Prosim o kontrolu.

[pome]

Toto je Log jedneho PC s ktorym si neviem dat rady. Tema -->

Kód: Vybrat vše

http://pc-help.cz/viewtopic.php?f=7&t=44412&start=0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:02, on 8.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Atheros\ACU.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2292 bytes

[Reklama]

[Damned]

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[pome]

Dakujem za odpoved !
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE som fixol.


Tu je log z toho Malware testu....


Malwarebytes' Anti-Malware 1.40
Verzia databázy: 2758
Windows 5.1.2600 Service Pack 2

8.9.2009 11:21:28
mbam-log-2009-09-08 (11-21-28).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 83228
Uplynutý cas: 8 minute(s), 2 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)



Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

[Damned]

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[pome]

vopred ti chcem podakovat za pomoc !

a tu je ten log -->

ComboFix 09-09-08.01 - Administrator 08.09.2009 20:44.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.767.286 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msconfig.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.

2009-09-08 18:38 . 2009-09-08 18:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-08 18:38 . 2009-09-08 18:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-09-08 18:38 . 2009-09-08 18:38 -------- d-----w- c:\program files\Mv2Player
2009-09-08 18:38 . 2009-09-08 18:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-09-08 18:37 . 2009-09-08 18:37 -------- d-----w- c:\program files\Common Files\Skype
2009-09-08 18:37 . 2009-09-08 18:37 -------- d-----r- c:\program files\Skype
2009-09-08 18:37 . 2009-09-08 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-08 18:29 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-09-08 18:29 . 2004-08-04 05:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-09-08 18:28 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-09-08 18:09 . 2009-09-08 18:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-08 18:09 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 18:09 . 2009-09-08 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-08 18:09 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 18:09 . 2009-09-08 18:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 18:05 . 2009-09-08 18:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESET
2009-09-08 18:01 . 2009-09-08 18:01 -------- d-----w- c:\program files\ESET
2009-09-08 18:01 . 2009-09-08 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-08 17:45 . 2009-09-08 17:45 -------- d-----w- c:\program files\Trend Micro
2009-09-08 09:42 . 2009-09-08 09:42 -------- d-----w- c:\program files\HD Tune
2009-09-08 09:37 . 2009-09-08 09:37 -------- d-----w- c:\windows\Logs
2009-09-06 19:07 . 2009-09-06 19:07 -------- d-----w- c:\windows\system32\wbem\snmp
2009-09-06 19:07 . 2009-09-06 19:07 -------- d-----w- c:\windows\system32\xircom
2009-09-06 19:07 . 2009-09-06 19:07 -------- d-----w- c:\program files\microsoft frontpage
2009-09-06 19:01 . 2009-09-06 19:01 -------- d-----w- c:\windows\ServicePackFiles
2009-09-06 19:01 . 2004-11-18 17:42 22752 ----a-w- c:\windows\system32\spupdsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 18:43 . 2009-09-06 18:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-09-06 10:26 . 2009-09-06 10:26 -------- d-----w- c:\program files\Realtek
2009-09-06 10:24 . 2009-09-06 10:24 -------- d-----w- c:\program files\Synaptics
2009-09-06 10:18 . 2009-09-06 10:18 -------- d-----w- c:\program files\DIFX
2009-09-06 10:16 . 2009-09-06 19:08 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-06 10:10 . 2009-09-06 10:10 -------- d-----w- c:\program files\Launch Manager
2009-06-24 13:39 . 2009-06-24 13:39 1003520 ----a-w- c:\windows\system32\VSFilter.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-01-31 253952]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-25 630784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-21 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-21 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-26 786521]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-22 16261632]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [15.5.2009 0:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [15.5.2009 0:47 731840]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [6.9.2009 13:28 54400]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 20:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-08 20:48
ComboFix-quarantined-files.txt 2009-09-08 18:48

Pre-Run: 17 420 988 416 bytes free
Post-Run: 8 adresárov, 17 466 048 512 voľných bajtov

93

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\ezsidmv.dat

DirLook::
c:\documents and settings\Administrator\Application Data\U3




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[pome]

Log z ComboFixu -->
ComboFix 09-09-08.01 - Administrator 08.09.2009 21:15.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.767.397 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.

2009-09-08 18:38 . 2009-09-08 18:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-09-08 18:38 . 2009-09-08 18:38 -------- d-----w- c:\program files\Mv2Player
2009-09-08 18:38 . 2009-09-08 19:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-09-08 18:37 . 2009-09-08 18:37 -------- d-----w- c:\program files\Common Files\Skype
2009-09-08 18:37 . 2009-09-08 18:37 -------- d-----r- c:\program files\Skype
2009-09-08 18:37 . 2009-09-08 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-08 18:29 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-09-08 18:29 . 2004-08-04 05:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-09-08 18:28 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-09-08 18:09 . 2009-09-08 18:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-08 18:09 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 18:09 . 2009-09-08 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-08 18:09 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 18:09 . 2009-09-08 18:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 18:05 . 2009-09-08 18:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESET
2009-09-08 18:01 . 2009-09-08 18:01 -------- d-----w- c:\program files\ESET
2009-09-08 18:01 . 2009-09-08 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-08 17:45 . 2009-09-08 17:45 -------- d-----w- c:\program files\Trend Micro
2009-09-08 09:42 . 2009-09-08 09:42 -------- d-----w- c:\program files\HD Tune
2009-09-08 09:37 . 2009-09-08 09:37 -------- d-----w- c:\windows\Logs
2009-09-06 19:07 . 2009-09-06 19:07 -------- d-----w- c:\windows\system32\wbem\snmp
2009-09-06 19:07 . 2009-09-06 19:07 -------- d-----w- c:\windows\system32\xircom
2009-09-06 19:07 . 2009-09-06 19:07 -------- d-----w- c:\program files\microsoft frontpage
2009-09-06 19:01 . 2009-09-06 19:01 -------- d-----w- c:\windows\ServicePackFiles
2009-09-06 19:01 . 2004-11-18 17:42 22752 ----a-w- c:\windows\system32\spupdsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 18:43 . 2009-09-06 18:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-09-06 10:26 . 2009-09-06 10:26 -------- d-----w- c:\program files\Realtek
2009-09-06 10:24 . 2009-09-06 10:24 -------- d-----w- c:\program files\Synaptics
2009-09-06 10:18 . 2009-09-06 10:18 -------- d-----w- c:\program files\DIFX
2009-09-06 10:16 . 2009-09-06 19:08 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-06 10:10 . 2009-09-06 10:10 -------- d-----w- c:\program files\Launch Manager
2009-06-24 13:39 . 2009-06-24 13:39 1003520 ----a-w- c:\windows\system32\VSFilter.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Administrator\Application Data\U3 ----

2009-09-08 18:43 . 2009-09-08 18:44 5149 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\lplog.txt
2009-09-06 19:06 . 2006-04-06 02:38 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2006-05-11 13:41 . 2006-05-11 13:41 4231168 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\LaunchPad.exe
2006-05-10 13:38 . 2006-05-10 13:38 20326 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\SSS-BackGround.gif
2006-04-11 09:56 . 2006-04-11 09:56 2461696 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\Launchpad Removal.exe
2006-04-11 09:56 . 2006-04-11 09:56 491520 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\SanDiskFormatExtension.dll
2006-04-11 09:56 . 2006-04-11 09:56 1901 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\SanDiskFormatExtension.dll.sig
2006-04-11 09:56 . 2006-04-11 09:56 1720320 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\SanDiskSecurityExtension.dll
2006-04-11 09:56 . 2006-04-11 09:56 1901 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\SanDiskSecurityExtension.dll.sig
2006-04-11 09:56 . 2006-04-11 09:56 286720 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\SplashScreenExtension.dll
2006-04-11 09:56 . 2006-04-11 09:56 1901 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\SplashScreenExtension.dll.sig
2006-04-11 09:56 . 2006-04-11 09:56 872 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\sss-close.gif
2006-04-11 09:56 . 2006-04-11 09:56 858 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\sss-min.gif
2006-04-10 14:27 . 2006-04-10 14:27 510976 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\U3LauncherSetup.msi
2006-04-09 15:37 . 2006-04-09 15:37 12 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\version.dat
2006-04-05 17:38 . 2006-04-05 17:38 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\cleanup.exe
2006-04-05 17:38 . 2006-04-05 17:38 58842 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\Loading.gif
2006-04-05 17:38 . 2006-04-05 17:38 328 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\Loading.htm
2006-04-05 17:38 . 2006-04-05 17:38 1003520 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\u3dapi10.dll
2006-04-05 17:36 . 2006-04-05 17:36 95986 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\LPHelp-ch.chm
2006-04-05 17:36 . 2006-04-05 17:36 102777 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\LPHelp-de.chm
2006-04-05 17:36 . 2006-04-05 17:36 92425 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\LPHelp-en.chm
2006-04-05 17:36 . 2006-04-05 17:36 101318 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\LPHelp-es.chm
2006-04-05 17:36 . 2006-04-05 17:36 103199 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\LPHelp-fr.chm
2006-04-05 17:36 . 2006-04-05 17:36 97741 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\LPHelp-it.chm
2006-04-05 17:36 . 2006-04-05 17:36 103078 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\LPHelp-jp.chm


((((((((((((((((((((((((((((( SnapShot@2009-09-08_18.48.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2009-09-08 18:37 58930 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2009-09-08 19:10 58930 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2009-09-08 19:10 392630 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2009-09-08 18:37 392630 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-01-31 253952]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-25 630784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-21 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-21 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-26 786521]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-22 16261632]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [15.5.2009 0:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [15.5.2009 0:47 731840]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [6.9.2009 13:28 54400]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 21:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-08 21:19
ComboFix-quarantined-files.txt 2009-09-08 19:19
ComboFix2.txt 2009-09-08 18:48

Pre-Run: 17 458 753 536 bytes free
Post-Run: 8 adresárov, 17 429 819 392 voľných bajtov

132
**********************************************************************************************

log z HJT --->

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:06, on 8.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3033 bytes


Pocitac sa chova tak isto ako na zaciatku. Cize po spusteni video suboru (filmu) zamrzne cely system :(

[pome]

HJT log po restarte PC --->
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:47, on 8.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Atheros\ACU.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3137 bytes

[Damned]

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
c:\documents and settings\Administrator\Application Data\U3\0000153D48612634\cleanup.exe

[pome]

Myslis ze ideme na to dobre? Ako pozeram ides po tom U3. U3 nebude nahodou toto?

Kód: Vybrat vše

http://www.u3.com/

.
Mohlo to zapricinit pichnuty USB kluc s tymto systemom do PC ked sa robili logy. Myslim ze v tom chyba nebude...
Mam to aj tak spravit?

[Damned]

Dávám to proto, že jsem na to četl několik stížností.

V čem spouštíš ty filmy a jaký kodeky tam máš, dělá to u všech filmů, jaká je přípona??

[pome]

tu je log z virustotalu obidvoch suborov --->
File cleanup.exe received on 2009.09.09 10:04:48 (UTC)
Current status: finished
Result: 0/41 (0%)
Compact
Print results Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.09.09 -
AhnLab-V3 5.0.0.2 2009.09.09 -
AntiVir 7.9.1.12 2009.09.09 -
Antiy-AVL 2.0.3.7 2009.09.09 -
Authentium 5.1.2.4 2009.09.08 -
Avast 4.8.1351.0 2009.09.08 -
AVG 8.5.0.409 2009.09.09 -
BitDefender 7.2 2009.09.09 -
CAT-QuickHeal 10.00 2009.09.09 -
ClamAV 0.94.1 2009.09.09 -
Comodo 2262 2009.09.09 -
DrWeb 5.0.0.12182 2009.09.09 -
eSafe 7.0.17.0 2009.09.08 -
eTrust-Vet 31.6.6727 2009.09.09 -
F-Prot 4.5.1.85 2009.09.08 -
F-Secure 8.0.14470.0 2009.09.09 -
Fortinet 3.120.0.0 2009.09.09 -
GData 19 2009.09.09 -
Ikarus T3.1.1.72.0 2009.09.09 -
Jiangmin 11.0.800 2009.09.09 -
K7AntiVirus 7.10.839 2009.09.08 -
Kaspersky 7.0.0.125 2009.09.09 -
McAfee 5735 2009.09.08 -
McAfee+Artemis 5735 2009.09.08 -
McAfee-GW-Edition 6.8.5 2009.09.09 -
Microsoft 1.5005 2009.09.09 -
NOD32 4409 2009.09.09 -
Norman 6.01.09 2009.09.08 -
nProtect 2009.1.8.0 2009.09.08 -
Panda 10.0.2.2 2009.09.08 -
PCTools 4.4.2.0 2009.09.07 -
Prevx 3.0 2009.09.09 -
Rising 21.46.22.00 2009.09.09 -
Sophos 4.45.0 2009.09.09 -
Sunbelt 3.2.1858.2 2009.09.09 -
Symantec 1.4.4.12 2009.09.09 -
TheHacker 6.3.4.3.399 2009.09.09 -
TrendMicro 8.950.0.1094 2009.09.09 -
VBA32 3.12.10.10 2009.09.08 -
ViRobot 2009.9.9.1925 2009.09.09 -
VirusBuster 4.6.5.0 2009.09.08 -
Additional information
File size: 110592 bytes
MD5...: 27e0346578ef9b5fb0b1fb00b1f6f1c8
SHA1..: 2ab34c1beb68e05bd22f2314fde75701dfa12f92
SHA256: 550623c5d247ab4f6739237860e9b232314b162f1956ab0f512a22d84b882767
ssdeep: 768:OMG2O8TJkuFjMLExvgWvb0mcoQ0e5+PDJNlBTO+FJkZZOyM+pMJlOOZU9QZU
9w:ONK3jM0gWztcQJNlc+zkZIB7lOOz3
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2ec9
timedatestamp.....: 0x42a40741 (Mon Jun 06 08:20:17 2005)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x938f 0xa000 6.33 fd6fe1dd4651c216412eeb90db373ae1
.rdata 0xb000 0x1902 0x2000 4.17 5449fba990c7714dc66c28ed5cd6878c
.data 0xd000 0x201c 0x1000 1.17 ce3b5cbbf117047bfe2a4fcce59b7ec4
.rsrc 0x10000 0xc148 0xd000 4.10 6af1fbd638294c59ac5dfa890b3d25de

( 2 imports )
> KERNEL32.dll: InterlockedExchange, GetACP, GetLocaleInfoA, RaiseException, InitializeCriticalSection, DeleteCriticalSection, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, DeleteFileW, SetFileAttributesW, RemoveDirectoryW, FindClose, FindNextFileW, FindFirstFileW, LocalFree, Sleep, GetCommandLineW, CloseHandle, GetOEMCP, ReadFile, FlushFileBuffers, GetStringTypeW, GetStringTypeA, SetStdHandle, SetFilePointer, GetCPInfo, IsBadCodePtr, IsBadReadPtr, LoadLibraryA, GetStartupInfoA, GetFileType, SetHandleCount, GetCommandLineA, GetVersionExA, EnterCriticalSection, LeaveCriticalSection, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, ExitProcess, RtlUnwind, GetModuleHandleA, GetStartupInfoW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleFileNameA, SetUnhandledExceptionFilter, VirtualQuery, VirtualProtect, VirtualAlloc, GetSystemInfo, MultiByteToWideChar, LCMapStringA, WideCharToMultiByte, GetLastError, LCMapStringW, HeapCreate, VirtualFree, IsBadWritePtr, GetProcAddress, TerminateProcess, GetCurrentProcess, WriteFile, GetStdHandle, UnhandledExceptionFilter, GetModuleFileNameW, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW
> SHELL32.dll: CommandLineToArgvW

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=27e0346578ef9b5fb0b1fb00b1f6f1c8' target='_blank'>http://www.threatexpert.com/report.aspx?md5=27e0346578ef9b5fb0b1fb00b1f6f1c8</a>


File cleanup.exe received on 2009.09.09 10:06:59 (UTC)
Current status: finished
Result: 0/41 (0%)
Compact
Print results Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.09.09 -
AhnLab-V3 5.0.0.2 2009.09.09 -
AntiVir 7.9.1.12 2009.09.09 -
Antiy-AVL 2.0.3.7 2009.09.09 -
Authentium 5.1.2.4 2009.09.08 -
Avast 4.8.1351.0 2009.09.08 -
AVG 8.5.0.409 2009.09.09 -
BitDefender 7.2 2009.09.09 -
CAT-QuickHeal 10.00 2009.09.09 -
ClamAV 0.94.1 2009.09.09 -
Comodo 2262 2009.09.09 -
DrWeb 5.0.0.12182 2009.09.09 -
eSafe 7.0.17.0 2009.09.08 -
eTrust-Vet 31.6.6727 2009.09.09 -
F-Prot 4.5.1.85 2009.09.08 -
F-Secure 8.0.14470.0 2009.09.09 -
Fortinet 3.120.0.0 2009.09.09 -
GData 19 2009.09.09 -
Ikarus T3.1.1.72.0 2009.09.09 -
Jiangmin 11.0.800 2009.09.09 -
K7AntiVirus 7.10.839 2009.09.08 -
Kaspersky 7.0.0.125 2009.09.09 -
McAfee 5735 2009.09.08 -
McAfee+Artemis 5735 2009.09.08 -
McAfee-GW-Edition 6.8.5 2009.09.09 -
Microsoft 1.5005 2009.09.09 -
NOD32 4409 2009.09.09 -
Norman 6.01.09 2009.09.08 -
nProtect 2009.1.8.0 2009.09.08 -
Panda 10.0.2.2 2009.09.08 -
PCTools 4.4.2.0 2009.09.07 -
Prevx 3.0 2009.09.09 -
Rising 21.46.22.00 2009.09.09 -
Sophos 4.45.0 2009.09.09 -
Sunbelt 3.2.1858.2 2009.09.09 -
Symantec 1.4.4.12 2009.09.09 -
TheHacker 6.3.4.3.399 2009.09.09 -
TrendMicro 8.950.0.1094 2009.09.09 -
VBA32 3.12.10.10 2009.09.08 -
ViRobot 2009.9.9.1925 2009.09.09 -
VirusBuster 4.6.5.0 2009.09.08 -
Additional information
File size: 110592 bytes
MD5...: 27e0346578ef9b5fb0b1fb00b1f6f1c8
SHA1..: 2ab34c1beb68e05bd22f2314fde75701dfa12f92
SHA256: 550623c5d247ab4f6739237860e9b232314b162f1956ab0f512a22d84b882767
ssdeep: 768:OMG2O8TJkuFjMLExvgWvb0mcoQ0e5+PDJNlBTO+FJkZZOyM+pMJlOOZU9QZU
9w:ONK3jM0gWztcQJNlc+zkZIB7lOOz3
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2ec9
timedatestamp.....: 0x42a40741 (Mon Jun 06 08:20:17 2005)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x938f 0xa000 6.33 fd6fe1dd4651c216412eeb90db373ae1
.rdata 0xb000 0x1902 0x2000 4.17 5449fba990c7714dc66c28ed5cd6878c
.data 0xd000 0x201c 0x1000 1.17 ce3b5cbbf117047bfe2a4fcce59b7ec4
.rsrc 0x10000 0xc148 0xd000 4.10 6af1fbd638294c59ac5dfa890b3d25de

( 2 imports )
> KERNEL32.dll: InterlockedExchange, GetACP, GetLocaleInfoA, RaiseException, InitializeCriticalSection, DeleteCriticalSection, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, DeleteFileW, SetFileAttributesW, RemoveDirectoryW, FindClose, FindNextFileW, FindFirstFileW, LocalFree, Sleep, GetCommandLineW, CloseHandle, GetOEMCP, ReadFile, FlushFileBuffers, GetStringTypeW, GetStringTypeA, SetStdHandle, SetFilePointer, GetCPInfo, IsBadCodePtr, IsBadReadPtr, LoadLibraryA, GetStartupInfoA, GetFileType, SetHandleCount, GetCommandLineA, GetVersionExA, EnterCriticalSection, LeaveCriticalSection, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, ExitProcess, RtlUnwind, GetModuleHandleA, GetStartupInfoW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleFileNameA, SetUnhandledExceptionFilter, VirtualQuery, VirtualProtect, VirtualAlloc, GetSystemInfo, MultiByteToWideChar, LCMapStringA, WideCharToMultiByte, GetLastError, LCMapStringW, HeapCreate, VirtualFree, IsBadWritePtr, GetProcAddress, TerminateProcess, GetCurrentProcess, WriteFile, GetStdHandle, UnhandledExceptionFilter, GetModuleFileNameW, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW
> SHELL32.dll: CommandLineToArgvW

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)



Kodeky som skusal instalovat rozne ale nepomohlo nic. Robi to pri vsetkych video suboroch ktorych chcem spustit. Skusal som aj rozne prehravace...