Download | Programy

PC není v pohodě

Odeslat odpověď

Smajlíci
:) :( :D ;) :stop: :-o :? :cool: :lol: :x :P :oops: :cry: :evil: :roll: :prayer: :heart: :list: :smil: :pal: :brv: :eek: :ot: :lool: :rigth: :down: :ups: :ch: :lups: :bomb: :skul: :smt046 :lock:
BBCode je zapnutý
[img] je zapnutý
[url] je zapnuté
Smajlíci jsou zapnutí
Přehled tématu
   

Rozšířit náhled Přehled tématu: PC není v pohodě

Re: PC není v pohodě

od Ryan » pát zář 12, 2008 17:23

Tak mě přesvědči o opaku;-)

Re: PC není v pohodě

od maxx048 » pát zář 12, 2008 16:02

asi málo čítaš.

Re: PC není v pohodě

od Ryan » ned kvě 11, 2008 19:10

maxx048: tak takovýto s prominutím "blábol" jsem již dlouho nečetl...

Re: PC není v pohodě

od maxx048 » ned kvě 11, 2008 19:08

videl som, že používaš ICQ. Zamysli sa nad jeho dalšou prítomnosťou v tvojom PC. A jedna dobrá rada. Používam CCleaner aj 3x denne, samozrejme mimo mazania koša, tam je permanentne.A pri zatváraní PC predtým vyčistím CCleanerom systém, a to isté aj pri spustení. Niektoré trojany sa aktivujú až pri 3.reštarte.A je dobré raz za 3 mesiace použiť SFC/scannow.exe z príkazového riadku s použitím instalačného CD WIN.na overenie celistvosti systému. Ale ono sa na WIN nabaluje tolko balastu, ktoré odstránia len drahé programy, takže po 16 mesiacoch max. musíš aj tak preinštalovať OS.

Re: PC není v pohodě

od Ryan » pon kvě 05, 2008 20:06

rád jsem pomohl;-) ať se vede!

Re: PC není v pohodě

od Sedlo » pon kvě 05, 2008 17:33

Vypadá to že je to už v pohodě, takže ti patří moje velký DÍKY :ups: :ups:

Re: PC není v pohodě

od Ryan » ned kvě 04, 2008 19:14

šlo o rootkit, tak doufejme, že to bude opravdu OK

Re: PC není v pohodě

od Sedlo » ned kvě 04, 2008 18:54

No PC je v pohodě, přestalo to trhání při otevírání opery,... Řeknu tak zítra jestli se to celkově zlepšilo. Na to je těd ještě brzo.

Re: PC není v pohodě

od Ryan » ned kvě 04, 2008 18:39

provedl jsi to dobře. co teď PC?

Re: PC není v pohodě

od Sedlo » ned kvě 04, 2008 17:24

Combofix mám na ploše. jinak jsem udělal to co jsi psal. PC se restartnul a pak asi 10 minut něco chroustal ale žádná aplikace nebežela a žádnej log na mě nevybafl. Todle bylo vypsaný ve C:\Combofix\Combofix.txt

Kód: Vybrat vše

ComboFix 08-04-27.2 - Lukáš Sedláček 2008-05-04 18:01:12.5 - NTFSx86
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.1.1029.18.288 [GMT 2:00]
Running from: C:\Documents and Settings\Lukáš Sedláček\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lukáš Sedláček\Plocha\CFScript.txt.txt
 * Created a new restore point
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\sav80231.sys

.
(((((((((((((((((((((((((   Files Created from 2008-04-04 to 2008-05-04  )))))))))))))))))))))))))))))))
.

2008-05-04 18:02 . 2008-05-04 18:02	125	--a------	C:\Documents and Settings\Luk catchme.zip
2008-04-29 16:14 . 2008-04-29 16:14	<DIR>	d--------	C:\Documents and Settings\Administrator
2008-04-27 21:17 . 2008-04-27 21:17	<DIR>	d--------	C:\WINDOWS\system32\NtmsData
2008-04-27 20:50 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Common Files\PCSuite
2008-04-27 20:05 . 2008-04-27 20:05	<DIR>	d--------	C:\Program Files\MSXML 6.0
2008-04-27 19:53 . 2004-08-03 23:08	25,600	--a------	C:\WINDOWS\system32\drivers\usbser.sys
2008-04-27 19:53 . 2008-04-27 19:53	1,374	--a------	C:\WINDOWS\imsins.BAK
2008-04-27 19:53 . 2008-04-27 19:53	0	--ah-----	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-27 19:53 . 2008-04-27 19:53	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-27 19:52 . 2008-04-27 19:52	<DIR>	d--------	C:\Program Files\DIFX
2008-04-27 19:52 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Common Files\Nokia
2008-04-27 19:52 . 2007-09-17 15:53	21,632	--a------	C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-27 19:51 . 2008-04-27 20:48	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE
2008-04-27 19:51 . 2008-04-27 19:51	<DIR>	d--------	C:\Program Files\PC Connectivity Solution
2008-04-27 19:51 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Nokia
2008-04-27 19:51 . 2007-11-29 10:33	1,419,232	--a------	C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-27 19:51 . 2007-11-29 10:39	95,744	--a------	C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-27 19:51 . 2008-02-01 15:17	90,624	--a------	C:\WINDOWS\system32\nmwcdcls.dll
2008-04-27 19:51 . 2007-11-29 10:39	19,328	--a------	C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-27 19:51 . 2007-11-29 10:39	16,896	--a------	C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-27 19:51 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-27 19:51 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-23 21:45 . 2006-09-05 18:03	3,968	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-21 13:58 . 2008-04-21 13:58	<DIR>	d--------	C:\Program Files\QIP
2008-04-16 21:02 . 2008-04-16 21:02	<DIR>	d--------	C:\Program Files\Microsoft ActiveSync
2008-04-16 21:02 . 2005-10-21 03:47	30,592	---------	C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-16 21:02 . 2005-10-21 03:47	12,800	---------	C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-16 06:55 . 2008-04-16 06:55	<DIR>	d--hs----	C:\found.000
2008-04-13 21:33 . 2008-04-13 21:33	<DIR>	d--------	C:\Program Files\AnvSoft Mobile Video Converter
2008-04-13 21:07 . 2004-08-03 23:10	85,376	--a------	C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-04-13 21:07 . 2004-08-03 23:10	19,328	--a------	C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-04-13 21:07 . 2004-08-17 15:49	16,384	--a------	C:\WINDOWS\system32\ipsink.ax
2008-04-13 21:07 . 2004-08-03 23:10	15,360	--a------	C:\WINDOWS\system32\drivers\StreamIP.sys
2008-04-13 21:07 . 2004-08-03 23:10	11,136	--a------	C:\WINDOWS\system32\drivers\SLIP.sys
2008-04-13 21:07 . 2004-08-03 23:10	10,880	--a------	C:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-13 21:07 . 2004-08-03 22:58	5,504	--a------	C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-13 21:06 . 2004-08-17 15:49	91,136	--a------	C:\WINDOWS\system32\kswdmcap.ax
2008-04-13 21:06 . 2004-08-17 15:49	61,952	--a------	C:\WINDOWS\system32\kstvtune.ax
2008-04-13 21:06 . 2004-08-17 15:49	54,272	--a------	C:\WINDOWS\system32\vfwwdm32.dll
2008-04-13 21:06 . 2004-08-03 23:10	51,328	--a------	C:\WINDOWS\system32\drivers\msdv.sys
2008-04-13 21:06 . 2004-08-17 15:49	43,008	--a------	C:\WINDOWS\system32\ksxbar.ax
2008-04-13 21:06 . 2004-08-17 15:49	28,672	--a------	C:\WINDOWS\system32\vidcap.ax
2008-04-13 21:06 . 2004-08-03 23:10	17,024	--a------	C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-04-13 21:00 . 2004-08-03 23:10	38,912	--a------	C:\WINDOWS\system32\drivers\avc.sys
2008-04-13 20:59 . 2004-08-03 23:10	48,128	--a------	C:\WINDOWS\system32\drivers\61883.sys
2008-04-13 20:13 . 2008-04-13 20:13	<DIR>	d--------	C:\Drivers
2008-04-13 20:13 . 2001-11-05 09:23	299,923	--a------	C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-04-13 20:13 . 2002-10-15 22:41	102,220	--a------	C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-04-13 20:13 . 2001-07-03 20:33	53,248	--a------	C:\WINDOWS\system32\SONYHCY.DLL
2008-04-13 20:13 . 2001-11-05 09:23	38,739	--a------	C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-04-13 20:13 . 2001-11-05 09:23	6,097	--a------	C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-04-13 20:13 . 2001-07-03 20:39	3,654	--a------	C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-04-13 20:12 . 1998-06-18 00:00	89,360	--a------	C:\WINDOWS\system32\VB5DB.DLL
2008-04-13 20:12 . 2003-12-03 17:44	13,566	---------	C:\WINDOWS\system32\drivers\cdrbsvsd.sys
2008-04-13 18:32 . 2004-08-03 23:10	61,056	--a------	C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:32 . 2004-08-03 23:10	53,248	--a------	C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:32 . 2001-08-17 21:46	6,400	--a------	C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-10 20:53 . 2008-04-28 21:50	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-04-10 20:53 . 2008-04-10 20:53	1,409	--a------	C:\WINDOWS\QTFont.for
2008-04-09 21:32 . 2008-04-09 21:32	394	--a------	C:\WINDOWS\capture.ini
2008-04-09 15:49 . 2008-04-09 15:49	<DIR>	d--------	C:\Documents and Settings\Luk Sedlek
2008-04-09 15:35 . 2008-04-09 15:35	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared
2008-04-06 18:43 . 2008-04-06 18:43	<DIR>	d--------	C:\Temp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 15:42	---------	d-----w	C:\Program Files\ICQToolbar
2008-04-21 15:23	---------	d-----w	C:\Program Files\Spyware Terminator
2008-04-20 15:32	---------	d-----w	C:\Program Files\ICQLite
2008-04-13 19:47	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-04-09 13:36	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-03-20 11:49	---------	d-----w	C:\Program Files\Track Mania
2008-03-20 08:09	1,845,248	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-19 20:56	---------	d-----w	C:\Program Files\Java
2008-03-19 11:17	---------	d-----w	C:\Program Files\Apple Software Update
2008-03-18 10:49	---------	d-----w	C:\Program Files\Crawler
2008-03-13 18:32	---------	d-----w	C:\Program Files\K-Lite Codec Pack
2008-03-11 17:56	---------	d-----w	C:\Program Files\MagicISO
2008-03-11 15:53	---------	d-----w	C:\Program Files\Skype
2008-03-11 15:53	---------	d-----w	C:\Program Files\Common Files\Skype
2008-03-10 18:56	---------	d-----w	C:\Program Files\ATI Technologies
2008-03-10 18:24	86,016	----a-w	C:\WINDOWS\system32\OpenAL32.dll
2008-03-10 18:24	262,144	----a-w	C:\WINDOWS\system32\wrap_oal.dll
2008-03-09 20:26	---------	d-----w	C:\Program Files\QuickTime
2008-03-06 09:14	831,048	----a-w	C:\WINDOWS\system32\WudfUpdate_01005.dll
2008-03-04 16:34	2,138,496	----a-w	C:\WINDOWS\system32\ntoskrnl.exe
2008-03-04 16:34	2,015,744	----a-w	C:\WINDOWS\system32\ntkrnlpa.exe
2008-03-04 16:34	---------	d-----w	C:\Program Files\YzShadow
2008-03-04 16:34	---------	d-----w	C:\Program Files\WinRoll
2008-03-04 16:34	---------	d-----w	C:\Program Files\UberIcon
2008-03-04 16:34	---------	d-----w	C:\Program Files\Tiger System Preferences v2
2008-03-04 16:34	---------	d-----w	C:\Program Files\RK Launcher
2008-03-04 16:34	---------	d-----w	C:\Program Files\ObjectDock
2008-03-04 16:34	---------	d-----w	C:\Program Files\iColorFolder
2008-03-04 16:32	219,648	----a-w	C:\WINDOWS\system32\uxtheme.dll
2008-03-01 13:02	803,840	----a-w	C:\WINDOWS\system32\wininet.dll
2008-02-26 03:12	372,736	----a-w	C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10	307,200	----a-w	C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10	299,520	----a-w	C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02	172,032	----a-w	C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02	126,976	----a-w	C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01	43,520	----a-w	C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01	26,112	----a-w	C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01	126,976	----a-w	C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00	520,192	----a-w	C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59	9,797,632	----a-w	C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58	53,248	----a-w	C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49	3,176,480	----a-w	C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41	1,755,264	----a-w	C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29	46,080	----a-w	C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25	393,216	----a-w	C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23	17,408	----a-w	C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:19	167,936	----a-w	C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16	520,192	----a-w	C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05	593,920	------w	C:\WINDOWS\system32\ati2sgag.exe
2008-02-20 06:51	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
.

------- Sigcheck -------

2005-03-02 20:21  577024  3ef380290ce2ca8598e475ceac4adb13	C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:51  578048  5393076fdcd6daeb82814688dde3e9a2	C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:18  577024  9267bc598e271bc3fa69f36cf1c8bd36	C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:38  577536  43240b12d220f30c7c75ea69b2e806b0	C:\WINDOWS\FlyakiteOSX\Backup\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\053a8d720f751c64c56fbe8b6600daef\backup\sp2gdr\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\053a8d720f751c64c56fbe8b6600daef\backup\sp2qfe\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2gdr\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2qfe\user32.dll
2007-03-08 17:38  577024  371331934ed7d5e1687a438db0669822	C:\WINDOWS\system32\user32.dll
2007-03-08 17:38  577024  371331934ed7d5e1687a438db0669822	C:\WINDOWS\system32\dllcache\user32.dll

2007-10-11 01:41  825344  3c48d8efa3ffa68f7aeaaaffab6b9cb3	C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:59  825344  32cc73f851f377b035a5b8216cac63ce	C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:35  827392  46a1a52eb6c86344c6ebf65b17404c90	C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-03-01 15:02  826368  4b0d8a282e0bef3e52b8b6449d8473dd	C:\WINDOWS\FlyakiteOSX\Backup\wininet.dll
2006-03-02 14:00  657408  50d263e3454e8357d13bb598129185ad	C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03  818688  92995334f993e6e49c25c6d02ec04401	C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:50  824832  c543cc3d7a05fb0d23107c89115811a0	C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:14  802304  a2b21644a9d317c9de04cdbf83c4afc6	C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 15:02  803840  71ba5f36c9f5b989ece61f4fd53fbb69	C:\WINDOWS\system32\wininet.dll
2008-03-01 15:02  803840  71ba5f36c9f5b989ece61f4fd53fbb69	C:\WINDOWS\system32\dllcache\wininet.dll

2005-03-02 20:14  2059008  9355304dd565e23f8ee294720b2c03e5	C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:09  2061568  a873ff1754e2a81cb1a34588cab363d6	C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2006-03-02 14:00  2059008  e86dd06f2b8f919ddf23f78a3bf2aa23	C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08  2059008  e32780e8939338b80edff39e2314c223	C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:05  2059776  c80bca19aa7d4dc37857e9f8250756da	C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:05  2059776  c80bca19aa7d4dc37857e9f8250756da	C:\WINDOWS\FlyakiteOSX\Backup\ntkrnlpa.exe
2006-03-02 14:00  2059008  e86dd06f2b8f919ddf23f78a3bf2aa23	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2gdr\ntkrnlpa.exe
2004-08-17 16:45  2059008  e86dd06f2b8f919ddf23f78a3bf2aa23	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2qfe\ntkrnlpa.exe
2008-03-04 18:34  2015744  cf46faaf70830d24390a10d2ea93e14b	C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:05  2015744  268c1e0edfd6e791dcb817382a5964fd	C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 20:14  2181632  7fabe135eac02a4bc8094b831adc0cc3	C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:09  2184320  d40b4f66d877802ec5e655b91b5490fa	C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-03-02 14:00  2183168  12c80e46dcec9b82473d1b1b9da1f16b	C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09  2181504  b0dae70164cc79d1289ef3530a3646f1	C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:05  2182528  c09ca7faffc40bbfaceeb9f0f429f673	C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:05  2182528  c09ca7faffc40bbfaceeb9f0f429f673	C:\WINDOWS\FlyakiteOSX\Backup\ntoskrnl.exe
2006-03-02 14:00  2183168  12c80e46dcec9b82473d1b1b9da1f16b	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2gdr\ntoskrnl.exe
2004-08-17 16:45  2183168  12c80e46dcec9b82473d1b1b9da1f16b	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2qfe\ntoskrnl.exe
2008-03-04 18:34  2138496  504a8bdf615d102e538b5d86d462daea	C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:05  2138496  17d5cf8dcebf978319a29a7577327902	C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 15:23  1366016  d1f9335dd852e6c2e729e4167f40ab43	C:\WINDOWS\explorer.exe
2007-06-13 15:11  1033728  9b32416bd5988c97b6397ce0b02caf97	C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-03-02 14:00  1032704  53114d57ab73a406ac7f602227781a99	C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23  1033728  ed7b460b142a32097b8a8f6ecc941815	C:\WINDOWS\FlyakiteOSX\Backup\explorer.exe
2007-06-13 15:23  1366016  d1f9335dd852e6c2e729e4167f40ab43	C:\WINDOWS\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((   snapshot@2008-04-28_14.49.40,03   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-28 12:08:11	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-05-04 16:04:03	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
- 2006-12-04 12:37:58	1,317,648	----a-w	C:\WINDOWS\system32\msxml6.dll
+ 2007-05-15 13:43:10	1,320,800	----a-w	C:\WINDOWS\system32\msxml6.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1686016]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"RK Launcher"="C:\Program Files\RK Launcher\RKLauncher.exe" [2005-10-19 09:40 393216]
"Alt+Q Hotkey Tool"="C:\WINDOWS\Alt+Q Hotkey.exe" [2005-12-18 21:14 27648]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-02-24 02:32 188416]
"WinRoll"="C:\Program Files\WinRoll\winroll.exe" [2006-01-02 00:27 15872]
"Yz Shadow"="C:\Program Files\YzShadow\YzShadow.exe" [2006-02-24 04:51 172032]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 16:50 1289000]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 11:40 270336]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-31 16:59 949376]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 07:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 07:03 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 01:41 118485]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-04-23 22:50 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"D:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-03 21:18]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
S3 GPU-Z;GPU-Z;C:\DOCUME~1\LUKSED~1\LOCALS~1\Temp\GPU-Z.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 15:41:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Re: PC není v pohodě

od Ryan » čtv kvě 01, 2008 23:50

pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

Rootkit::
C:\WINDOWS\system32\sav80231.sys
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:

Obrázek

po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem :)

Re: PC není v pohodě

od Sedlo » úte dub 29, 2008 15:12

Všechno to bylo vypnutý. Běžel jen Trillian. NOD32, AVG Anti-Spyware, Spyware terminator byly vyplí, na to jsem myslel. Jinak přiložím tedy ten log z nouzáku.
Edit: TAk to ho sem vkládám

Kód: Vybrat vše

ComboFix 08-04-27.2 - Lukáš Sedláček 2008-04-29 16:43:04.3 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.1.1029.18.804 [GMT 2:00]
Running from: C:\Documents and Settings\Lukáš Sedláček\Plocha\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-03-28 to 2008-04-29  )))))))))))))))))))))))))))))))
.

2008-04-29 16:14 . 2008-04-29 16:14	<DIR>	d--------	C:\Documents and Settings\Administrator
2008-04-28 21:50 . 2008-04-28 21:50	<DIR>	d--------	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\Nokia Multimedia Player
2008-04-28 17:17 . 2008-04-28 17:19	1	--a------	C:\WINDOWS\system32\sav80231.sys
2008-04-27 21:17 . 2008-04-27 21:17	<DIR>	d--------	C:\WINDOWS\system32\NtmsData
2008-04-27 20:50 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Common Files\PCSuite
2008-04-27 20:07 . 2008-04-27 20:07	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Nokia
2008-04-27 20:05 . 2008-04-27 20:05	<DIR>	d--------	C:\Program Files\MSXML 6.0
2008-04-27 19:53 . 2004-08-03 23:08	25,600	--a------	C:\WINDOWS\system32\drivers\usbser.sys
2008-04-27 19:53 . 2008-04-27 19:53	1,374	--a------	C:\WINDOWS\imsins.BAK
2008-04-27 19:53 . 2008-04-27 19:53	0	--ah-----	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-27 19:53 . 2008-04-27 19:53	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-27 19:52 . 2008-04-27 19:52	<DIR>	d--------	C:\Program Files\DIFX
2008-04-27 19:52 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Common Files\Nokia
2008-04-27 19:52 . 2008-04-27 19:53	<DIR>	d--------	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\PC Suite
2008-04-27 19:52 . 2008-04-27 19:52	<DIR>	d--------	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\Nokia
2008-04-27 19:52 . 2008-04-27 19:53	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\PC Suite
2008-04-27 19:52 . 2007-09-17 15:53	21,632	--a------	C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-27 19:51 . 2008-04-27 20:48	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE
2008-04-27 19:51 . 2008-04-27 19:51	<DIR>	d--------	C:\Program Files\PC Connectivity Solution
2008-04-27 19:51 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Nokia
2008-04-27 19:51 . 2008-04-27 20:05	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Installations
2008-04-27 19:51 . 2007-11-29 10:33	1,419,232	--a------	C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-27 19:51 . 2007-11-29 10:39	95,744	--a------	C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-27 19:51 . 2008-02-01 15:17	90,624	--a------	C:\WINDOWS\system32\nmwcdcls.dll
2008-04-27 19:51 . 2007-11-29 10:39	19,328	--a------	C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-27 19:51 . 2007-11-29 10:39	16,896	--a------	C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-27 19:51 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-27 19:51 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-24 16:24 . 2008-04-24 16:24	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Grisoft
2008-04-23 21:45 . 2006-09-05 18:03	3,968	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-21 13:58 . 2008-04-21 13:58	<DIR>	d--------	C:\Program Files\QIP
2008-04-16 21:02 . 2008-04-16 21:02	<DIR>	d--------	C:\Program Files\Microsoft ActiveSync
2008-04-16 21:02 . 2005-10-21 03:47	30,592	---------	C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-16 21:02 . 2005-10-21 03:47	12,800	---------	C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-16 06:55 . 2008-04-16 06:55	<DIR>	d--hs----	C:\found.000
2008-04-13 21:33 . 2008-04-13 21:33	<DIR>	d--------	C:\Program Files\AnvSoft Mobile Video Converter
2008-04-13 21:07 . 2004-08-03 23:10	85,376	--a------	C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-04-13 21:07 . 2004-08-03 23:10	19,328	--a------	C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-04-13 21:07 . 2004-08-17 15:49	16,384	--a------	C:\WINDOWS\system32\ipsink.ax
2008-04-13 21:07 . 2004-08-03 23:10	15,360	--a------	C:\WINDOWS\system32\drivers\StreamIP.sys
2008-04-13 21:07 . 2004-08-03 23:10	11,136	--a------	C:\WINDOWS\system32\drivers\SLIP.sys
2008-04-13 21:07 . 2004-08-03 23:10	10,880	--a------	C:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-13 21:07 . 2004-08-03 22:58	5,504	--a------	C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-13 21:06 . 2004-08-17 15:49	91,136	--a------	C:\WINDOWS\system32\kswdmcap.ax
2008-04-13 21:06 . 2004-08-17 15:49	61,952	--a------	C:\WINDOWS\system32\kstvtune.ax
2008-04-13 21:06 . 2004-08-17 15:49	54,272	--a------	C:\WINDOWS\system32\vfwwdm32.dll
2008-04-13 21:06 . 2004-08-03 23:10	51,328	--a------	C:\WINDOWS\system32\drivers\msdv.sys
2008-04-13 21:06 . 2004-08-17 15:49	43,008	--a------	C:\WINDOWS\system32\ksxbar.ax
2008-04-13 21:06 . 2004-08-17 15:49	28,672	--a------	C:\WINDOWS\system32\vidcap.ax
2008-04-13 21:06 . 2004-08-03 23:10	17,024	--a------	C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-04-13 21:00 . 2004-08-03 23:10	38,912	--a------	C:\WINDOWS\system32\drivers\avc.sys
2008-04-13 20:59 . 2004-08-03 23:10	48,128	--a------	C:\WINDOWS\system32\drivers\61883.sys
2008-04-13 20:13 . 2008-04-13 20:13	<DIR>	d--------	C:\Drivers
2008-04-13 20:13 . 2001-11-05 09:23	299,923	--a------	C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-04-13 20:13 . 2002-10-15 22:41	102,220	--a------	C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-04-13 20:13 . 2001-07-03 20:33	53,248	--a------	C:\WINDOWS\system32\SONYHCY.DLL
2008-04-13 20:13 . 2001-11-05 09:23	38,739	--a------	C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-04-13 20:13 . 2001-11-05 09:23	6,097	--a------	C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-04-13 20:13 . 2001-07-03 20:39	3,654	--a------	C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-04-13 20:12 . 1998-06-18 00:00	89,360	--a------	C:\WINDOWS\system32\VB5DB.DLL
2008-04-13 20:12 . 2003-12-03 17:44	13,566	---------	C:\WINDOWS\system32\drivers\cdrbsvsd.sys
2008-04-13 18:32 . 2004-08-03 23:10	61,056	--a------	C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:32 . 2004-08-03 23:10	53,248	--a------	C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:32 . 2001-08-17 21:46	6,400	--a------	C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-10 20:53 . 2008-04-28 21:50	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-04-10 20:53 . 2008-04-10 20:53	1,409	--a------	C:\WINDOWS\QTFont.for
2008-04-09 21:32 . 2008-04-09 21:32	394	--a------	C:\WINDOWS\capture.ini
2008-04-09 15:49 . 2008-04-09 15:49	<DIR>	d--------	C:\Documents and Settings\Luk Sedlek
2008-04-09 15:48 . 2008-04-09 15:48	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2008-04-09 15:35 . 2008-04-09 15:35	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared
2008-04-08 15:34 . 2008-04-08 15:34	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\GlobalSCAPE
2008-04-06 18:43 . 2008-04-06 18:43	<DIR>	d--------	C:\Temp
2008-04-01 21:07 . 2008-04-01 21:07	<DIR>	d--------	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\NCH Software
2008-04-01 17:17 . 2008-04-09 15:36	<DIR>	d--------	C:\Program Files\Common Files\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.

Re: PC není v pohodě

od Ryan » úte dub 29, 2008 08:49

Tak ještě poprosím o jeden log z ComboFixu, ale tentokrát s VUPNUTÝM antivirem a vůbec všemi ochranami. A ať je to také v nouzovém režimu... Také zkus odisntalovat Spyware Terminator jestli to nezabere. Ten soft je sice dobrý, ale hodně náladový.

Re: PC není v pohodě

od Sedlo » pon dub 28, 2008 13:52

Tak tady přikládám na Tvé přání log z ComboFixu:

Kód: Vybrat vše

ComboFix 08-04-27.2 - Lukáš Sedláček 2008-04-28 14:45:50.1 - NTFSx86
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.1.1029.18.449 [GMT 2:00]
Running from: C:\Documents and Settings\Lukáš Sedláček\Plocha\ComboFix.exe
 * Created a new restore point
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Nabídka Start\Online Security Guide.url
C:\Documents and Settings\All Users\Nabídka Start\Security Troubleshooting.url
C:\Documents and Settings\Lukáš Sedláček\Oblíbené položky\Online Security Test.url

.
(((((((((((((((((((((((((   Files Created from 2008-03-28 to 2008-04-28  )))))))))))))))))))))))))))))))
.

2008-04-27 21:17 . 2008-04-27 21:17	<DIR>	d--------	C:\WINDOWS\system32\NtmsData
2008-04-27 20:50 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Common Files\PCSuite
2008-04-27 20:07 . 2008-04-27 20:07	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Nokia
2008-04-27 20:05 . 2008-04-27 20:05	<DIR>	d--------	C:\Program Files\MSXML 6.0
2008-04-27 19:53 . 2004-08-03 23:08	25,600	--a------	C:\WINDOWS\system32\drivers\usbser.sys
2008-04-27 19:53 . 2008-04-27 19:53	1,374	--a------	C:\WINDOWS\imsins.BAK
2008-04-27 19:53 . 2008-04-27 19:53	0	--ah-----	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-27 19:53 . 2008-04-27 19:53	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-27 19:52 . 2008-04-27 19:52	<DIR>	d--------	C:\Program Files\DIFX
2008-04-27 19:52 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Common Files\Nokia
2008-04-27 19:52 . 2008-04-27 19:53	<DIR>	d--------	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\PC Suite
2008-04-27 19:52 . 2008-04-27 19:52	<DIR>	d--------	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\Nokia
2008-04-27 19:52 . 2008-04-27 19:53	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\PC Suite
2008-04-27 19:52 . 2007-09-17 15:53	21,632	--a------	C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-27 19:51 . 2008-04-27 20:48	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE
2008-04-27 19:51 . 2008-04-27 19:51	<DIR>	d--------	C:\Program Files\PC Connectivity Solution
2008-04-27 19:51 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Nokia
2008-04-27 19:51 . 2008-04-27 20:05	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Installations
2008-04-27 19:51 . 2007-11-29 10:33	1,419,232	--a------	C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-27 19:51 . 2007-11-29 10:39	95,744	--a------	C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-27 19:51 . 2008-02-01 15:17	90,624	--a------	C:\WINDOWS\system32\nmwcdcls.dll
2008-04-27 19:51 . 2007-11-29 10:39	19,328	--a------	C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-27 19:51 . 2007-11-29 10:39	16,896	--a------	C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-27 19:51 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-27 19:51 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-24 16:24 . 2008-04-24 16:24	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Grisoft
2008-04-23 21:45 . 2006-09-05 18:03	3,968	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-21 13:58 . 2008-04-21 13:58	<DIR>	d--------	C:\Program Files\QIP
2008-04-16 21:02 . 2008-04-16 21:02	<DIR>	d--------	C:\Program Files\Microsoft ActiveSync
2008-04-16 21:02 . 2005-10-21 03:47	30,592	---------	C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-16 21:02 . 2005-10-21 03:47	12,800	---------	C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-16 06:55 . 2008-04-16 06:55	<DIR>	d--hs----	C:\found.000
2008-04-13 21:33 . 2008-04-13 21:33	<DIR>	d--------	C:\Program Files\AnvSoft Mobile Video Converter
2008-04-13 21:07 . 2004-08-03 23:10	85,376	--a------	C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-04-13 21:07 . 2004-08-03 23:10	19,328	--a------	C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-04-13 21:07 . 2004-08-17 15:49	16,384	--a------	C:\WINDOWS\system32\ipsink.ax
2008-04-13 21:07 . 2004-08-03 23:10	15,360	--a------	C:\WINDOWS\system32\drivers\StreamIP.sys
2008-04-13 21:07 . 2004-08-03 23:10	11,136	--a------	C:\WINDOWS\system32\drivers\SLIP.sys
2008-04-13 21:07 . 2004-08-03 23:10	10,880	--a------	C:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-13 21:07 . 2004-08-03 22:58	5,504	--a------	C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-13 21:06 . 2004-08-17 15:49	91,136	--a------	C:\WINDOWS\system32\kswdmcap.ax
2008-04-13 21:06 . 2004-08-17 15:49	61,952	--a------	C:\WINDOWS\system32\kstvtune.ax
2008-04-13 21:06 . 2004-08-17 15:49	54,272	--a------	C:\WINDOWS\system32\vfwwdm32.dll
2008-04-13 21:06 . 2004-08-03 23:10	51,328	--a------	C:\WINDOWS\system32\drivers\msdv.sys
2008-04-13 21:06 . 2004-08-17 15:49	43,008	--a------	C:\WINDOWS\system32\ksxbar.ax
2008-04-13 21:06 . 2004-08-17 15:49	28,672	--a------	C:\WINDOWS\system32\vidcap.ax
2008-04-13 21:06 . 2004-08-03 23:10	17,024	--a------	C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-04-13 21:00 . 2004-08-03 23:10	38,912	--a------	C:\WINDOWS\system32\drivers\avc.sys
2008-04-13 20:59 . 2004-08-03 23:10	48,128	--a------	C:\WINDOWS\system32\drivers\61883.sys
2008-04-13 20:13 . 2008-04-13 20:13	<DIR>	d--------	C:\Drivers
2008-04-13 20:13 . 2001-11-05 09:23	299,923	--a------	C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-04-13 20:13 . 2002-10-15 22:41	102,220	--a------	C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-04-13 20:13 . 2001-07-03 20:33	53,248	--a------	C:\WINDOWS\system32\SONYHCY.DLL
2008-04-13 20:13 . 2001-11-05 09:23	38,739	--a------	C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-04-13 20:13 . 2001-11-05 09:23	6,097	--a------	C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-04-13 20:13 . 2001-07-03 20:39	3,654	--a------	C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-04-13 20:12 . 1998-06-18 00:00	89,360	--a------	C:\WINDOWS\system32\VB5DB.DLL
2008-04-13 20:12 . 2003-12-03 17:44	13,566	---------	C:\WINDOWS\system32\drivers\cdrbsvsd.sys
2008-04-13 18:32 . 2004-08-03 23:10	61,056	--a------	C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:32 . 2004-08-03 23:10	53,248	--a------	C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:32 . 2001-08-17 21:46	6,400	--a------	C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-10 20:53 . 2008-04-27 20:48	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-04-10 20:53 . 2008-04-10 20:53	1,409	--a------	C:\WINDOWS\QTFont.for
2008-04-09 21:32 . 2008-04-09 21:32	394	--a------	C:\WINDOWS\capture.ini
2008-04-09 15:49 . 2008-04-09 15:49	<DIR>	d--------	C:\Documents and Settings\Luk Sedlek
2008-04-09 15:48 . 2008-04-09 15:48	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2008-04-09 15:35 . 2008-04-09 15:35	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared
2008-04-08 15:34 . 2008-04-08 15:34	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\GlobalSCAPE
2008-04-06 18:43 . 2008-04-06 18:43	<DIR>	d--------	C:\Temp
2008-04-01 21:07 . 2008-04-01 21:07	<DIR>	d--------	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\NCH Software
2008-04-01 17:17 . 2008-04-09 15:36	<DIR>	d--------	C:\Program Files\Common Files\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 16:38	---------	d-----w	C:\Program Files\ICQToolbar
2008-04-21 15:23	---------	d-----w	C:\Program Files\Spyware Terminator
2008-04-21 15:23	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-04-20 15:32	---------	d-----w	C:\Program Files\ICQLite
2008-04-13 19:47	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-04-09 06:55	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-04-03 20:21	---------	d-----w	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\Skype
2008-04-03 17:21	---------	d-----w	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\skypePM
2008-03-23 21:45	---------	d-----w	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\Media Player Classic
2008-03-23 19:08	---------	d---a-w	C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-03-20 11:49	---------	d-----w	C:\Program Files\Track Mania
2008-03-20 08:09	1,845,248	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-19 20:56	---------	d-----w	C:\Program Files\Java
2008-03-19 11:17	---------	d-----w	C:\Program Files\Apple Software Update
2008-03-19 11:17	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Apple
2008-03-18 19:50	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Test Drive Unlimited
2008-03-18 10:49	---------	d-----w	C:\Program Files\Crawler
2008-03-13 18:32	---------	d-----w	C:\Program Files\K-Lite Codec Pack
2008-03-12 19:01	---------	d-----w	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\ICQLite
2008-03-12 14:54	---------	d-----w	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\Azureus
2008-03-11 17:56	---------	d-----w	C:\Program Files\MagicISO
2008-03-11 15:53	32	----a-w	C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-03-11 15:53	---------	d-----w	C:\Program Files\Skype
2008-03-11 15:53	---------	d-----w	C:\Program Files\Common Files\Skype
2008-03-11 15:53	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Skype
2008-03-10 18:56	---------	d-----w	C:\Program Files\ATI Technologies
2008-03-10 18:24	86,016	----a-w	C:\WINDOWS\system32\OpenAL32.dll
2008-03-10 18:24	262,144	----a-w	C:\WINDOWS\system32\wrap_oal.dll
2008-03-09 20:27	---------	d-----w	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\Apple Computer
2008-03-09 20:26	---------	d-----w	C:\Program Files\QuickTime
2008-03-09 20:26	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2008-03-06 09:14	831,048	----a-w	C:\WINDOWS\system32\WudfUpdate_01005.dll
2008-03-04 16:34	2,138,496	----a-w	C:\WINDOWS\system32\ntoskrnl.exe
2008-03-04 16:34	2,015,744	----a-w	C:\WINDOWS\system32\ntkrnlpa.exe
2008-03-04 16:34	---------	d-----w	C:\Program Files\YzShadow
2008-03-04 16:34	---------	d-----w	C:\Program Files\WinRoll
2008-03-04 16:34	---------	d-----w	C:\Program Files\UberIcon
2008-03-04 16:34	---------	d-----w	C:\Program Files\Tiger System Preferences v2
2008-03-04 16:34	---------	d-----w	C:\Program Files\RK Launcher
2008-03-04 16:34	---------	d-----w	C:\Program Files\ObjectDock
2008-03-04 16:34	---------	d-----w	C:\Program Files\iColorFolder
2008-03-04 16:32	219,648	----a-w	C:\WINDOWS\system32\uxtheme.dll
2008-03-03 17:54	---------	d-----w	C:\Program Files\Common Files\DVDVideoSoft
2008-03-01 13:02	803,840	----a-w	C:\WINDOWS\system32\wininet.dll
2008-02-28 16:15	---------	d-----w	C:\Program Files\Opera
2008-02-26 03:12	372,736	----a-w	C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10	307,200	----a-w	C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10	299,520	----a-w	C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02	172,032	----a-w	C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02	126,976	----a-w	C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01	43,520	----a-w	C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01	26,112	----a-w	C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01	126,976	----a-w	C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00	520,192	----a-w	C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59	9,797,632	----a-w	C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58	53,248	----a-w	C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49	3,176,480	----a-w	C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41	1,755,264	----a-w	C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29	46,080	----a-w	C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25	393,216	----a-w	C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23	17,408	----a-w	C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:19	167,936	----a-w	C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16	520,192	----a-w	C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05	593,920	------w	C:\WINDOWS\system32\ati2sgag.exe
2008-02-20 06:51	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
2008-01-31 14:59	298,104	----a-w	C:\WINDOWS\system32\imon.dll
.

------- Sigcheck -------

2005-03-02 20:21  577024  3ef380290ce2ca8598e475ceac4adb13	C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:51  578048  5393076fdcd6daeb82814688dde3e9a2	C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:18  577024  9267bc598e271bc3fa69f36cf1c8bd36	C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:38  577536  43240b12d220f30c7c75ea69b2e806b0	C:\WINDOWS\FlyakiteOSX\Backup\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]53a8d720f751c64c56fbe8b6600daef\backup\sp2gdr\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]53a8d720f751c64c56fbe8b6600daef\backup\sp2qfe\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2gdr\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2qfe\user32.dll
2007-03-08 17:38  577024  371331934ed7d5e1687a438db0669822	C:\WINDOWS\system32\user32.dll
2007-03-08 17:38  577024  371331934ed7d5e1687a438db0669822	C:\WINDOWS\system32\dllcache\user32.dll

2007-10-11 01:41  825344  3c48d8efa3ffa68f7aeaaaffab6b9cb3	C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:59  825344  32cc73f851f377b035a5b8216cac63ce	C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:35  827392  46a1a52eb6c86344c6ebf65b17404c90	C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-03-01 15:02  826368  4b0d8a282e0bef3e52b8b6449d8473dd	C:\WINDOWS\FlyakiteOSX\Backup\wininet.dll
2006-03-02 14:00  657408  50d263e3454e8357d13bb598129185ad	C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03  818688  92995334f993e6e49c25c6d02ec04401	C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:50  824832  c543cc3d7a05fb0d23107c89115811a0	C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:14  802304  a2b21644a9d317c9de04cdbf83c4afc6	C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 15:02  803840  71ba5f36c9f5b989ece61f4fd53fbb69	C:\WINDOWS\system32\wininet.dll
2008-03-01 15:02  803840  71ba5f36c9f5b989ece61f4fd53fbb69	C:\WINDOWS\system32\dllcache\wininet.dll

2005-03-02 20:14  2059008  9355304dd565e23f8ee294720b2c03e5	C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:09  2061568  a873ff1754e2a81cb1a34588cab363d6	C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2006-03-02 14:00  2059008  e86dd06f2b8f919ddf23f78a3bf2aa23	C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08  2059008  e32780e8939338b80edff39e2314c223	C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:05  2059776  c80bca19aa7d4dc37857e9f8250756da	C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:05  2059776  c80bca19aa7d4dc37857e9f8250756da	C:\WINDOWS\FlyakiteOSX\Backup\ntkrnlpa.exe
2006-03-02 14:00  2059008  e86dd06f2b8f919ddf23f78a3bf2aa23	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2gdr\ntkrnlpa.exe
2004-08-17 16:45  2059008  e86dd06f2b8f919ddf23f78a3bf2aa23	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2qfe\ntkrnlpa.exe
2008-03-04 18:34  2015744  cf46faaf70830d24390a10d2ea93e14b	C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:05  2015744  268c1e0edfd6e791dcb817382a5964fd	C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 20:14  2181632  7fabe135eac02a4bc8094b831adc0cc3	C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:09  2184320  d40b4f66d877802ec5e655b91b5490fa	C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-03-02 14:00  2183168  12c80e46dcec9b82473d1b1b9da1f16b	C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09  2181504  b0dae70164cc79d1289ef3530a3646f1	C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:05  2182528  c09ca7faffc40bbfaceeb9f0f429f673	C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:05  2182528  c09ca7faffc40bbfaceeb9f0f429f673	C:\WINDOWS\FlyakiteOSX\Backup\ntoskrnl.exe
2006-03-02 14:00  2183168  12c80e46dcec9b82473d1b1b9da1f16b	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2gdr\ntoskrnl.exe
2004-08-17 16:45  2183168  12c80e46dcec9b82473d1b1b9da1f16b	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2qfe\ntoskrnl.exe
2008-03-04 18:34  2138496  504a8bdf615d102e538b5d86d462daea	C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:05  2138496  17d5cf8dcebf978319a29a7577327902	C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 15:23  1366016  d1f9335dd852e6c2e729e4167f40ab43	C:\WINDOWS\explorer.exe
2007-06-13 15:11  1033728  9b32416bd5988c97b6397ce0b02caf97	C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-03-02 14:00  1032704  53114d57ab73a406ac7f602227781a99	C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23  1033728  ed7b460b142a32097b8a8f6ecc941815	C:\WINDOWS\FlyakiteOSX\Backup\explorer.exe
2007-06-13 15:23  1366016  d1f9335dd852e6c2e729e4167f40ab43	C:\WINDOWS\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1686016]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"RK Launcher"="C:\Program Files\RK Launcher\RKLauncher.exe" [2005-10-19 09:40 393216]
"Alt+Q Hotkey Tool"="C:\WINDOWS\Alt+Q Hotkey.exe" [2005-12-18 21:14 27648]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-02-24 02:32 188416]
"WinRoll"="C:\Program Files\WinRoll\winroll.exe" [2006-01-02 00:27 15872]
"Yz Shadow"="C:\Program Files\YzShadow\YzShadow.exe" [2006-02-24 04:51 172032]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 16:50 1289000]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 11:40 270336]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-31 16:59 949376]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 07:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 07:03 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 01:41 118485]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-04-23 22:50 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"D:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"D:\\{D} Dokumenty\\Moje nešahat\\Hry\\Test Drive Umlimited\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TestDriveUnlimited.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-03 21:18]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
S3 GPU-Z;GPU-Z;C:\DOCUME~1\LUKSED~1\LOCALS~1\Temp\GPU-Z.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 15:41:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 14:47:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-04-28 14:50:47
ComboFix-quarantined-files.txt  2008-04-28 12:49:54

           Adresářů:    10,   Volných bajtů: 11,258,617,856
           Adresářů:    14,   Volných bajtů: 12,045,832,192

295	--- E O F ---	2008-04-09 06:55:41

Re: PC není v pohodě

od Cheaterboy » ned dub 27, 2008 16:47

Ryan: aha :) no jo no tak aspon se Vam udelal reklamu :D

Re: PC není v pohodě

od Ryan » ned dub 27, 2008 13:33

Cheaterboy píše:Sedlo: taky sem měl vira a kamos mi poradil http://www.viry.cz/forum/ tam ti to řeknou co je v hijacku špatně
Tak ono je to zbytečné, neboť zjistíš, že já jsem Rádce z Viry.cz ;)

Re: PC není v pohodě

od Ryan » ned dub 27, 2008 13:32

Sedlo log je OK... poprosím tě o toto:

stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko OK:

Obrázek

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

Re: PC není v pohodě

od Cheaterboy » stř dub 23, 2008 19:12

Sedlo: taky sem měl vira a kamos mi poradil http://www.viry.cz/forum/ tam ti to řeknou co je v hijacku špatně

Re: PC není v pohodě

od Jackal » stř dub 23, 2008 19:07

AVG Anti-Spyware 7.5.0.50 ve free verzi má vypnutý rezidentní štít, ale na skenování je super a hlavně najde skoro vše.

Na tomto fóru je nabízen placený program Spy Sweeper, při registraci dostaneš licenci na rok zdarma a umí také hledat a hlavně najít. Sám ho používám a dostal jsem licenci do 1.1.2009. Nekup to za ty prachy. :D

Edit: ještě bych udělal defragmentaci programem O&O Defrag10 Professional 10.0.1634 volbou podle přístupu. ;)

Re: PC není v pohodě

od Sedlo » stř dub 23, 2008 18:52

A jakej doporučíš??

Nahoru