENT_LEXEMIZER@@QAE@XZ, _Initialize@CLASS_DESCRIPTOR@@QAEEXZ, __0CLASS_DESCRIPTOR@@QAE@XZ, _ValidateVersion@PROGRAM@@UBEXKK@Z, _Initialize@WSTRING@@QAEEPBDK@Z, __1STREAM_MESSAGE@@UAE@XZ
> ntdll.dll: RtlFreeHeap, RtlAllocateHeap

( 0 exports )



Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.93 2009.02.08 -
AhnLab-V3 5.0.0.2 2009.02.07 -
AntiVir 7.9.0.76 2009.02.07 -
Authentium 5.1.0.4 2009.02.07 -
Avast 4.8.1335.0 2009.02.07 -
AVG 8.0.0.229 2009.02.07 -
BitDefender 7.2 2009.02.08 -
CAT-QuickHeal 10.00 2009.02.07 -
ClamAV 0.94.1 2009.02.08 -
Comodo 971 2009.02.08 -
DrWeb 4.44.0.09170 2009.02.08 -
eSafe 7.0.17.0 2009.02.08 -
eTrust-Vet 31.6.6346 2009.02.07 -
F-Prot 4.4.4.56 2009.02.07 -
F-Secure 8.0.14470.0 2009.02.08 -
Fortinet 3.117.0.0 2009.02.08 -
GData 19 2009.02.08 -
Ikarus T3.1.1.45.0 2009.02.08 -
K7AntiVirus 7.10.623 2009.02.07 -
Kaspersky 7.0.0.125 2009.02.08 -
McAfee 5518 2009.02.07 -
McAfee+Artemis 5519 2009.02.07 -
Microsoft 1.4306 2009.02.08 -
NOD32 3836 2009.02.07 -
Norman 6.00.02 2009.02.06 -
nProtect 2009.1.8.0 2009.02.08 -
Panda 9.5.1.2 2009.02.08 -
PCTools 4.4.2.0 2009.02.08 -
Prevx1 V2 2009.02.08 -
Rising 21.15.50.00 2009.02.07 -
SecureWeb-Gateway 6.7.6 2009.02.08 -
Sophos 4.38.0 2009.02.08 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.08 -
TheHacker 6.3.1.5.249 2009.02.08 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.08 -
ViRobot 2009.2.6.1594 2009.02.06 -
VirusBuster 4.5.11.0 2009.02.08 -
Rozšiřující informace
File size: 11264 bytes
MD5...: 2f77276c33fa3fa4a5c8a5354d095d6d
SHA1..: b5f3538503d64295ef6d7280e33c3b01fe01aa48
SHA256: 90ab6b7b78d70269bf5706825f5c2ef5ef21d6155fdfdee1dfd473e6ea381ccd
SHA512: 950fd7cd896b782e102d572c8d5c88c18c6faa74e1b5bf56fb8ce94dc8dca017
92aaf17e30bbc45cd87c1f07f1dd083d1c54fda69aefbf3b72c6f45b0d85a366
ssdeep: 192:FiqS/hlZ9wbJkMZQSRzRH1u+oNVbgwc4A3tOMk7umWCtW:Fi9bZWbJFZRVc5
A3tOwmWCtW
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x22a8
timedatestamp.....: 0x3b7d8418 (Fri Aug 17 20:52:40 2001)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x20be 0x2200 6.17 0fcf1882aa63f5848755bca75c7e06fd
.data 0x4000 0x24 0x200 0.02 9475a59226943a3ad422e18169989f66
.rsrc 0x5000 0x3d0 0x400 3.25 a6875ac6075414ced483f6c83a2188b6

( 4 imports )
> ulib.dll: _PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z, _PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z, _SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z, _PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z, _Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z, _Initialize@ARRAY@@QAEEKK@Z, _Initialize@WSTRING@@QAEEPBGK@Z, _Initialize@STREAM_MESSAGE@@QAEEPAVSTREAM@@00@Z, _Get_Standard_Input_Stream@@YGPAVSTREAM@@XZ, _Get_Standard_Output_Stream@@YGPAVSTREAM@@XZ, __0DSTRING@@QAE@XZ, __0PATH@@QAE@XZ, __0STRING_ARGUMENT@@QAE@XZ, __0ARRAY@@QAE@XZ, __0ARGUMENT_LEXEMIZER@@QAE@XZ, _QueryFsnodeArray@FSN_DIRECTORY@@QBEPAVARRAY@@PAVFSN_FILTER@@@Z, __1PROGRAM@@UAE@XZ, __1PATH_ARGUMENT@@UAE@XZ, _Initialize@STRING_ARGUMENT@@QAEEPAD@Z, __1STREAM_MESSAGE@@UAE@XZ, _ValidateVersion@PROGRAM@@UBEXKK@Z, _Usage@PROGRAM@@UBEXXZ, _GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ, _GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ, _GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ, _Fatal@PROGRAM@@UBEXXZ, _Fatal@PROGRAM@@UBAXKKPADZZ, _DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z, _DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ, _Compare@OBJECT@@UBEJPBV1@@Z, __0STREAM_MESSAGE@@QAE@XZ, __0FSN_FILTER@@QAE@XZ, __0PATH_ARGUMENT@@QAE@XZ, __0FLAG_ARGUMENT@@QAE@XZ, __0PROGRAM@@IAE@XZ, _Initialize@CLASS_DESCRIPTOR@@QAEEXZ, __0CLASS_DESCRIPTOR@@QAE@XZ, _Initialize@FLAG_ARGUMENT@@QAEEPAD@Z, _Initialize@PATH_ARGUMENT@@QAEEPADE@Z, _Put@ARRAY@@UAEEPAVOBJECT@@@Z, _IsValueSet@ARGUMENT@@QAEEXZ, _DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z, _Initialize@PATH@@QAEEPBGE@Z, _Initialize@PATH@@QAEEPBVWSTRING@@E@Z, _IsDrive@PATH@@QBEEXZ, _Initialize@WSTRING@@QAEEPBV1@KK@Z, _Strcat@WSTRING@@QAEEPBV1@@Z, _Initialize@PATH@@QAEEPBV1@E@Z, _QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z, _Initialize@FSN_FILTER@@QAEEXZ, _SetFileName@FSN_FILTER@@QAEEPBD@Z, _SetAttributes@FSN_FILTER@@QAEEKKK@Z, _SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z, _DeleteAllMembers@ARRAY@@UAEEXZ, __1STRING_ARGUMENT@@UAE@XZ, __1PATH@@UAE@XZ, __1ARRAY@@UAE@XZ, __1ARGUMENT_LEXEMIZER@@UAE@XZ, __1OBJECT@@UAE@XZ, __1DSTRING@@UAE@XZ, _Display@MESSAGE@@QAAEPBDZZ, _Initialize@WSTRING@@QAEEPBDK@Z, __1FSN_FILTER@@UAE@XZ, _QueryString@WSTRING@@QBEPAV1@KK@Z
> ntdll.dll: wcschr, RtlFreeHeap, RtlAllocateHeap, swprintf
> msvcrt.dll: _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, exit, _cexit, _XcptFilter, _exit, _c_exit, _except_handler3
> KERNEL32.dll: SetFileAttributesW, GetLastError, GetModuleHandleA

( 0 exports )





Ten první soubor sem už nenašel!

[jaboos]

ComboFix 09-02-07.01 - Dušan 2009-02-08 17:13:39.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.895.430 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dušan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dušan\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090207-0] *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\system32\eEmpty.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\eEmpty.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-08 do 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d-------- c:\documents and settings\Administrator.DU-C98609251519\Plocha
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d--h----- c:\documents and settings\Administrator.DU-C98609251519\Okolní tiskárny
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d--h----- c:\documents and settings\Administrator.DU-C98609251519\Okolní síť
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d-------- c:\documents and settings\Administrator.DU-C98609251519\Oblíbené položky
2009-02-08 12:21 . 2008-10-04 10:07 <DIR> d--h----- c:\documents and settings\Administrator.DU-C98609251519\Šablony
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> dr------- c:\documents and settings\Administrator.DU-C98609251519\Nabídka Start
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d-------- c:\documents and settings\Administrator.DU-C98609251519\Dokumenty
2009-02-08 12:21 . 2009-02-08 12:24 <DIR> dr-h----- c:\documents and settings\Administrator.DU-C98609251519\Data aplikací
2009-02-08 12:21 . 2009-02-08 12:21 <DIR> d-------- c:\documents and settings\Administrator.DU-C98609251519
2009-02-03 13:29 . 2009-02-03 13:29 <DIR> d-------- c:\documents and settings\Dominik.DU-C98609251519\Data aplikací\Logitech
2009-02-01 15:41 . 2009-02-01 15:41 <DIR> d-------- c:\program files\Quicksys
2009-02-01 15:41 . 2009-02-01 15:41 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Quicksys
2009-02-01 15:41 . 2008-04-14 07:52 578,560 --a------ c:\windows\system32\ltqzwir
2009-02-01 15:41 . 2009-02-01 15:41 111,104 --a------ c:\windows\system32\azton.mt
2009-01-31 11:58 . 2009-01-31 11:58 <DIR> d---s---- c:\program files\Xfire
2009-01-31 11:58 . 2009-01-31 23:06 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\Xfire
2009-01-31 11:57 . 2003-03-16 00:15 90,112 --a------ c:\windows\unvise32.exe
2009-01-31 11:44 . 2009-01-31 20:26 <DIR> d-------- c:\program files\The Guild 2
2009-01-30 12:03 . 2009-01-30 12:03 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\AVS4YOU
2009-01-30 12:02 . 2009-01-30 12:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\AVS4YOU
2009-01-30 12:01 . 2009-01-30 12:54 <DIR> d-------- c:\program files\Common Files\AVSMedia
2009-01-30 12:01 . 2009-01-30 13:00 <DIR> d-------- c:\program files\AVS4YOU
2009-01-30 12:01 . 2008-08-13 10:22 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
2009-01-30 11:57 . 2009-01-30 11:57 <DIR> d-------- c:\program files\VideoLAN
2009-01-30 11:50 . 2009-01-30 11:50 <DIR> d-------- c:\program files\Combined Community Codec Pack
2009-01-30 11:44 . 2009-01-30 11:46 156 --a------ c:\windows\Eztoo MKV Video Converter.ini
2009-01-30 11:44 . 2009-01-30 11:45 118 --a------ c:\windows\pro Eztoo MKV Video Converter.ini
2009-01-30 11:44 . 2009-01-30 11:46 1 --a------ c:\windows\system32\Eztoo MKV Video Converter.dat
2009-01-30 11:40 . 2009-01-30 11:42 <DIR> d-------- c:\program files\MKV to DVD Converter
2009-01-30 11:40 . 2009-01-30 11:40 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\DVD Flick
2009-01-30 11:40 . 2004-03-09 00:00 662,288 --a------ c:\windows\system32\mscomct2.ocx
2009-01-30 11:40 . 2004-03-09 00:00 212,240 --a------ c:\windows\system32\richtx32.ocx
2009-01-30 11:40 . 2000-05-19 17:56 81,920 --a------ c:\windows\system32\mbmouse.ocx
2009-01-30 11:40 . 2000-11-05 15:27 36,864 --a------ c:\windows\system32\trayicon.ocx
2009-01-29 21:03 . 2009-01-29 21:03 <DIR> d-------- c:\program files\Common Files\CyberLink
2009-01-20 17:13 . 2009-01-20 17:13 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\EPSON
2009-01-17 20:22 . 2009-01-17 20:30 <DIR> d-------- c:\program files\RegCleaner
2009-01-13 19:45 . 2009-01-13 19:45 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\skypePM
2009-01-13 19:45 . 2009-01-13 19:45 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-13 19:42 . 2009-01-13 19:42 <DIR> d-------- c:\program files\Skype
2009-01-13 19:42 . 2009-01-14 19:33 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\Skype
2009-01-13 19:41 . 2009-01-13 19:42 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Skype
2009-01-12 18:03 . 2009-01-12 18:03 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Raxco
2009-01-12 18:03 . 2009-01-05 14:16 71,184 -ra------ c:\windows\system32\drivers\DefragFS.sys
2009-01-12 18:02 . 2009-01-12 18:03 <DIR> d-------- c:\program files\Raxco

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 16:11 --------- d-----w c:\documents and settings\Dušan\Data aplikací\uTorrent
2009-02-07 15:56 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Data aplikací\TEMP
2009-02-07 09:14 --------- d-----w c:\program files\QIP
2009-02-04 16:01 --------- d-----w c:\program files\Warcraft III
2009-02-03 15:54 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\DriverScanner
2009-01-30 10:34 47,360 ----a-w c:\documents and settings\Dušan\Data aplikací\pcouffin.sys
2009-01-30 10:34 --------- d-----w c:\documents and settings\Dušan\Data aplikací\Vso
2009-01-29 20:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 20:04 --------- d-----w c:\documents and settings\Dušan\Data aplikací\CyberLink
2009-01-29 20:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\CyberLink
2009-01-29 20:02 --------- d-----w c:\program files\CyberLink
2009-01-29 19:31 --------- d-----w c:\documents and settings\Dušan\Data aplikací\dvdcss
2009-01-27 22:15 --------- d-----w c:\documents and settings\Dušan\Data aplikací\Hamachi
2009-01-26 16:14 --------- d-----w c:\program files\Kooperativa
2009-01-26 15:03 --------- d-----w c:\documents and settings\Dušan\Data aplikací\ICQ
2009-01-20 16:37 --------- d-----w c:\program files\ABBYY FineReader 6.0 Sprint
2009-01-13 18:42 --------- d-----w c:\program files\Common Files\Skype
2009-01-12 16:09 --------- d-----w c:\program files\RegScrubXP
2009-01-10 10:18 --------- d-----w c:\program files\EA GAMES
2009-01-07 16:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-06 17:04 626,688 ----a-w c:\windows\system32\msvcr80.dll
2009-01-06 17:04 548,864 ----a-w c:\windows\system32\msvcp80.dll
2009-01-06 17:03 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\MicroWorld
2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-04 17:21 --------- d-----w c:\program files\RegistryFix6
2009-01-03 17:48 --------- d-----w c:\documents and settings\Dušan\Data aplikací\Malwarebytes
2009-01-03 17:48 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2008-12-31 12:12 230,664 ----a-w c:\windows\system32\PDBoot.exe
2008-12-30 09:57 --------- d-----w c:\program files\Xilisoft
2008-12-25 09:18 --------- d-----w c:\program files\OLYMPUS
2008-12-23 17:24 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-23 17:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-23 17:14 --------- d-----w c:\documents and settings\Dušan\Data aplikací\SUPERAntiSpyware.com
2008-12-23 10:26 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\LogiShrd
2008-12-23 09:50 --------- d-----w c:\program files\Common Files\Logitech
2008-12-23 09:50 --------- d-----w c:\documents and settings\Dušan\Data aplikací\InstallShield
2008-12-22 17:33 --------- d-----w c:\documents and settings\Mamka.DU-C98609251519\Data aplikací\Logitech
2008-12-22 15:53 --------- d-----w c:\program files\PKR
2008-12-22 15:36 387 ----a-w c:\documents and settings\Dušan\Cossacks.reg
2008-12-22 15:36 387 ----a-w c:\documents and settings\Dušan\Cossacks.reg
2008-12-22 15:08 --------- d-----w c:\documents and settings\Dušan\Data aplikací\Logitech
2008-12-22 15:07 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-22 15:07 --------- d-----w c:\program files\Logitech
2008-12-22 15:06 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Logitech
2008-12-22 12:49 --------- dc-h--w c:\documents and settings\All Users.WINDOWS\Data aplikací\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-12-21 19:35 --------- d-----w c:\program files\ICQ6.5
2008-12-20 18:51 --------- d-----w c:\program files\Realtek AC97
2008-12-20 18:33 --------- dc-h--w c:\documents and settings\All Users.WINDOWS\Data aplikací\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2008-12-20 18:33 --------- d-----w c:\program files\Uniblue DriverScanner 2009
2008-12-17 16:55 --------- d-----w c:\program files\Opera
2008-12-12 23:08 --------- d-----w c:\program files\RadLight Company
2008-12-12 23:08 --------- d-----w c:\documents and settings\Dušan\Data aplikací\RadLight Company
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 18:09 --------- d-----w c:\program files\QIP Infium
2008-12-09 16:20 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2008-11-19 18:25 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-06 18:58 88 --sh--r c:\documents and settings\All Users.WINDOWS\Data aplikací\20E5E011EE.sys
2008-10-06 18:58 2,516 --sha-w c:\documents and settings\All Users.WINDOWS\Data aplikací\KGyGaAvL.sys
2007-06-04 14:54 47,360 ----a-w c:\documents and settings\Dušánek\Data aplikací\pcouffin.sys
2007-05-31 15:37 12 ----a-w c:\documents and settings\Dušánek\USERDATA.DAT
2004-08-17 13:49 27,648 ----a-w c:\documents and settings\Dušánek\findstr.exe
2004-08-17 13:49 147,968 ----a-w c:\documents and settings\Dušánek\regedit.exe
2001-10-25 14:00 9,216 ----a-w c:\documents and settings\Dušánek\find.exe
2001-10-25 14:00 11,264 ----a-w c:\documents and settings\Dušánek\attrib.exe
2008-10-04 09:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100420081005\index.dat
.

------- Sigcheck -------

2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-04-13 23:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-02-08_13.37.40.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-08 13:55:42 16,384 ----atw c:\windows\temp\Perflib_Perfdata_574.dat
+ 2009-02-08 13:55:15 16,384 ----atw c:\windows\temp\Perflib_Perfdata_798.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-02-06 3367424]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2008-10-08 270128]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
"Google Update"="c:\documents and settings\Dušan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-01-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-17 7307264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-17 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-11-07 54576]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"nwiz"="nwiz.exe" [2005-10-17 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Duçan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-11-10 625952]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-22 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-23 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2008-12-22 43936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-06 111184]
R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2008-12-22 11264]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-10-07 20:31:38 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-06 20560]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-04-13 69120]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]
.
Obsah adresáře 'Naplánované úlohy'

2009-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1450960922-682003330-1003.job
- c:\documents and settings\Dua []
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 17:17:46
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1450960922-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
.
Celkový čas: 2009-02-08 17:20:16
ComboFix-quarantined-files.txt 2009-02-08 16:20:13
ComboFix2.txt 2009-02-08 12:38:32

Před spuštěním: 5 945 802 752
Po spuštění: 5,949,419,520

244 --- E O F --- 2009-01-14 18:45:02





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:15, on 8.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Documents and Settings\Dušan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dušan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8240 bytes

[jaro3]

Myslel jsem vložit odkazy na web. stránky s těmi nálezy, takhle nevím , co k čemu patří.
Jestli máš tak sem ty odkazy vlož.

[jaboos]

http://www.virustotal.com/cs/analisis/6 ... 07d106ad63

http://www.virustotal.com/cs/analisis/c ... bba253cd04

http://www.virustotal.com/cs/analisis/7 ... 8e13ad1863

http://www.virustotal.com/cs/analisis/e ... d5dade87b2

http://www.virustotal.com/cs/analisis/d ... 4c79a38f74

[jaro3]

O.K., toto jsi netestoval nebo ukazuje 0bytes:
c:\documents and settings\All Users.WINDOWS\Data aplikací\20E5E011EE.sys ?

[jaboos]

Psal sem že to nemuzu najit! v te složce nic takovyho neni...zkousel sem to aji hledat a nic!