:\program files\INSTALL.LOG
c:\windows\system32\avrt.dll
c:\windows\system32\D3DX10d_39.dll
H:\autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-24 do 2009-03-24 )))))))))))))))))))))))))))))))
.
2009-03-21 19:32 . 2009-03-21 19:32 118 --a------ c:\windows\system32\MRT.INI
2009-03-19 19:38 . 2009-03-19 19:38 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-19 19:07 . 2008-10-16 02:03 1,499,648 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-03-19 19:07 . 2008-10-16 02:03 667,136 -----c--- c:\windows\system32\dllcache\wininet.dll
2009-03-19 19:07 . 2008-10-16 02:03 619,008 -----c--- c:\windows\system32\dllcache\urlmon.dll
2009-03-19 19:07 . 2008-06-14 18:35 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-19 19:06 . 2008-12-12 18:03 3,088,896 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-03-19 19:06 . 2008-08-14 14:26 2,191,360 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-19 19:06 . 2008-08-14 14:26 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-19 19:06 . 2008-08-14 14:26 2,068,224 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-19 19:06 . 2008-08-14 14:26 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-19 19:05 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-03-19 19:05 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-19 19:05 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-03-19 19:05 . 2008-05-01 15:37 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-03-19 19:05 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-03-19 19:04 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-03-19 19:04 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-03-19 19:03 . 2009-03-19 19:41 <DIR> d--h----- c:\windows\$hf_mig$
2009-03-15 21:34 . 2009-03-15 21:34 <DIR> d-------- c:\documents and settings\MARA\Data aplikací\Malwarebytes
2009-03-15 21:34 . 2009-03-15 21:34 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-15 21:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-15 21:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-15 21:28 . 2009-03-15 21:28 <DIR> d-------- c:\program files\Panda Security
2009-03-15 21:28 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-12 17:11 . 2002-05-20 17:03 64,731 --a------ c:\windows\system32\drivers\TIACXLN.SYS
2009-03-12 17:11 . 2002-04-09 15:26 30,052 --a------ c:\windows\system32\drivers\TIACXSN.BIN
2009-03-12 17:11 . 2002-03-04 13:56 7,597 --a------ c:\windows\system32\drivers\TIACXLN.CAT
2009-03-07 20:59 . 2009-03-07 20:59 <DIR> d-------- c:\documents and settings\MARA\fontconfig
2009-03-07 20:25 . 2009-03-07 20:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Trymedia
2009-03-06 21:56 . 2009-03-06 21:56 <DIR> d-------- c:\program files\Comodo
2009-03-06 21:56 . 2009-03-06 21:56 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Comodo
2009-03-06 21:56 . 2009-03-06 21:56 216,576 --a------ c:\windows\system32\monln.dll
2009-03-06 21:06 . 2009-03-06 21:06 <DIR> d-------- C:\New Folder
2009-03-06 21:06 . 2009-03-06 21:06 <DIR> d-------- c:\documents and settings\MARA\Data aplikací\SUPERAntiSpyware.com
2009-03-06 21:06 . 2009-03-06 21:06 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2009-03-06 20:58 . 2009-03-06 20:58 <DIR> d-------- C:\Computer
2009-03-06 19:22 . 2009-03-24 14:42 <DIR> d-------- c:\documents and settings\MARA\.smplayer
2009-03-06 18:29 . 2009-03-06 18:29 <DIR> d-------- c:\documents and settings\MARA\Data aplikací\PC Tools
2009-03-06 18:29 . 2008-08-25 11:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-03-06 18:29 . 2008-08-25 11:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-03-06 18:29 . 2008-08-25 11:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-03-06 18:29 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-03-06 18:01 . 2009-03-24 17:33 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-06 14:34 . 2009-03-06 14:34 <DIR> d-------- c:\program files\uTorrent
2009-03-06 14:34 . 2009-03-22 17:04 <DIR> d-------- c:\documents and settings\MARA\Data aplikací\uTorrent
2009-03-06 13:45 . 2007-01-18 13:00 3,968 --a------ c:\windows\system32\drivers\AvgArCln.sys
2009-03-05 22:32 . 2009-03-24 17:41 <DIR> d-------- c:\program files\Spyware Terminator
2009-03-05 22:32 . 2009-03-24 17:41 <DIR> d-------- c:\documents and settings\MARA\Data aplikací\Spyware Terminator
2009-03-05 22:32 . 2009-03-06 13:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2009-03-05 22:32 . 2009-03-05 22:32 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-03-05 21:54 . 2008-04-14 08:51 33,792 -----c--- c:\windows\system32\dllcache\custsat.dll
2009-03-05 21:53 . 2008-04-14 00:10 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2009-03-05 21:07 . 2009-03-05 22:02 <DIR> d-------- c:\program files\Analog Devices
2009-03-05 20:28 . 2008-04-14 00:10 96,512 --a------ c:\windows\system32\drivers\atapi.sys
2009-03-05 20:28 . 2008-04-14 00:10 24,960 --a------ c:\windows\system32\drivers\pciidex.sys
2009-03-05 20:28 . 2001-10-24 11:52 3,328 --a------ c:\windows\system32\drivers\pciide.sys
2009-03-05 20:28 . 2001-10-24 11:52 3,328 --a--c--- c:\windows\system32\dllcache\pciide.sys
2009-03-05 19:03 . 2008-04-14 08:46 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-03-05 19:02 . 2002-09-23 13:00 95,232 --a--c--- c:\windows\system32\dllcache\certmap.ocx
2009-03-05 19:02 . 2008-04-14 08:51 82,432 --a------ c:\windows\system32\cnbjmon2.dll
2009-03-05 19:02 . 2001-10-24 11:15 50,486 --a------ c:\windows\system32\CNBJHLP2.HLP
2009-03-05 19:02 . 2002-09-23 13:00 6,144 --a--c--- c:\windows\system32\dllcache\ftpsapi2.dll
2009-03-05 19:02 . 2001-10-24 11:15 1,216 --a------ c:\windows\system32\CNBJHLP2.CNT
2009-03-05 19:00 . 2008-04-14 08:51 956,928 --a------ c:\windows\system32\msdtctm.dll
2009-03-05 18:59 . 2008-04-14 08:51 2,061,824 --a------ c:\windows\system32\mstscax.dll
2009-03-05 18:33 . 2008-04-14 00:15 52,864 --a------ c:\windows\system32\drivers\dmusic.sys
2009-03-05 18:33 . 2008-04-14 00:15 6,272 --a------ c:\windows\system32\drivers\splitter.sys
2009-03-05 18:32 . 2008-04-14 07:44 58,496 --a------ c:\windows\system32\drivers\redbook.sys
2009-03-05 18:30 . 2009-03-05 19:06 <DIR> d-------- c:\windows\NV1116748.TMP
2009-03-05 18:28 . 2008-04-14 00:02 196,224 --a------ c:\windows\system32\drivers\rdpdr.sys
2009-03-05 18:28 . 2008-04-14 08:53 40,840 --a------ c:\windows\system32\drivers\termdd.sys
2009-03-01 17:31 . 2009-03-02 21:56 7,798 --a------ c:\windows\setupapi.old
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 20:11 --------- d-----w c:\program files\ESET
2009-03-12 16:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 20:56 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-06 20:56 434,252 ----a-w c:\windows\system32\MSVCRTD.DLL
2009-03-06 20:56 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-06 20:56 1,060,864 ----a-w c:\windows\system32\mfc71.dll
2009-03-06 18:15 --------- d-----w c:\program files\InterActual
2009-02-28 21:23 324 ----a-w C:\autorun.inf.vir
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-02 16:32 --------- d-----w c:\documents and settings\All Users\Data aplikací\ESET
2009-02-02 11:55 --------- d-----w c:\documents and settings\MARA\Data aplikací\ESET
2008-03-09 06:25 236 ---ha-w c:\program files\Common Files\dx.reg
2008-01-07 18:33 22,328 ----a-w c:\documents and settings\MARA\Data aplikací\PnkBstrK.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SkinClock"="c:\program files\Clock Tray Skins\ClockTraySkins.exe" [2005-07-29 806912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-25 8527872]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-10-18 1598720]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-03-05 2233856]
"ISTray"="e:\spyware doctor\pctsTray.exe" [2008-08-25 1168264]
"RivaTunerStartupDaemon"="e:\ovladace\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 2650112]
"nwiz"="nwiz.exe" [2007-10-25 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0OODBS\
0sprestrt
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2008-12-19 19:28 1434864 c:\ccleaner\ccleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanDiskAutoRun]
--a------ 2005-09-16 08:53 1595904 c:\yenicag\cleandiskse\cleandisk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 e:\daemon tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 05:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 05:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-25 17:17 81920 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
--a------ 2004-06-03 20:51 131072 c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
--a------ 2006-07-10 21:10 137216 c:\windows\system32\nvraidservice.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
--a------ 2007-10-30 19:05 2650112 e:\ovladace\RivaTuner v2.06\RivaTuner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2006-12-18 21:34 868352 c:\program files\Analog Devices\Core\smax4pnp.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\video\\win dvd\\WinDVD.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2008-09-21 119808]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2007-06-15 143256]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-15 28544]
R1 ntiowp;ntiowp;c:\windows\system32\drivers\ntiowp.sys [2005-01-03 9408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-03-05 142592]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-10-18 455936]
R2 lladrv;LLAdrv;c:\windows\system32\drivers\lladrv.sys [2004-08-22 32544]
R2 sdAuxService;PC Tools Auxiliary Service;e:\spyware doctor\pctsAuxs.exe [2009-03-06 356920]
R3 axvbusx;axvbusx;c:\windows\system32\drivers\axvbusx.sys [2002-12-27 8384]
R3 axvscsi;axvscsi;c:\windows\system32\drivers\axvscsi.sys [2002-12-27 98560]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-09-23 69120]
S1 SASKUTIL;SASKUTIL;\??\c:\new folder\aaaaa\SASKUTIL.sys --> c:\new folder\aaaaa\SASKUTIL.sys [?]
S2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [2007-05-23 20539]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\DRIVERS\nvtvsnd.sys --> c:\windows\system32\DRIVERS\nvtvsnd.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\MARA\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\MARA\LOCALS~1\Temp\ALSysIO.sys [?]
S3 CrystalCpuInfo;CrystalCpuInfo;\??\c:\docume~1\MARA\LOCALS~1\Temp\CpuInfo.sys --> c:\docume~1\MARA\LOCALS~1\Temp\CpuInfo.sys [?]
S3 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [2007-06-12 61440]
S3 RTCore32;RTCore32;\??\e:\cpu tun\RTCore32.sys --> e:\cpu tun\RTCore32.sys [?]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo;\??\c:\docume~1\MARA\LOCALS~1\Temp\TCCpuInfo.sys --> c:\docume~1\MARA\LOCALS~1\Temp\TCCpuInfo.sys [?]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e84a504e-cac3-11da-9a79-000ea6074615}]
\Shell\AutoRun\command - M:\setupSNK.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1532298954-839522115-1003.job
- c:\documents and settings\MARA\Local Settings\Data aplikac []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Notify-AtiExtEvent - (no file)
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-nod32kui - c:\nog\nod32kui.exe
MSConfigStartUp-NVIDIA nTune - e:\ovladace\nTune\nTuneCmd.exe
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://
www.microsoft.com
uInternet Settings,ProxyServer = proxy.karneval.cz:3128
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: {B8BA7090-6950-4066-8D15-60B50FCC20C1} = 81.27.192.33,81.27.192.97
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\MARA\Data aplikací\Mozilla\Firefox\Profiles\ewdr1vih.default\
FF - prefs.js: browser.search.defaulturl - hxxp://
www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://
www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 4
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-03-24 17:48:13
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
