PROSIM O KONTROLU LOGU Vyřešeno

[TTT_111]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.24 2009.08.04 -
AhnLab-V3 5.0.0.2 2009.08.04 -
AntiVir 7.9.0.240 2009.08.04 -
Antiy-AVL 2.0.3.7 2009.08.04 -
Authentium 5.1.2.4 2009.08.03 -
Avast 4.8.1335.0 2009.08.04 -
AVG 8.5.0.406 2009.08.04 -
BitDefender 7.2 2009.08.04 -
CAT-QuickHeal 10.00 2009.08.04 -
ClamAV 0.94.1 2009.08.04 -
Comodo 1864 2009.08.04 -
DrWeb 5.0.0.12182 2009.08.04 -
eSafe 7.0.17.0 2009.08.04 -
eTrust-Vet 31.6.6657 2009.08.04 -
F-Prot 4.4.4.56 2009.08.03 -
F-Secure 8.0.14470.0 2009.08.04 -
Fortinet 3.120.0.0 2009.08.04 -
GData 19 2009.08.04 -
Ikarus T3.1.1.64.0 2009.08.04 -
Jiangmin 11.0.800 2009.08.04 -
K7AntiVirus 7.10.810 2009.08.04 -
Kaspersky 7.0.0.125 2009.08.04 -
McAfee 5697 2009.08.03 -
McAfee+Artemis 5697 2009.08.03 -
McAfee-GW-Edition 6.8.5 2009.08.04 -
Microsoft 1.4903 2009.08.04 -
NOD32 4305 2009.08.04 -
Norman 6.01.09 2009.08.04 -
nProtect 2009.1.8.0 2009.08.04 -
Panda 10.0.0.14 2009.08.04 -
PCTools 4.4.2.0 2009.08.04 -
Prevx 3.0 2009.08.04 -
Rising 21.41.14.00 2009.08.04 -
Sophos 4.44.0 2009.08.04 -
Sunbelt 3.2.1858.2 2009.08.04 -
Symantec 1.4.4.12 2009.08.04 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.04 -
VBA32 3.12.10.9 2009.08.04 -
ViRobot 2009.8.4.1867 2009.08.04 -
VirusBuster 4.6.5.0 2009.08.04 -
Rozšiřující informace
File size: 2981419 bytes
MD5...: 1d4ff77c868bc6e059100862568fa3d0
SHA1..: 52f5d6b2087bb9edfd15c1209aa2ac19b6669429
SHA256: 8ea136faac61a94190fb24ca17d0f7db6634c30d6cef0ef813543b3e67d5970b
ssdeep: 49152:nHBqq73YvxL7Ge7Z6VfEyMtw+zdmHaXzl+FT1+07U+:nhqq7o5/9UFEx5z
dulnX

PEiD..: -
TrID..: File type identification
InstallShield setup (43.3%)
Win32 EXE PECompact compressed (generic) (41.8%)
Win32 Executable Generic (8.5%)
Win16/32 Executable Delphi generic (2.0%)
Generic Win/DOS Executable (2.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1c8668
timedatestamp.....: 0x47a90430 (Wed Feb 06 00:49:52 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1c3284 0x1c3400 6.53 f7f2d7e450e75a1ea6423777d5e4e513
.itext 0x1c5000 0x5528 0x5600 6.16 a1d0a99950507ecf10f578122d7787e7
.data 0x1cb000 0x93d8 0x9400 4.59 12261464ab33376d93d6987fbbf33abd
.bss 0x1d5000 0x67a4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x1dc000 0x483a 0x4a00 5.23 674689aae8f8a8a4b72bef732ddf3a7d
.tls 0x1e1000 0x34 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x1e2000 0x18 0x200 0.21 5d246d85108cb0e89a649d069a4b8d05
.reloc 0x1e3000 0x1c894 0x1ca00 6.69 6e5b7a29c8ebf73e28bb06db59b0b4fb
.rsrc 0x200000 0x5f100 0x5f200 5.29 2d9c66a8d9b111dcfc36c6e8dee2aa52

( 32 imports )
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> user32.dll: GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
> kernel32.dll: GetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringA, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> user32.dll: CreateWindowExA, mouse_event, WindowFromPoint, WaitMessage, ValidateRect, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetUserObjectSecurity, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenuItemBitmaps, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, SendDlgItemMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxExA, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LockWindowUpdate, LoadStringA, LoadKeyboardLayoutA, LoadImageA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, IsCharAlphaNumericA, IsCharAlphaA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRgn, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetUserObjectInformationA, GetUpdateRect, GetTopWindow, GetThreadDesktop, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetProcessWindowStation, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenuDefaultItem, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowExA, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseWindowStation, CloseDesktop, CloseClipboard, ClipCursor, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CharUpperBuffW, CharNextExA, CharLowerBuffW, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, AppendMenuA, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
> gdi32.dll: UnrealizeObject, TextOutW, StrokePath, StretchDIBits, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextJustification, SetTextCharacterExtra, SetTextColor, SetTextAlign, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, PtInRegion, Polyline, Polygon, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWindowExtEx, GetWinMetaFileBits, GetViewportOrgEx, GetViewportExtEx, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32W, GetTextExtentPoint32A, GetTextExtentExPointW, GetTextColor, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetCurrentObject, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBkColor, GetBitmapBits, GdiFlush, FrameRgn, FillRgn, ExtTextOutW, ExtTextOutA, ExtFloodFill, ExtCreateRegion, ExtCreatePen, ExcludeClipRect, EnumFontFamiliesExA, EndPath, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, DPtoLP, CreateSolidBrush, CreateRoundRectRgn, CreateRectRgnIndirect, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePen, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateEllipticRgnIndirect, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, CloseFigure, CloseEnhMetaFile, BitBlt, BeginPath, Arc
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> mpr.dll: WNetGetConnectionA
> kernel32.dll: lstrlenW, lstrcpyA, lstrcmpA, WritePrivateProfileStringA, WriteFile, WinExec, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, VerLanguageNameA, TerminateThread, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetFileApisToANSI, SetEvent, SetErrorMode, SetEndOfFile, SearchPathA, ResumeThread, ResetEvent, RemoveDirectoryA, ReadProcessMemory, ReadFile, OpenProcess, MultiByteToWideChar, MulDiv, MoveFileExA, MoveFileA, LockResource, LocalFree, LocalAlloc, LoadResource, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, IsValidLocale, IsDBCSLeadByte, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalMemoryStatus, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVolumeInformationA, GetVersionExW, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetShortPathNameW, GetShortPathNameA, GetProfileStringA, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameW, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA, GetExitCodeThread, GetExitCodeProcess, GetEnvironmentStringsA, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCommandLineA, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FreeEnvironmentStringsA, FormatMessageA, FindResourceA, FindNextFileA, FindNextChangeNotification, FindFirstFileA, FindCloseChangeNotification, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExpandEnvironmentStringsA, EnumCalendarInfoA, EnterCriticalSection, DeviceIoControl, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringW, CompareStringA, CloseHandle
> advapi32.dll: SetSecurityDescriptorSacl, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, SetKernelObjectSecurity, RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegOpenKeyA, RegFlushKey, RegEnumValueA, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueA, LookupAccountSidA, LookupAccountNameA, LogonUserA, IsValidSid, IsValidAcl, InitializeSecurityDescriptor, GetUserNameA, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority, GetSidIdentifierAuthority, GetSecurityDescriptorSacl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetLengthSid, GetKernelObjectSecurity, FreeSid, EqualSid, CreateProcessAsUserA, AllocateAndInitializeSid, AdjustTokenPrivileges
> kernel32.dll: Sleep
> ole32.dll: CLSIDFromString, CoTaskMemFree, StringFromCLSID
> oleaut32.dll: GetErrorInfo, GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString
> ole32.dll: CreateStreamOnHGlobal, IsAccelerator, ReleaseStgMedium, OleDraw, OleSetMenuDescriptor, RevokeDragDrop, OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateGuid, CLSIDFromProgID, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
> shell32.dll: Shell_NotifyIconA, ShellExecuteExA, ShellExecuteA, SHGetFileInfoA
> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
> shell32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder, SHBrowseForFolderA
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
> winspool.drv: SetPrinterA, OpenPrinterA, GetPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter
> comdlg32.dll: ChooseFontA, ChooseColorA, GetSaveFileNameA, GetOpenFileNameA
> advapi32.dll: StartServiceA, QueryServiceStatus, OpenServiceA, OpenSCManagerA, CloseServiceHandle
> shell32.dll: SHAppBarMessage
> mia.lib: ExtractArchive, GetLastArchiveError, CloseListArchive, OpenListArchive
> winmm.dll: timeGetTime, sndPlaySoundA
> kernel32.dll: GetProcAddress, LoadLibraryA, GetModuleHandleA
> ole32.dll: CoUninitialize, CoInitialize
> ole32.dll: CoCreateInstance, CoTaskMemFree
> shell32.dll: SHGetMalloc, SHGetDesktopFolder
> shell32.dll: SHGetInstanceExplorer
> kernel32.dll: FindFirstChangeNotificationA
> ole32.dll: DoDragDrop, RegisterDragDrop

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set

[Reklama]

[TTT_111]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.05.30 -
AhnLab-V3 5.0.0.2 2009.05.29 -
AntiVir 7.9.0.180 2009.05.29 TR/Agent.IQK
Antiy-AVL 2.0.3.1 2009.05.27 -
Authentium 5.1.2.4 2009.05.29 -
Avast 4.8.1335.0 2009.05.29 -
AVG 8.5.0.339 2009.05.30 -
BitDefender 7.2 2009.05.30 -
CAT-QuickHeal 10.00 2009.05.29 -
ClamAV 0.94.1 2009.05.30 -
Comodo 1199 2009.05.30 -
DrWeb 5.0.0.12182 2009.05.29 -
eSafe 7.0.17.0 2009.05.27 -
eTrust-Vet 31.6.6530 2009.05.30 -
F-Prot 4.4.4.56 2009.05.29 -
F-Secure 8.0.14470.0 2009.05.30 -
Fortinet 3.117.0.0 2009.05.30 -
GData 19 2009.05.30 -
Ikarus T3.1.1.57.0 2009.05.30 -
K7AntiVirus 7.10.749 2009.05.29 -
Kaspersky 7.0.0.125 2009.05.30 -
McAfee 5630 2009.05.29 -
McAfee+Artemis 5630 2009.05.29 -
McAfee-GW-Edition 6.7.6 2009.05.29 Trojan.Agent.IQK
Microsoft 1.4701 2009.05.30 -
NOD32 4116 2009.05.29 -
Norman 2009.05.29 -
nProtect 2009.1.8.0 2009.05.30 -
Panda 10.0.0.14 2009.05.30 -
PCTools 4.4.2.0 2009.05.29 -
Prevx 3.0 2009.05.30 -
Rising 21.31.21.00 2009.05.27 -
Sophos 4.42.0 2009.05.30 -
Sunbelt 3.2.1858.2 2009.05.30 -
Symantec 1.4.4.12 2009.05.30 -
TheHacker 6.3.4.3.334 2009.05.29 -
TrendMicro 8.950.0.1092 2009.05.29 -
VBA32 3.12.10.6 2009.05.27 -
ViRobot 2009.5.29.1761 2009.05.29 -
VirusBuster 4.6.5.0 2009.05.29 -
Rozšiřující informace
File size: 102680 bytes
MD5 : 6510d4182f8e4bd585bd1b6dddd8c261
SHA1 : f1a1ca11b85ba6589f4df179914cb5a75b4eff9a
SHA256: 86b87187cd44ab00e0c912a8fe1444bc89a44bd75ca2f7a00149a0f9f0364222
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5214
timedatestamp.....: 0x4A0A60C4 (Wed May 13 07:55:16 2009)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xCDF5 0xD000 6.58 7d614d975dfa191ccfe22f06bc7bfcef
.rdata 0xE000 0x3744 0x4000 4.93 ee8e1adb0505daa0ba73d653f8e015dd
.data 0x12000 0x3EE4 0x3000 1.08 7a7277735168b13bb10fbfae3fd81346
.rsrc 0x16000 0x290 0x1000 3.50 64c2f840a1793f74f6ad19e6f2741447
.reloc 0x17000 0x1A42 0x2000 3.71 681e98c42252f341bb15c8ab4d2db651

( 4 imports )

> advapi32.dll: OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges
> comdlg32.dll: GetFileTitleA
> kernel32.dll: CreateProcessW, CreateProcessA, GetModuleFileNameA, GetProcAddress, SetLastError, lstrcmpA, GetProfileStringA, WriteProfileStringA, WriteFile, CreateFileA, FormatMessageA, VirtualFreeEx, WaitForSingleObject, CreateRemoteThread, WriteProcessMemory, CloseHandle, WideCharToMultiByte, OpenProcess, GetCurrentProcess, GetCurrentProcessId, Sleep, FlushFileBuffers, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, LCMapStringW, LCMapStringA, GetStringTypeW, VirtualQuery, VirtualProtect, GetLastError, FreeLibrary, GetModuleHandleA, LoadLibraryA, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, VirtualAllocEx, InitializeCriticalSection, HeapAlloc, HeapFree, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RaiseException, RtlUnwind, GetCurrentThreadId, GetCommandLineA, GetVersionExA, GetProcessHeap, VirtualFree, VirtualAlloc, HeapReAlloc, HeapDestroy, HeapCreate, ExitProcess, GetStdHandle, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, InterlockedDecrement, HeapSize, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, SetFilePointer, GetConsoleCP, GetConsoleMode, MultiByteToWideChar, GetLocaleInfoA, GetStringTypeA
> user32.dll: wsprintfA, IsWindow, PostMessageA, RegisterClassExA, DefWindowProcA, PostQuitMessage, SendMessageA, CreateWindowExA

( 1 exports )

> HookAllProcess, HookOneProcess, HookOneProcess2, UnhookAllProcess, UnhookOneProcess, UnhookOneProcess2
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 1536:A5FGTbeds8fibbXKNtg7lRrPpBZQ/GD9htxTblN2BbH:A5FGTbks8IQuRhtxThwFH
PEiD : -
RDS : NSRL Reference Data Set
-

[TTT_111]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.05.28 -
AhnLab-V3 5.0.0.2 2009.05.28 -
AntiVir 7.9.0.180 2009.05.28 -
Antiy-AVL 2.0.3.1 2009.05.27 -
Authentium 5.1.2.4 2009.05.28 -
Avast 4.8.1335.0 2009.05.27 -
AVG 8.5.0.339 2009.05.28 -
BitDefender 7.2 2009.05.28 -
CAT-QuickHeal 10.00 2009.05.28 -
ClamAV 0.94.1 2009.05.28 -
Comodo 1203 2009.05.28 -
DrWeb 5.0.0.12182 2009.05.28 -
eSafe 7.0.17.0 2009.05.27 -
eTrust-Vet 31.6.6526 2009.05.28 -
F-Prot 4.4.4.56 2009.05.28 -
F-Secure 8.0.14470.0 2009.05.28 -
Fortinet 3.117.0.0 2009.05.28 -
GData 19 2009.05.28 -
Ikarus T3.1.1.57.0 2009.05.28 -
K7AntiVirus 7.10.748 2009.05.28 -
McAfee 5629 2009.05.28 -
McAfee+Artemis 5629 2009.05.28 -
McAfee-GW-Edition 6.7.6 2009.05.28 -
Microsoft 1.4701 2009.05.28 -
NOD32 4113 2009.05.28 -
Norman 2009.05.28 -
nProtect 2009.1.8.0 2009.05.28 -
Panda 10.0.0.14 2009.05.28 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.28 -
Rising 21.31.21.00 2009.05.27 -
Sophos 4.42.0 2009.05.28 -
Sunbelt 3.2.1858.2 2009.05.28 -
Symantec 1.4.4.12 2009.05.28 -
TheHacker 6.3.4.3.333 2009.05.28 -
TrendMicro 8.950.0.1092 2009.05.28 -
VBA32 3.12.10.6 2009.05.27 -
ViRobot 2009.5.28.1759 2009.05.28 -
VirusBuster 4.6.5.0 2009.05.28 -
Rozšiřující informace
File size: 151832 bytes
MD5 : 2f9c03d801eb00195311655e6055073b
SHA1 : 3b41edf59547e904e22ee601cc70d3b13eb17945
SHA256: 657901156ceabe433c0c3a19cefe69008ec3ad8156b0d4aca4f88b4a60c9181f
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xC954
timedatestamp.....: 0x4A0A60B7 (Wed May 13 07:55:03 2009)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x14CFC 0x15000 6.54 fe844a401c8ae7f77040d53aaa9f8f13
.rdata 0x16000 0x68EA 0x7000 4.87 6bd753772ed3553351d7fa865f534ced
.data 0x1D000 0x3AA0 0x2000 3.71 7c6d99cbc707b0b6319a96f2ecb9fd75
.rsrc 0x21000 0x10DC 0x2000 4.66 c6b50125f2c0d39a897dda7b1336d35c
.reloc 0x23000 0x2A78 0x3000 4.70 b60209738c65bd2887422e94580ad384

( 7 imports )

> advapi32.dll: RegEnumKeyExW, RegQueryInfoKeyW, RegSetValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW
> gdi32.dll: LPtoDP, SetMapMode, SetViewportOrgEx, DeleteDC, CreateDCW, SaveDC, SetWindowOrgEx, SetWindowExtEx, RestoreDC, CloseMetaFile, DeleteMetaFile, CreateRectRgnIndirect, GetDeviceCaps, CreateMetaFileW
> gdiplus.dll: GdipAlloc, GdiplusStartup, GdiplusShutdown, GdipDeleteGraphics, GdipLoadImageFromFile, GdipLoadImageFromFileICM, GdipDisposeImage, GdipGetImageWidth, GdipGetImageHeight, GdipImageGetFrameDimensionsCount, GdipImageGetFrameDimensionsList, GdipImageGetFrameCount, GdipImageSelectActiveFrame, GdipGetPropertyItemSize, GdipGetPropertyItem, GdipCreateFromHDC, GdipDrawImageRectI, GdipCloneImage, GdipFree
> kernel32.dll: FlushInstructionCache, GetCurrentProcess, GetCurrentThreadId, SetLastError, CreateEventW, SetEvent, CloseHandle, WaitForSingleObject, FlushFileBuffers, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GlobalAlloc, LCMapStringW, LCMapStringA, GetStringTypeW, GetStringTypeA, GetConsoleMode, GetConsoleCP, SetFilePointer, IsValidCodePage, GetOEMCP, GetCPInfo, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GlobalLock, GlobalUnlock, MulDiv, GetThreadLocale, SetThreadLocale, GetModuleHandleW, LoadLibraryExW, FindResourceW, lstrlenW, LoadResource, SizeofResource, MultiByteToWideChar, FreeLibrary, InterlockedDecrement, InterlockedIncrement, GetModuleFileNameW, lstrcmpiW, GetLastError, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, SetStdHandle, GetEnvironmentStringsW, WideCharToMultiByte, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, Sleep, HeapSize, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetProcAddress, HeapAlloc, GetProcessHeap, HeapFree, InterlockedCompareExchange, GetVersionExA, GetLocaleInfoA, GetACP, InterlockedExchange, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, RtlUnwind, HeapReAlloc, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetModuleFileNameA, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleA, HeapCreate, HeapDestroy, GetCommandLineA, LoadLibraryA
> ole32.dll: CoTaskMemAlloc, CoTaskMemFree, StringFromGUID2, CoCreateInstance, OleLoadFromStream, CreateOleAdviseHolder, OleRegEnumVerbs, OleRegGetUserType, OleRegGetMiscStatus, CreateDataAdviseHolder, WriteClassStm, OleSaveToStream, CoTaskMemRealloc
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -
> user32.dll: UnregisterClassA, EndPaint, GetClientRect, BeginPaint, CallWindowProcW, PtInRect, UnionRect, SetFocus, IsChild, GetFocus, IsWindow, InvalidateRect, GetKeyState, RegisterClassExW, CreateWindowExW, EqualRect, OffsetRect, SetWindowRgn, CharNextW, ReleaseDC, GetDC, DefWindowProcW, DestroyWindow, SetWindowLongW, GetWindowLongW, ShowWindow, GetClassInfoExW, LoadCursorW, SetWindowPos, IntersectRect

( 1 exports )

> DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
ssdeep: 3072:f1MXiN/1Nw9Sh3ZQR2tBrpAntaIWAj6r0v:NMXix1NaInrqAIWAj6Qv
PEiD : -
RDS : NSRL Reference Data Set

[TTT_111]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.05.26 -
AhnLab-V3 5.0.0.2 2009.05.26 -
AntiVir 7.9.0.168 2009.05.26 -
Antiy-AVL 2.0.3.1 2009.05.26 -
Authentium 5.1.2.4 2009.05.26 -
Avast 4.8.1335.0 2009.05.25 -
AVG 8.5.0.339 2009.05.26 -
BitDefender 7.2 2009.05.26 -
CAT-QuickHeal 10.00 2009.05.26 -
ClamAV 0.94.1 2009.05.26 -
Comodo 1199 2009.05.26 -
DrWeb 5.0.0.12182 2009.05.26 -
eSafe 7.0.17.0 2009.05.26 -
eTrust-Vet 31.6.6522 2009.05.26 -
F-Prot 4.4.4.56 2009.05.26 -
F-Secure 8.0.14470.0 2009.05.26 -
Fortinet 3.117.0.0 2009.05.26 -
GData 19 2009.05.26 -
Ikarus T3.1.1.57.0 2009.05.26 -
K7AntiVirus 7.10.745 2009.05.26 -
Kaspersky 7.0.0.125 2009.05.26 -
McAfee 5627 2009.05.26 -
McAfee+Artemis 5627 2009.05.26 -
McAfee-GW-Edition 6.7.6 2009.05.26 -
Microsoft 1.4701 2009.05.26 -
NOD32 4106 2009.05.26 -
Norman 2009.05.26 -
nProtect 2009.1.8.0 2009.05.26 -
Panda 10.0.0.14 2009.05.26 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.26 -
Rising 21.31.14.00 2009.05.26 -
Sophos 4.42.0 2009.05.26 -
Sunbelt 3.2.1858.2 2009.05.25 -
Symantec 1.4.4.12 2009.05.26 -
TheHacker 6.3.4.3.332 2009.05.26 -
TrendMicro 8.950.0.1092 2009.05.26 -
VBA32 3.12.10.6 2009.05.26 -
ViRobot 2009.5.26.1753 2009.05.26 -
VirusBuster 4.6.5.0 2009.05.26 -
Rozšiřující informace
File size: 250136 bytes
MD5 : d52a1e5d1478ae8bf9dc02c36e520be1
SHA1 : e3f403e559b63badf6db259b73e9eb5365d5dd40
SHA256: d5dccce8aae0b092010ff9d2096691be12cf45904fa478bfeefd5a75773d40bf
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x15E39
timedatestamp.....: 0x4A0A6196 (Wed May 13 07:58:46 2009)
machinetype.......: 0x14C (Intel I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x23E64 0x24000 6.65 32256d20b1a2ab06704cf4ef5ce2f8f4
.rdata 0x25000 0xA608 0xB000 4.65 86e08b89c90af30954a712f039a916a2
.data 0x30000 0x6260 0x3000 4.25 ae9aaae220fadeba25b5d43a522a9504
SHAREDHW 0x37000 0x410 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x38000 0x13A8 0x2000 4.80 2a2ae1dbf2293ac74a12659a8bbdd457
.reloc 0x3A000 0x575E 0x6000 3.85 307db18d2aedd33da312b1da5d08c847

( 8 imports )

> advapi32.dll: RegEnumKeyExW, RegQueryInfoKeyW, RegSetValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, RegQueryValueExW
> gdi32.dll: GetStockObject, CreateSolidBrush, GetDeviceCaps, CreateCompatibleBitmap, CopyEnhMetaFileW, DeleteObject, DeleteEnhMetaFile, CreateCompatibleDC, GetObjectW, SelectObject, CreateBitmap, BitBlt, DeleteDC
> kernel32.dll: LoadResource, SizeofResource, MultiByteToWideChar, FreeLibrary, InterlockedIncrement, FindResourceW, LoadLibraryExW, GetModuleFileNameW, GetModuleHandleW, SetThreadLocale, GetThreadLocale, lstrlenA, DebugBreak, OutputDebugStringW, CreateMutexW, ReleaseMutex, WideCharToMultiByte, WaitForSingleObject, SetEvent, TerminateThread, CreateFileA, SetStdHandle, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GetStringTypeW, GetStringTypeA, LCMapStringW, GlobalUnlock, GlobalLock, GlobalAlloc, FlushInstructionCache, GetCurrentProcess, LoadLibraryW, GetProcAddress, CreateThread, Sleep, SetLastError, GetCurrentThreadId, MulDiv, CreateEventW, InterlockedDecrement, lstrcmpiW, GetLastError, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, lstrcmpW, LCMapStringA, FlushFileBuffers, SetFilePointer, GetConsoleMode, GetConsoleCP, GetSystemTimeAsFileTime, GetCurrentProcessId, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, IsValidCodePage, GetOEMCP, GetCPInfo, HeapSize, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleFileNameA, GetStdHandle, WriteFile, ExitProcess, HeapCreate, HeapDestroy, GetCommandLineA, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, HeapReAlloc, RtlUnwind, GetVersion, CreateProcessW, lstrlenW, InterlockedExchange, GetACP, GetLocaleInfoA, GetVersionExA, InterlockedCompareExchange, HeapFree, GetProcessHeap, HeapAlloc, LoadLibraryA, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, GetTickCount, CloseHandle, GetFileAttributesW, GetModuleHandleA, OutputDebugStringA
> ole32.dll: CreateStreamOnHGlobal, OleInitialize, CLSIDFromString, CLSIDFromProgID, CoGetClassObject, OleLockRunning, OleRun, CoCreateInstance, StringFromGUID2, CoTaskMemFree, CoTaskMemRealloc, CoTaskMemAlloc, OleUninitialize, ProgIDFromCLSID, CoInitialize, CoUninitialize
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> productinfo.dll: _Get_PRODUCT_NAME@CProductInfo@@SA_AVCString@WTL@@XZ, _Create@CProductInfo@@SA_NHPAH@Z, _Get_PRODUCT_BAND@CProductInfo@@SA_AVCString@WTL@@XZ, _Get_COMPANY_NAME@CProductInfo@@SA_AVCString@WTL@@XZ
> urlmon.dll: URLDownloadToCacheFileW
> user32.dll: wvsprintfW, DestroyWindow, LoadStringW, SetWindowLongW, GetWindowLongW, CharNextW, IsWindow, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, RegisterClipboardFormatW, DefWindowProcW, GetSysColor, SendMessageW, GetCursorPos, FindWindowW, FindWindowExW, PostMessageW, keybd_event, RegisterWindowMessageW, GetWindowTextLengthW, GetWindowTextW, SetWindowTextW, CreateAcceleratorTableW, CreateWindowExW, RegisterClassExW, LoadCursorW, GetClassInfoExW, GetFocus, GetWindow, SetFocus, DestroyAcceleratorTable, GetDesktopWindow, BeginPaint, EndPaint, SetLayeredWindowAttributes, ReleaseCapture, GetClassNameW, GetDlgItem, GetParent, IsChild, SetCapture, UnregisterClassA, SetForegroundWindow, GetWindowRect, GetSystemMetrics, MessageBoxW, SendMessageTimeoutW, IsWindowVisible, SetTimer, KillTimer, MapWindowPoints, SystemParametersInfoW, EndDialog, DialogBoxParamW, GetActiveWindow, RedrawWindow, InvalidateRgn, InvalidateRect, ReleaseDC, GetDC, ScreenToClient, ClientToScreen, GetClientRect, MoveWindow, ShowWindow, SetWindowPos, CallWindowProcW, FillRect

( 1 exports )

> DLLGetTellFTypeAdMsg, DLLSetTellFTypeAdMsg, DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
TrID : File type identification
Windows OCX File (68.1%)
Win32 Executable MS Visual C++ (generic) (20.7%)
Win32 Executable Generic (4.7%)
Win32 Dynamic Link Library (generic) (4.1%)
Generic Win/DOS Executable (1.1%)
ssdeep: 3072:Ah3sAIl+SrOFmu3wd8oIWQF5vtdnXdJKRHeXojjeykhtwAVI:qIs3CK9LXKiR8Aq
PEiD : -
RDS : NSRL Reference Data Set
-

[TTT_111]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:53, on 16.7.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\stbapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\stbappHelper.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SndVol.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\McAfee\MSC\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: CashBackAssistant - {00F5B5BA-E3C2-4b70-BF51-42A557914FAD} - C:\Program Files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.0.0.610\HPIEAddOn.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.1.0.3900\NPIEAddOn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\stbapp.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ano
O17 - HKLM\Software\..\Telephony: DomainName = ano
O17 - HKLM\System\CCS\Services\Tcpip\..\{6274A93D-AFAC-4744-B54D-A49AB25312A4}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ano
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ano
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0297931247771837) (0297931247771837mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\029793~1.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12910 bytes

[jaro3]

Z toho nepoznám , který je to testovaný soubor, vlož jen odkaz( stránku) s výsledky všech antivirů. Vždy počkej až skončí sken všech antivirů a pak zkopíruj odkaz stránky, a vlož sem.

[TTT_111]

http://www.virustotal.com/cs/analisis/7 ... 1242412090
http://www.virustotal.com/cs/analisis/2 ... 1242639806
http://www.virustotal.com/cs/analisis/2 ... 1243182754
http://www.virustotal.com/cs/analisis/8 ... 1249405560
http://www.virustotal.com/cs/analisis/8 ... 1243682929
http://www.virustotal.com/cs/analisis/6 ... 1243544376
http://www.virustotal.com/cs/analisis/d ... 1243359717

[jaro3]

některé názvy jsou jiné , potřeboval bych napsat:

c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
odkaz na VT
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\CFCSetup.exe
odkaz na VT
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
odkaz na VT
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\Setup.exe
odkaz na VT
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\3FA86A06\3E688669\HookAPINT.dll
odkaz na VT
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\C90EEF64\3E688669\AxGifAnimator.dll
odkaz na VT
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\A53562F1\3E688669\AIMActiveXDLL.dll
odkaz na VT

[TTT_111]

MAM to serazene presne podle tebe zhora dolu

[Damned]

Než přijde jaro3.

Nemáš to tak. První odkaz je na soubor: DPTJWRLLST-27.pms.exe.SVD Kontrolovaný dne: 2009.05.15 18:28:10 (UTC).

Musíš zkontrolovat, zda skutečně VT načítá ten správný soubor, tedy:
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
Tedy v hlavičce bude: Soubor--HJSetup.exe...........Přijatý dne: (pokud dnes tak př. 2009.08.08 14:50:59 (UTC))

Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.
Tak to proveď i s ostatními.

[TTT_111]

c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe ----
http://www.virustotal.com/cs/analisis/7 ... 1249771536

c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\CFCSetup.exe
http://www.virustotal.com/cs/analisis/2 ... 1249771911

c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
http://www.virustotal.com/cs/analisis/2 ... 1249772450

c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\Setup.exe
http://www.virustotal.com/cs/analisis/8 ... 1249772686

c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\3FA86A06\3E688669\HookAPINT.dll
http://www.virustotal.com/cs/analisis/8 ... 1249772733

c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\C90EEF64\3E688669\AxGifAnimator.dll
http://www.virustotal.com/cs/analisis/6 ... 1249772863

c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\A53562F1\3E688669\AIMActiveXDLL.dll
http://www.virustotal.com/cs/analisis/d ... 1249772956

[jaro3]

Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\CFCSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\Setup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\3FA86A06\3E688669\HookAPINT.dll
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\C90EEF64\3E688669\AxGifAnimator.dll
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\A53562F1\3E688669\AIMActiveXDLL.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Omlouvám se ,nyní jsem na tom špatně časově, když tak bude pokračovat Damned.

Znovu použij MbAM a proveď sken , zatím nic nemaž....