Download | Programy

PC není v pohodě

Problematika virů a antivirů, zabezpečení PC, firewall, spyware, kontrola logu, hesla, webové prohlížeče

Moderátoři: mozek007, Ryan, Moderátoři

Uživatelský avatar
Sedlo
Moderátor
Moderátor
Příspěvky: 1668
Registrován: čtv kvě 03, 2007 06:38
Bydliště: České Budějovice
Kontaktovat uživatele:

PC není v pohodě

Příspěvek od Sedlo »

zdravím před několika dny jsem zaznamenal výrazné zpomalení a docela časté zasekávání systému. Př.: běží WMP a hraje muzika, maximalizuju operu a než můžu na cokolik klepnout musím 3-6s počkat. Přitom ale WMP stále hraje. Projel jsem PC Nodem a vir nenalezl. SpiwareTerminatorem, ten nalezl dva trojské koně, ale žádne zlepšení nenastalo. Nechal jsem i pročistit registry a uklidit bordel v systému ale pořád nic. Přikládám tedy log z HJT

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:44, on 23.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\RK Launcher\RKLauncher.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\QIP\qip.exe
C:\Documents and Settings\Lukáš Sedláček\Plocha\Nová složka (2)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8970 bytes
Projekt Hacker l AMD Athlon 64 3200+ 2GHz@2,5GHz (255x10)l Asus M2NPV-MX l DDR2 2x1GB A-Data Extreme Edition 700MHz (3-3-3-6)l EAH2600XT 256MB DDR3 l WD Green 750GB l Samsung SpinPoint F1 1TB | Fortron SAGA400GLN 80+ l NEC 2070NX + Samsung 203B
NTB: Asus F3E

:heart: Phone: N900 Maemo 5 :heart:
Uživatelský avatar
Jackal
Zkušený uživatel
Zkušený uživatel
Příspěvky: 2336
Registrován: sob led 20, 2007 10:09
Bydliště: Ústecký kraj
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Jackal »

Na to je spolehlivé řešení. Udělěj formát a přeinstaluj widle, vyzkoušel jsi dost. :D
Acer Aspire 7741G, Intel Core i5-430M, Radeon HD 5650, 4GB DDR3 RAM, 500GB HDD, Windows 8.1 Pro, avast! Pro Antivirus
Uživatelský avatar
Sedlo
Moderátor
Moderátor
Příspěvky: 1668
Registrován: čtv kvě 03, 2007 06:38
Bydliště: České Budějovice
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Sedlo »

Jackale, Jackale na to bych přišel taky. :P :smil:
To se mi právě nechce. Ještě jedna možnost tu zbývá a to je ten HJT, formátem jsem doposud řešil vždycky, ale těd vím že tady na fóru jsou lidi kteří ví co má ve HJT logu být a co ne. A proto se ptám jestli tam není něco podezřelého.
Projekt Hacker l AMD Athlon 64 3200+ 2GHz@2,5GHz (255x10)l Asus M2NPV-MX l DDR2 2x1GB A-Data Extreme Edition 700MHz (3-3-3-6)l EAH2600XT 256MB DDR3 l WD Green 750GB l Samsung SpinPoint F1 1TB | Fortron SAGA400GLN 80+ l NEC 2070NX + Samsung 203B
NTB: Asus F3E

:heart: Phone: N900 Maemo 5 :heart:
Uživatelský avatar
Jackal
Zkušený uživatel
Zkušený uživatel
Příspěvky: 2336
Registrován: sob led 20, 2007 10:09
Bydliště: Ústecký kraj
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Jackal »

Tak pouze obnov widle reinstalem. :D Když se dusí systém, tak přeinstalovat. Nemusíš to dělat hned, zkus sosnout ještě nějaké programy na malware. Myslím programy co jsou placené a ve zkušební době je použít, pokud pořád bude systém brzda, tak přeinstalovat. ;)
Acer Aspire 7741G, Intel Core i5-430M, Radeon HD 5650, 4GB DDR3 RAM, 500GB HDD, Windows 8.1 Pro, avast! Pro Antivirus
Uživatelský avatar
Sedlo
Moderátor
Moderátor
Příspěvky: 1668
Registrován: čtv kvě 03, 2007 06:38
Bydliště: České Budějovice
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Sedlo »

A jakej doporučíš??
Projekt Hacker l AMD Athlon 64 3200+ 2GHz@2,5GHz (255x10)l Asus M2NPV-MX l DDR2 2x1GB A-Data Extreme Edition 700MHz (3-3-3-6)l EAH2600XT 256MB DDR3 l WD Green 750GB l Samsung SpinPoint F1 1TB | Fortron SAGA400GLN 80+ l NEC 2070NX + Samsung 203B
NTB: Asus F3E

:heart: Phone: N900 Maemo 5 :heart:
Uživatelský avatar
Jackal
Zkušený uživatel
Zkušený uživatel
Příspěvky: 2336
Registrován: sob led 20, 2007 10:09
Bydliště: Ústecký kraj
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Jackal »

AVG Anti-Spyware 7.5.0.50 ve free verzi má vypnutý rezidentní štít, ale na skenování je super a hlavně najde skoro vše.

Na tomto fóru je nabízen placený program Spy Sweeper, při registraci dostaneš licenci na rok zdarma a umí také hledat a hlavně najít. Sám ho používám a dostal jsem licenci do 1.1.2009. Nekup to za ty prachy. :D

Edit: ještě bych udělal defragmentaci programem O&O Defrag10 Professional 10.0.1634 volbou podle přístupu. ;)
Acer Aspire 7741G, Intel Core i5-430M, Radeon HD 5650, 4GB DDR3 RAM, 500GB HDD, Windows 8.1 Pro, avast! Pro Antivirus
Cheaterboy
Uživatel
Uživatel
Příspěvky: 142
Registrován: pon dub 07, 2008 12:42

Re: PC není v pohodě

Příspěvek od Cheaterboy »

Sedlo: taky sem měl vira a kamos mi poradil http://www.viry.cz/forum/ tam ti to řeknou co je v hijacku špatně
Ryan
Čestný člen
Příspěvky: 316
Registrován: sob dub 21, 2007 11:05
Bydliště: tam kde je přístup k netu:-) / Českomoravská Vysočina
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Ryan »

Sedlo log je OK... poprosím tě o toto:

stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko OK:

Obrázek

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Ryan
Čestný člen
Příspěvky: 316
Registrován: sob dub 21, 2007 11:05
Bydliště: tam kde je přístup k netu:-) / Českomoravská Vysočina
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Ryan »

Cheaterboy píše:Sedlo: taky sem měl vira a kamos mi poradil http://www.viry.cz/forum/ tam ti to řeknou co je v hijacku špatně
Tak ono je to zbytečné, neboť zjistíš, že já jsem Rádce z Viry.cz ;)
Cheaterboy
Uživatel
Uživatel
Příspěvky: 142
Registrován: pon dub 07, 2008 12:42

Re: PC není v pohodě

Příspěvek od Cheaterboy »

Ryan: aha :) no jo no tak aspon se Vam udelal reklamu :D
Uživatelský avatar
Sedlo
Moderátor
Moderátor
Příspěvky: 1668
Registrován: čtv kvě 03, 2007 06:38
Bydliště: České Budějovice
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Sedlo »

Tak tady přikládám na Tvé přání log z ComboFixu:

Kód: Vybrat vše

ComboFix 08-04-27.2 - Lukáš Sedláček 2008-04-28 14:45:50.1 - NTFSx86
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.1.1029.18.449 [GMT 2:00]
Running from: C:\Documents and Settings\Lukáš Sedláček\Plocha\ComboFix.exe
 * Created a new restore point
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Nabídka Start\Online Security Guide.url
C:\Documents and Settings\All Users\Nabídka Start\Security Troubleshooting.url
C:\Documents and Settings\Lukáš Sedláček\Oblíbené položky\Online Security Test.url

.
(((((((((((((((((((((((((   Files Created from 2008-03-28 to 2008-04-28  )))))))))))))))))))))))))))))))
.

2008-04-27 21:17 . 2008-04-27 21:17	<DIR>	d--------	C:\WINDOWS\system32\NtmsData
2008-04-27 20:50 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Common Files\PCSuite
2008-04-27 20:07 . 2008-04-27 20:07	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Nokia
2008-04-27 20:05 . 2008-04-27 20:05	<DIR>	d--------	C:\Program Files\MSXML 6.0
2008-04-27 19:53 . 2004-08-03 23:08	25,600	--a------	C:\WINDOWS\system32\drivers\usbser.sys
2008-04-27 19:53 . 2008-04-27 19:53	1,374	--a------	C:\WINDOWS\imsins.BAK
2008-04-27 19:53 . 2008-04-27 19:53	0	--ah-----	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-27 19:53 . 2008-04-27 19:53	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-27 19:52 . 2008-04-27 19:52	<DIR>	d--------	C:\Program Files\DIFX
2008-04-27 19:52 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Common Files\Nokia
2008-04-27 19:52 . 2008-04-27 19:53	<DIR>	d--------	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\PC Suite
2008-04-27 19:52 . 2008-04-27 19:52	<DIR>	d--------	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\Nokia
2008-04-27 19:52 . 2008-04-27 19:53	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\PC Suite
2008-04-27 19:52 . 2007-09-17 15:53	21,632	--a------	C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-27 19:51 . 2008-04-27 20:48	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE
2008-04-27 19:51 . 2008-04-27 19:51	<DIR>	d--------	C:\Program Files\PC Connectivity Solution
2008-04-27 19:51 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Nokia
2008-04-27 19:51 . 2008-04-27 20:05	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Installations
2008-04-27 19:51 . 2007-11-29 10:33	1,419,232	--a------	C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-27 19:51 . 2007-11-29 10:39	95,744	--a------	C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-27 19:51 . 2008-02-01 15:17	90,624	--a------	C:\WINDOWS\system32\nmwcdcls.dll
2008-04-27 19:51 . 2007-11-29 10:39	19,328	--a------	C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-27 19:51 . 2007-11-29 10:39	16,896	--a------	C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-27 19:51 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-27 19:51 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-24 16:24 . 2008-04-24 16:24	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Grisoft
2008-04-23 21:45 . 2006-09-05 18:03	3,968	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-21 13:58 . 2008-04-21 13:58	<DIR>	d--------	C:\Program Files\QIP
2008-04-16 21:02 . 2008-04-16 21:02	<DIR>	d--------	C:\Program Files\Microsoft ActiveSync
2008-04-16 21:02 . 2005-10-21 03:47	30,592	---------	C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-16 21:02 . 2005-10-21 03:47	12,800	---------	C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-16 06:55 . 2008-04-16 06:55	<DIR>	d--hs----	C:\found.000
2008-04-13 21:33 . 2008-04-13 21:33	<DIR>	d--------	C:\Program Files\AnvSoft Mobile Video Converter
2008-04-13 21:07 . 2004-08-03 23:10	85,376	--a------	C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-04-13 21:07 . 2004-08-03 23:10	19,328	--a------	C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-04-13 21:07 . 2004-08-17 15:49	16,384	--a------	C:\WINDOWS\system32\ipsink.ax
2008-04-13 21:07 . 2004-08-03 23:10	15,360	--a------	C:\WINDOWS\system32\drivers\StreamIP.sys
2008-04-13 21:07 . 2004-08-03 23:10	11,136	--a------	C:\WINDOWS\system32\drivers\SLIP.sys
2008-04-13 21:07 . 2004-08-03 23:10	10,880	--a------	C:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-13 21:07 . 2004-08-03 22:58	5,504	--a------	C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-13 21:06 . 2004-08-17 15:49	91,136	--a------	C:\WINDOWS\system32\kswdmcap.ax
2008-04-13 21:06 . 2004-08-17 15:49	61,952	--a------	C:\WINDOWS\system32\kstvtune.ax
2008-04-13 21:06 . 2004-08-17 15:49	54,272	--a------	C:\WINDOWS\system32\vfwwdm32.dll
2008-04-13 21:06 . 2004-08-03 23:10	51,328	--a------	C:\WINDOWS\system32\drivers\msdv.sys
2008-04-13 21:06 . 2004-08-17 15:49	43,008	--a------	C:\WINDOWS\system32\ksxbar.ax
2008-04-13 21:06 . 2004-08-17 15:49	28,672	--a------	C:\WINDOWS\system32\vidcap.ax
2008-04-13 21:06 . 2004-08-03 23:10	17,024	--a------	C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-04-13 21:00 . 2004-08-03 23:10	38,912	--a------	C:\WINDOWS\system32\drivers\avc.sys
2008-04-13 20:59 . 2004-08-03 23:10	48,128	--a------	C:\WINDOWS\system32\drivers\61883.sys
2008-04-13 20:13 . 2008-04-13 20:13	<DIR>	d--------	C:\Drivers
2008-04-13 20:13 . 2001-11-05 09:23	299,923	--a------	C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-04-13 20:13 . 2002-10-15 22:41	102,220	--a------	C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-04-13 20:13 . 2001-07-03 20:33	53,248	--a------	C:\WINDOWS\system32\SONYHCY.DLL
2008-04-13 20:13 . 2001-11-05 09:23	38,739	--a------	C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-04-13 20:13 . 2001-11-05 09:23	6,097	--a------	C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-04-13 20:13 . 2001-07-03 20:39	3,654	--a------	C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-04-13 20:12 . 1998-06-18 00:00	89,360	--a------	C:\WINDOWS\system32\VB5DB.DLL
2008-04-13 20:12 . 2003-12-03 17:44	13,566	---------	C:\WINDOWS\system32\drivers\cdrbsvsd.sys
2008-04-13 18:32 . 2004-08-03 23:10	61,056	--a------	C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:32 . 2004-08-03 23:10	53,248	--a------	C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:32 . 2001-08-17 21:46	6,400	--a------	C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-10 20:53 . 2008-04-27 20:48	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-04-10 20:53 . 2008-04-10 20:53	1,409	--a------	C:\WINDOWS\QTFont.for
2008-04-09 21:32 . 2008-04-09 21:32	394	--a------	C:\WINDOWS\capture.ini
2008-04-09 15:49 . 2008-04-09 15:49	<DIR>	d--------	C:\Documents and Settings\Luk Sedlek
2008-04-09 15:48 . 2008-04-09 15:48	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2008-04-09 15:35 . 2008-04-09 15:35	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared
2008-04-08 15:34 . 2008-04-08 15:34	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\GlobalSCAPE
2008-04-06 18:43 . 2008-04-06 18:43	<DIR>	d--------	C:\Temp
2008-04-01 21:07 . 2008-04-01 21:07	<DIR>	d--------	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\NCH Software
2008-04-01 17:17 . 2008-04-09 15:36	<DIR>	d--------	C:\Program Files\Common Files\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 16:38	---------	d-----w	C:\Program Files\ICQToolbar
2008-04-21 15:23	---------	d-----w	C:\Program Files\Spyware Terminator
2008-04-21 15:23	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-04-20 15:32	---------	d-----w	C:\Program Files\ICQLite
2008-04-13 19:47	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-04-09 06:55	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-04-03 20:21	---------	d-----w	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\Skype
2008-04-03 17:21	---------	d-----w	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\skypePM
2008-03-23 21:45	---------	d-----w	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\Media Player Classic
2008-03-23 19:08	---------	d---a-w	C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-03-20 11:49	---------	d-----w	C:\Program Files\Track Mania
2008-03-20 08:09	1,845,248	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-19 20:56	---------	d-----w	C:\Program Files\Java
2008-03-19 11:17	---------	d-----w	C:\Program Files\Apple Software Update
2008-03-19 11:17	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Apple
2008-03-18 19:50	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Test Drive Unlimited
2008-03-18 10:49	---------	d-----w	C:\Program Files\Crawler
2008-03-13 18:32	---------	d-----w	C:\Program Files\K-Lite Codec Pack
2008-03-12 19:01	---------	d-----w	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\ICQLite
2008-03-12 14:54	---------	d-----w	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\Azureus
2008-03-11 17:56	---------	d-----w	C:\Program Files\MagicISO
2008-03-11 15:53	32	----a-w	C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-03-11 15:53	---------	d-----w	C:\Program Files\Skype
2008-03-11 15:53	---------	d-----w	C:\Program Files\Common Files\Skype
2008-03-11 15:53	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Skype
2008-03-10 18:56	---------	d-----w	C:\Program Files\ATI Technologies
2008-03-10 18:24	86,016	----a-w	C:\WINDOWS\system32\OpenAL32.dll
2008-03-10 18:24	262,144	----a-w	C:\WINDOWS\system32\wrap_oal.dll
2008-03-09 20:27	---------	d-----w	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\Apple Computer
2008-03-09 20:26	---------	d-----w	C:\Program Files\QuickTime
2008-03-09 20:26	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2008-03-06 09:14	831,048	----a-w	C:\WINDOWS\system32\WudfUpdate_01005.dll
2008-03-04 16:34	2,138,496	----a-w	C:\WINDOWS\system32\ntoskrnl.exe
2008-03-04 16:34	2,015,744	----a-w	C:\WINDOWS\system32\ntkrnlpa.exe
2008-03-04 16:34	---------	d-----w	C:\Program Files\YzShadow
2008-03-04 16:34	---------	d-----w	C:\Program Files\WinRoll
2008-03-04 16:34	---------	d-----w	C:\Program Files\UberIcon
2008-03-04 16:34	---------	d-----w	C:\Program Files\Tiger System Preferences v2
2008-03-04 16:34	---------	d-----w	C:\Program Files\RK Launcher
2008-03-04 16:34	---------	d-----w	C:\Program Files\ObjectDock
2008-03-04 16:34	---------	d-----w	C:\Program Files\iColorFolder
2008-03-04 16:32	219,648	----a-w	C:\WINDOWS\system32\uxtheme.dll
2008-03-03 17:54	---------	d-----w	C:\Program Files\Common Files\DVDVideoSoft
2008-03-01 13:02	803,840	----a-w	C:\WINDOWS\system32\wininet.dll
2008-02-28 16:15	---------	d-----w	C:\Program Files\Opera
2008-02-26 03:12	372,736	----a-w	C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10	307,200	----a-w	C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10	299,520	----a-w	C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02	172,032	----a-w	C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02	126,976	----a-w	C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01	43,520	----a-w	C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01	26,112	----a-w	C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01	126,976	----a-w	C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00	520,192	----a-w	C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59	9,797,632	----a-w	C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58	53,248	----a-w	C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49	3,176,480	----a-w	C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41	1,755,264	----a-w	C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29	46,080	----a-w	C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25	393,216	----a-w	C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23	17,408	----a-w	C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:19	167,936	----a-w	C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16	520,192	----a-w	C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05	593,920	------w	C:\WINDOWS\system32\ati2sgag.exe
2008-02-20 06:51	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
2008-01-31 14:59	298,104	----a-w	C:\WINDOWS\system32\imon.dll
.

------- Sigcheck -------

2005-03-02 20:21  577024  3ef380290ce2ca8598e475ceac4adb13	C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:51  578048  5393076fdcd6daeb82814688dde3e9a2	C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:18  577024  9267bc598e271bc3fa69f36cf1c8bd36	C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:38  577536  43240b12d220f30c7c75ea69b2e806b0	C:\WINDOWS\FlyakiteOSX\Backup\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]53a8d720f751c64c56fbe8b6600daef\backup\sp2gdr\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]53a8d720f751c64c56fbe8b6600daef\backup\sp2qfe\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2gdr\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2qfe\user32.dll
2007-03-08 17:38  577024  371331934ed7d5e1687a438db0669822	C:\WINDOWS\system32\user32.dll
2007-03-08 17:38  577024  371331934ed7d5e1687a438db0669822	C:\WINDOWS\system32\dllcache\user32.dll

2007-10-11 01:41  825344  3c48d8efa3ffa68f7aeaaaffab6b9cb3	C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:59  825344  32cc73f851f377b035a5b8216cac63ce	C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:35  827392  46a1a52eb6c86344c6ebf65b17404c90	C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-03-01 15:02  826368  4b0d8a282e0bef3e52b8b6449d8473dd	C:\WINDOWS\FlyakiteOSX\Backup\wininet.dll
2006-03-02 14:00  657408  50d263e3454e8357d13bb598129185ad	C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03  818688  92995334f993e6e49c25c6d02ec04401	C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:50  824832  c543cc3d7a05fb0d23107c89115811a0	C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:14  802304  a2b21644a9d317c9de04cdbf83c4afc6	C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 15:02  803840  71ba5f36c9f5b989ece61f4fd53fbb69	C:\WINDOWS\system32\wininet.dll
2008-03-01 15:02  803840  71ba5f36c9f5b989ece61f4fd53fbb69	C:\WINDOWS\system32\dllcache\wininet.dll

2005-03-02 20:14  2059008  9355304dd565e23f8ee294720b2c03e5	C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:09  2061568  a873ff1754e2a81cb1a34588cab363d6	C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2006-03-02 14:00  2059008  e86dd06f2b8f919ddf23f78a3bf2aa23	C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08  2059008  e32780e8939338b80edff39e2314c223	C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:05  2059776  c80bca19aa7d4dc37857e9f8250756da	C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:05  2059776  c80bca19aa7d4dc37857e9f8250756da	C:\WINDOWS\FlyakiteOSX\Backup\ntkrnlpa.exe
2006-03-02 14:00  2059008  e86dd06f2b8f919ddf23f78a3bf2aa23	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2gdr\ntkrnlpa.exe
2004-08-17 16:45  2059008  e86dd06f2b8f919ddf23f78a3bf2aa23	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2qfe\ntkrnlpa.exe
2008-03-04 18:34  2015744  cf46faaf70830d24390a10d2ea93e14b	C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:05  2015744  268c1e0edfd6e791dcb817382a5964fd	C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 20:14  2181632  7fabe135eac02a4bc8094b831adc0cc3	C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:09  2184320  d40b4f66d877802ec5e655b91b5490fa	C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-03-02 14:00  2183168  12c80e46dcec9b82473d1b1b9da1f16b	C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09  2181504  b0dae70164cc79d1289ef3530a3646f1	C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:05  2182528  c09ca7faffc40bbfaceeb9f0f429f673	C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:05  2182528  c09ca7faffc40bbfaceeb9f0f429f673	C:\WINDOWS\FlyakiteOSX\Backup\ntoskrnl.exe
2006-03-02 14:00  2183168  12c80e46dcec9b82473d1b1b9da1f16b	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2gdr\ntoskrnl.exe
2004-08-17 16:45  2183168  12c80e46dcec9b82473d1b1b9da1f16b	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2qfe\ntoskrnl.exe
2008-03-04 18:34  2138496  504a8bdf615d102e538b5d86d462daea	C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:05  2138496  17d5cf8dcebf978319a29a7577327902	C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 15:23  1366016  d1f9335dd852e6c2e729e4167f40ab43	C:\WINDOWS\explorer.exe
2007-06-13 15:11  1033728  9b32416bd5988c97b6397ce0b02caf97	C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-03-02 14:00  1032704  53114d57ab73a406ac7f602227781a99	C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23  1033728  ed7b460b142a32097b8a8f6ecc941815	C:\WINDOWS\FlyakiteOSX\Backup\explorer.exe
2007-06-13 15:23  1366016  d1f9335dd852e6c2e729e4167f40ab43	C:\WINDOWS\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1686016]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"RK Launcher"="C:\Program Files\RK Launcher\RKLauncher.exe" [2005-10-19 09:40 393216]
"Alt+Q Hotkey Tool"="C:\WINDOWS\Alt+Q Hotkey.exe" [2005-12-18 21:14 27648]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-02-24 02:32 188416]
"WinRoll"="C:\Program Files\WinRoll\winroll.exe" [2006-01-02 00:27 15872]
"Yz Shadow"="C:\Program Files\YzShadow\YzShadow.exe" [2006-02-24 04:51 172032]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 16:50 1289000]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 11:40 270336]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-31 16:59 949376]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 07:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 07:03 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 01:41 118485]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-04-23 22:50 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"D:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"D:\\{D} Dokumenty\\Moje nešahat\\Hry\\Test Drive Umlimited\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TestDriveUnlimited.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-03 21:18]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
S3 GPU-Z;GPU-Z;C:\DOCUME~1\LUKSED~1\LOCALS~1\Temp\GPU-Z.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 15:41:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 14:47:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-04-28 14:50:47
ComboFix-quarantined-files.txt  2008-04-28 12:49:54

           Adresářů:    10,   Volných bajtů: 11,258,617,856
           Adresářů:    14,   Volných bajtů: 12,045,832,192

295	--- E O F ---	2008-04-09 06:55:41
Projekt Hacker l AMD Athlon 64 3200+ 2GHz@2,5GHz (255x10)l Asus M2NPV-MX l DDR2 2x1GB A-Data Extreme Edition 700MHz (3-3-3-6)l EAH2600XT 256MB DDR3 l WD Green 750GB l Samsung SpinPoint F1 1TB | Fortron SAGA400GLN 80+ l NEC 2070NX + Samsung 203B
NTB: Asus F3E

:heart: Phone: N900 Maemo 5 :heart:
Ryan
Čestný člen
Příspěvky: 316
Registrován: sob dub 21, 2007 11:05
Bydliště: tam kde je přístup k netu:-) / Českomoravská Vysočina
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Ryan »

Tak ještě poprosím o jeden log z ComboFixu, ale tentokrát s VUPNUTÝM antivirem a vůbec všemi ochranami. A ať je to také v nouzovém režimu... Také zkus odisntalovat Spyware Terminator jestli to nezabere. Ten soft je sice dobrý, ale hodně náladový.
Uživatelský avatar
Sedlo
Moderátor
Moderátor
Příspěvky: 1668
Registrován: čtv kvě 03, 2007 06:38
Bydliště: České Budějovice
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Sedlo »

Všechno to bylo vypnutý. Běžel jen Trillian. NOD32, AVG Anti-Spyware, Spyware terminator byly vyplí, na to jsem myslel. Jinak přiložím tedy ten log z nouzáku.
Edit: TAk to ho sem vkládám

Kód: Vybrat vše

ComboFix 08-04-27.2 - Lukáš Sedláček 2008-04-29 16:43:04.3 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.1.1029.18.804 [GMT 2:00]
Running from: C:\Documents and Settings\Lukáš Sedláček\Plocha\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-03-28 to 2008-04-29  )))))))))))))))))))))))))))))))
.

2008-04-29 16:14 . 2008-04-29 16:14	<DIR>	d--------	C:\Documents and Settings\Administrator
2008-04-28 21:50 . 2008-04-28 21:50	<DIR>	d--------	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\Nokia Multimedia Player
2008-04-28 17:17 . 2008-04-28 17:19	1	--a------	C:\WINDOWS\system32\sav80231.sys
2008-04-27 21:17 . 2008-04-27 21:17	<DIR>	d--------	C:\WINDOWS\system32\NtmsData
2008-04-27 20:50 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Common Files\PCSuite
2008-04-27 20:07 . 2008-04-27 20:07	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Nokia
2008-04-27 20:05 . 2008-04-27 20:05	<DIR>	d--------	C:\Program Files\MSXML 6.0
2008-04-27 19:53 . 2004-08-03 23:08	25,600	--a------	C:\WINDOWS\system32\drivers\usbser.sys
2008-04-27 19:53 . 2008-04-27 19:53	1,374	--a------	C:\WINDOWS\imsins.BAK
2008-04-27 19:53 . 2008-04-27 19:53	0	--ah-----	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-27 19:53 . 2008-04-27 19:53	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-27 19:52 . 2008-04-27 19:52	<DIR>	d--------	C:\Program Files\DIFX
2008-04-27 19:52 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Common Files\Nokia
2008-04-27 19:52 . 2008-04-27 19:53	<DIR>	d--------	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\PC Suite
2008-04-27 19:52 . 2008-04-27 19:52	<DIR>	d--------	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\Nokia
2008-04-27 19:52 . 2008-04-27 19:53	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\PC Suite
2008-04-27 19:52 . 2007-09-17 15:53	21,632	--a------	C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-27 19:51 . 2008-04-27 20:48	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE
2008-04-27 19:51 . 2008-04-27 19:51	<DIR>	d--------	C:\Program Files\PC Connectivity Solution
2008-04-27 19:51 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Nokia
2008-04-27 19:51 . 2008-04-27 20:05	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Installations
2008-04-27 19:51 . 2007-11-29 10:33	1,419,232	--a------	C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-27 19:51 . 2007-11-29 10:39	95,744	--a------	C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-27 19:51 . 2008-02-01 15:17	90,624	--a------	C:\WINDOWS\system32\nmwcdcls.dll
2008-04-27 19:51 . 2007-11-29 10:39	19,328	--a------	C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-27 19:51 . 2007-11-29 10:39	16,896	--a------	C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-27 19:51 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-27 19:51 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-24 16:24 . 2008-04-24 16:24	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Grisoft
2008-04-23 21:45 . 2006-09-05 18:03	3,968	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-21 13:58 . 2008-04-21 13:58	<DIR>	d--------	C:\Program Files\QIP
2008-04-16 21:02 . 2008-04-16 21:02	<DIR>	d--------	C:\Program Files\Microsoft ActiveSync
2008-04-16 21:02 . 2005-10-21 03:47	30,592	---------	C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-16 21:02 . 2005-10-21 03:47	12,800	---------	C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-16 06:55 . 2008-04-16 06:55	<DIR>	d--hs----	C:\found.000
2008-04-13 21:33 . 2008-04-13 21:33	<DIR>	d--------	C:\Program Files\AnvSoft Mobile Video Converter
2008-04-13 21:07 . 2004-08-03 23:10	85,376	--a------	C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-04-13 21:07 . 2004-08-03 23:10	19,328	--a------	C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-04-13 21:07 . 2004-08-17 15:49	16,384	--a------	C:\WINDOWS\system32\ipsink.ax
2008-04-13 21:07 . 2004-08-03 23:10	15,360	--a------	C:\WINDOWS\system32\drivers\StreamIP.sys
2008-04-13 21:07 . 2004-08-03 23:10	11,136	--a------	C:\WINDOWS\system32\drivers\SLIP.sys
2008-04-13 21:07 . 2004-08-03 23:10	10,880	--a------	C:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-13 21:07 . 2004-08-03 22:58	5,504	--a------	C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-13 21:06 . 2004-08-17 15:49	91,136	--a------	C:\WINDOWS\system32\kswdmcap.ax
2008-04-13 21:06 . 2004-08-17 15:49	61,952	--a------	C:\WINDOWS\system32\kstvtune.ax
2008-04-13 21:06 . 2004-08-17 15:49	54,272	--a------	C:\WINDOWS\system32\vfwwdm32.dll
2008-04-13 21:06 . 2004-08-03 23:10	51,328	--a------	C:\WINDOWS\system32\drivers\msdv.sys
2008-04-13 21:06 . 2004-08-17 15:49	43,008	--a------	C:\WINDOWS\system32\ksxbar.ax
2008-04-13 21:06 . 2004-08-17 15:49	28,672	--a------	C:\WINDOWS\system32\vidcap.ax
2008-04-13 21:06 . 2004-08-03 23:10	17,024	--a------	C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-04-13 21:00 . 2004-08-03 23:10	38,912	--a------	C:\WINDOWS\system32\drivers\avc.sys
2008-04-13 20:59 . 2004-08-03 23:10	48,128	--a------	C:\WINDOWS\system32\drivers\61883.sys
2008-04-13 20:13 . 2008-04-13 20:13	<DIR>	d--------	C:\Drivers
2008-04-13 20:13 . 2001-11-05 09:23	299,923	--a------	C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-04-13 20:13 . 2002-10-15 22:41	102,220	--a------	C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-04-13 20:13 . 2001-07-03 20:33	53,248	--a------	C:\WINDOWS\system32\SONYHCY.DLL
2008-04-13 20:13 . 2001-11-05 09:23	38,739	--a------	C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-04-13 20:13 . 2001-11-05 09:23	6,097	--a------	C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-04-13 20:13 . 2001-07-03 20:39	3,654	--a------	C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-04-13 20:12 . 1998-06-18 00:00	89,360	--a------	C:\WINDOWS\system32\VB5DB.DLL
2008-04-13 20:12 . 2003-12-03 17:44	13,566	---------	C:\WINDOWS\system32\drivers\cdrbsvsd.sys
2008-04-13 18:32 . 2004-08-03 23:10	61,056	--a------	C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:32 . 2004-08-03 23:10	53,248	--a------	C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:32 . 2001-08-17 21:46	6,400	--a------	C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-10 20:53 . 2008-04-28 21:50	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-04-10 20:53 . 2008-04-10 20:53	1,409	--a------	C:\WINDOWS\QTFont.for
2008-04-09 21:32 . 2008-04-09 21:32	394	--a------	C:\WINDOWS\capture.ini
2008-04-09 15:49 . 2008-04-09 15:49	<DIR>	d--------	C:\Documents and Settings\Luk Sedlek
2008-04-09 15:48 . 2008-04-09 15:48	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2008-04-09 15:35 . 2008-04-09 15:35	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared
2008-04-08 15:34 . 2008-04-08 15:34	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\GlobalSCAPE
2008-04-06 18:43 . 2008-04-06 18:43	<DIR>	d--------	C:\Temp
2008-04-01 21:07 . 2008-04-01 21:07	<DIR>	d--------	C:\Documents and Settings\Lukáš Sedláček\Data aplikací\NCH Software
2008-04-01 17:17 . 2008-04-09 15:36	<DIR>	d--------	C:\Program Files\Common Files\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
Projekt Hacker l AMD Athlon 64 3200+ 2GHz@2,5GHz (255x10)l Asus M2NPV-MX l DDR2 2x1GB A-Data Extreme Edition 700MHz (3-3-3-6)l EAH2600XT 256MB DDR3 l WD Green 750GB l Samsung SpinPoint F1 1TB | Fortron SAGA400GLN 80+ l NEC 2070NX + Samsung 203B
NTB: Asus F3E

:heart: Phone: N900 Maemo 5 :heart:
Ryan
Čestný člen
Příspěvky: 316
Registrován: sob dub 21, 2007 11:05
Bydliště: tam kde je přístup k netu:-) / Českomoravská Vysočina
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Ryan »

pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

Rootkit::
C:\WINDOWS\system32\sav80231.sys
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:

Obrázek

po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem :)
Uživatelský avatar
Sedlo
Moderátor
Moderátor
Příspěvky: 1668
Registrován: čtv kvě 03, 2007 06:38
Bydliště: České Budějovice
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Sedlo »

Combofix mám na ploše. jinak jsem udělal to co jsi psal. PC se restartnul a pak asi 10 minut něco chroustal ale žádná aplikace nebežela a žádnej log na mě nevybafl. Todle bylo vypsaný ve C:\Combofix\Combofix.txt

Kód: Vybrat vše

ComboFix 08-04-27.2 - Lukáš Sedláček 2008-05-04 18:01:12.5 - NTFSx86
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.1.1029.18.288 [GMT 2:00]
Running from: C:\Documents and Settings\Lukáš Sedláček\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lukáš Sedláček\Plocha\CFScript.txt.txt
 * Created a new restore point
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\sav80231.sys

.
(((((((((((((((((((((((((   Files Created from 2008-04-04 to 2008-05-04  )))))))))))))))))))))))))))))))
.

2008-05-04 18:02 . 2008-05-04 18:02	125	--a------	C:\Documents and Settings\Luk catchme.zip
2008-04-29 16:14 . 2008-04-29 16:14	<DIR>	d--------	C:\Documents and Settings\Administrator
2008-04-27 21:17 . 2008-04-27 21:17	<DIR>	d--------	C:\WINDOWS\system32\NtmsData
2008-04-27 20:50 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Common Files\PCSuite
2008-04-27 20:05 . 2008-04-27 20:05	<DIR>	d--------	C:\Program Files\MSXML 6.0
2008-04-27 19:53 . 2004-08-03 23:08	25,600	--a------	C:\WINDOWS\system32\drivers\usbser.sys
2008-04-27 19:53 . 2008-04-27 19:53	1,374	--a------	C:\WINDOWS\imsins.BAK
2008-04-27 19:53 . 2008-04-27 19:53	0	--ah-----	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-27 19:53 . 2008-04-27 19:53	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-27 19:52 . 2008-04-27 19:52	<DIR>	d--------	C:\Program Files\DIFX
2008-04-27 19:52 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Common Files\Nokia
2008-04-27 19:52 . 2007-09-17 15:53	21,632	--a------	C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-27 19:51 . 2008-04-27 20:48	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE
2008-04-27 19:51 . 2008-04-27 19:51	<DIR>	d--------	C:\Program Files\PC Connectivity Solution
2008-04-27 19:51 . 2008-04-27 20:50	<DIR>	d--------	C:\Program Files\Nokia
2008-04-27 19:51 . 2007-11-29 10:33	1,419,232	--a------	C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-27 19:51 . 2007-11-29 10:39	95,744	--a------	C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-27 19:51 . 2008-02-01 15:17	90,624	--a------	C:\WINDOWS\system32\nmwcdcls.dll
2008-04-27 19:51 . 2007-11-29 10:39	19,328	--a------	C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-27 19:51 . 2007-11-29 10:39	16,896	--a------	C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-27 19:51 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-27 19:51 . 2007-11-29 10:39	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-23 21:45 . 2006-09-05 18:03	3,968	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-21 13:58 . 2008-04-21 13:58	<DIR>	d--------	C:\Program Files\QIP
2008-04-16 21:02 . 2008-04-16 21:02	<DIR>	d--------	C:\Program Files\Microsoft ActiveSync
2008-04-16 21:02 . 2005-10-21 03:47	30,592	---------	C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-16 21:02 . 2005-10-21 03:47	12,800	---------	C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-16 06:55 . 2008-04-16 06:55	<DIR>	d--hs----	C:\found.000
2008-04-13 21:33 . 2008-04-13 21:33	<DIR>	d--------	C:\Program Files\AnvSoft Mobile Video Converter
2008-04-13 21:07 . 2004-08-03 23:10	85,376	--a------	C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-04-13 21:07 . 2004-08-03 23:10	19,328	--a------	C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-04-13 21:07 . 2004-08-17 15:49	16,384	--a------	C:\WINDOWS\system32\ipsink.ax
2008-04-13 21:07 . 2004-08-03 23:10	15,360	--a------	C:\WINDOWS\system32\drivers\StreamIP.sys
2008-04-13 21:07 . 2004-08-03 23:10	11,136	--a------	C:\WINDOWS\system32\drivers\SLIP.sys
2008-04-13 21:07 . 2004-08-03 23:10	10,880	--a------	C:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-13 21:07 . 2004-08-03 22:58	5,504	--a------	C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-13 21:06 . 2004-08-17 15:49	91,136	--a------	C:\WINDOWS\system32\kswdmcap.ax
2008-04-13 21:06 . 2004-08-17 15:49	61,952	--a------	C:\WINDOWS\system32\kstvtune.ax
2008-04-13 21:06 . 2004-08-17 15:49	54,272	--a------	C:\WINDOWS\system32\vfwwdm32.dll
2008-04-13 21:06 . 2004-08-03 23:10	51,328	--a------	C:\WINDOWS\system32\drivers\msdv.sys
2008-04-13 21:06 . 2004-08-17 15:49	43,008	--a------	C:\WINDOWS\system32\ksxbar.ax
2008-04-13 21:06 . 2004-08-17 15:49	28,672	--a------	C:\WINDOWS\system32\vidcap.ax
2008-04-13 21:06 . 2004-08-03 23:10	17,024	--a------	C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-04-13 21:00 . 2004-08-03 23:10	38,912	--a------	C:\WINDOWS\system32\drivers\avc.sys
2008-04-13 20:59 . 2004-08-03 23:10	48,128	--a------	C:\WINDOWS\system32\drivers\61883.sys
2008-04-13 20:13 . 2008-04-13 20:13	<DIR>	d--------	C:\Drivers
2008-04-13 20:13 . 2001-11-05 09:23	299,923	--a------	C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-04-13 20:13 . 2002-10-15 22:41	102,220	--a------	C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-04-13 20:13 . 2001-07-03 20:33	53,248	--a------	C:\WINDOWS\system32\SONYHCY.DLL
2008-04-13 20:13 . 2001-11-05 09:23	38,739	--a------	C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-04-13 20:13 . 2001-11-05 09:23	6,097	--a------	C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-04-13 20:13 . 2001-07-03 20:39	3,654	--a------	C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-04-13 20:12 . 1998-06-18 00:00	89,360	--a------	C:\WINDOWS\system32\VB5DB.DLL
2008-04-13 20:12 . 2003-12-03 17:44	13,566	---------	C:\WINDOWS\system32\drivers\cdrbsvsd.sys
2008-04-13 18:32 . 2004-08-03 23:10	61,056	--a------	C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:32 . 2004-08-03 23:10	53,248	--a------	C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:32 . 2001-08-17 21:46	6,400	--a------	C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-10 20:53 . 2008-04-28 21:50	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-04-10 20:53 . 2008-04-10 20:53	1,409	--a------	C:\WINDOWS\QTFont.for
2008-04-09 21:32 . 2008-04-09 21:32	394	--a------	C:\WINDOWS\capture.ini
2008-04-09 15:49 . 2008-04-09 15:49	<DIR>	d--------	C:\Documents and Settings\Luk Sedlek
2008-04-09 15:35 . 2008-04-09 15:35	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared
2008-04-06 18:43 . 2008-04-06 18:43	<DIR>	d--------	C:\Temp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 15:42	---------	d-----w	C:\Program Files\ICQToolbar
2008-04-21 15:23	---------	d-----w	C:\Program Files\Spyware Terminator
2008-04-20 15:32	---------	d-----w	C:\Program Files\ICQLite
2008-04-13 19:47	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-04-09 13:36	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-03-20 11:49	---------	d-----w	C:\Program Files\Track Mania
2008-03-20 08:09	1,845,248	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-19 20:56	---------	d-----w	C:\Program Files\Java
2008-03-19 11:17	---------	d-----w	C:\Program Files\Apple Software Update
2008-03-18 10:49	---------	d-----w	C:\Program Files\Crawler
2008-03-13 18:32	---------	d-----w	C:\Program Files\K-Lite Codec Pack
2008-03-11 17:56	---------	d-----w	C:\Program Files\MagicISO
2008-03-11 15:53	---------	d-----w	C:\Program Files\Skype
2008-03-11 15:53	---------	d-----w	C:\Program Files\Common Files\Skype
2008-03-10 18:56	---------	d-----w	C:\Program Files\ATI Technologies
2008-03-10 18:24	86,016	----a-w	C:\WINDOWS\system32\OpenAL32.dll
2008-03-10 18:24	262,144	----a-w	C:\WINDOWS\system32\wrap_oal.dll
2008-03-09 20:26	---------	d-----w	C:\Program Files\QuickTime
2008-03-06 09:14	831,048	----a-w	C:\WINDOWS\system32\WudfUpdate_01005.dll
2008-03-04 16:34	2,138,496	----a-w	C:\WINDOWS\system32\ntoskrnl.exe
2008-03-04 16:34	2,015,744	----a-w	C:\WINDOWS\system32\ntkrnlpa.exe
2008-03-04 16:34	---------	d-----w	C:\Program Files\YzShadow
2008-03-04 16:34	---------	d-----w	C:\Program Files\WinRoll
2008-03-04 16:34	---------	d-----w	C:\Program Files\UberIcon
2008-03-04 16:34	---------	d-----w	C:\Program Files\Tiger System Preferences v2
2008-03-04 16:34	---------	d-----w	C:\Program Files\RK Launcher
2008-03-04 16:34	---------	d-----w	C:\Program Files\ObjectDock
2008-03-04 16:34	---------	d-----w	C:\Program Files\iColorFolder
2008-03-04 16:32	219,648	----a-w	C:\WINDOWS\system32\uxtheme.dll
2008-03-01 13:02	803,840	----a-w	C:\WINDOWS\system32\wininet.dll
2008-02-26 03:12	372,736	----a-w	C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10	307,200	----a-w	C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10	299,520	----a-w	C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02	172,032	----a-w	C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02	126,976	----a-w	C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01	43,520	----a-w	C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01	26,112	----a-w	C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01	126,976	----a-w	C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00	520,192	----a-w	C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59	9,797,632	----a-w	C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58	53,248	----a-w	C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49	3,176,480	----a-w	C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41	1,755,264	----a-w	C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29	46,080	----a-w	C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25	393,216	----a-w	C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23	17,408	----a-w	C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:19	167,936	----a-w	C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16	520,192	----a-w	C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05	593,920	------w	C:\WINDOWS\system32\ati2sgag.exe
2008-02-20 06:51	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
.

------- Sigcheck -------

2005-03-02 20:21  577024  3ef380290ce2ca8598e475ceac4adb13	C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:51  578048  5393076fdcd6daeb82814688dde3e9a2	C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:18  577024  9267bc598e271bc3fa69f36cf1c8bd36	C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:38  577536  43240b12d220f30c7c75ea69b2e806b0	C:\WINDOWS\FlyakiteOSX\Backup\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\053a8d720f751c64c56fbe8b6600daef\backup\sp2gdr\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\053a8d720f751c64c56fbe8b6600daef\backup\sp2qfe\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2gdr\user32.dll
2006-03-02 14:00  577024  1b4ccc59980da34e75f20e42b283b027	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2qfe\user32.dll
2007-03-08 17:38  577024  371331934ed7d5e1687a438db0669822	C:\WINDOWS\system32\user32.dll
2007-03-08 17:38  577024  371331934ed7d5e1687a438db0669822	C:\WINDOWS\system32\dllcache\user32.dll

2007-10-11 01:41  825344  3c48d8efa3ffa68f7aeaaaffab6b9cb3	C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:59  825344  32cc73f851f377b035a5b8216cac63ce	C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:35  827392  46a1a52eb6c86344c6ebf65b17404c90	C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-03-01 15:02  826368  4b0d8a282e0bef3e52b8b6449d8473dd	C:\WINDOWS\FlyakiteOSX\Backup\wininet.dll
2006-03-02 14:00  657408  50d263e3454e8357d13bb598129185ad	C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03  818688  92995334f993e6e49c25c6d02ec04401	C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:50  824832  c543cc3d7a05fb0d23107c89115811a0	C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:14  802304  a2b21644a9d317c9de04cdbf83c4afc6	C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 15:02  803840  71ba5f36c9f5b989ece61f4fd53fbb69	C:\WINDOWS\system32\wininet.dll
2008-03-01 15:02  803840  71ba5f36c9f5b989ece61f4fd53fbb69	C:\WINDOWS\system32\dllcache\wininet.dll

2005-03-02 20:14  2059008  9355304dd565e23f8ee294720b2c03e5	C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:09  2061568  a873ff1754e2a81cb1a34588cab363d6	C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2006-03-02 14:00  2059008  e86dd06f2b8f919ddf23f78a3bf2aa23	C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08  2059008  e32780e8939338b80edff39e2314c223	C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:05  2059776  c80bca19aa7d4dc37857e9f8250756da	C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:05  2059776  c80bca19aa7d4dc37857e9f8250756da	C:\WINDOWS\FlyakiteOSX\Backup\ntkrnlpa.exe
2006-03-02 14:00  2059008  e86dd06f2b8f919ddf23f78a3bf2aa23	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2gdr\ntkrnlpa.exe
2004-08-17 16:45  2059008  e86dd06f2b8f919ddf23f78a3bf2aa23	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2qfe\ntkrnlpa.exe
2008-03-04 18:34  2015744  cf46faaf70830d24390a10d2ea93e14b	C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:05  2015744  268c1e0edfd6e791dcb817382a5964fd	C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 20:14  2181632  7fabe135eac02a4bc8094b831adc0cc3	C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:09  2184320  d40b4f66d877802ec5e655b91b5490fa	C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-03-02 14:00  2183168  12c80e46dcec9b82473d1b1b9da1f16b	C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09  2181504  b0dae70164cc79d1289ef3530a3646f1	C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:05  2182528  c09ca7faffc40bbfaceeb9f0f429f673	C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:05  2182528  c09ca7faffc40bbfaceeb9f0f429f673	C:\WINDOWS\FlyakiteOSX\Backup\ntoskrnl.exe
2006-03-02 14:00  2183168  12c80e46dcec9b82473d1b1b9da1f16b	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2gdr\ntoskrnl.exe
2004-08-17 16:45  2183168  12c80e46dcec9b82473d1b1b9da1f16b	C:\WINDOWS\SoftwareDistribution\Download\29ef1050760378dde1308339cd54188f\backup\sp2qfe\ntoskrnl.exe
2008-03-04 18:34  2138496  504a8bdf615d102e538b5d86d462daea	C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:05  2138496  17d5cf8dcebf978319a29a7577327902	C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 15:23  1366016  d1f9335dd852e6c2e729e4167f40ab43	C:\WINDOWS\explorer.exe
2007-06-13 15:11  1033728  9b32416bd5988c97b6397ce0b02caf97	C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-03-02 14:00  1032704  53114d57ab73a406ac7f602227781a99	C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23  1033728  ed7b460b142a32097b8a8f6ecc941815	C:\WINDOWS\FlyakiteOSX\Backup\explorer.exe
2007-06-13 15:23  1366016  d1f9335dd852e6c2e729e4167f40ab43	C:\WINDOWS\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((   snapshot@2008-04-28_14.49.40,03   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-28 12:08:11	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-05-04 16:04:03	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
- 2006-12-04 12:37:58	1,317,648	----a-w	C:\WINDOWS\system32\msxml6.dll
+ 2007-05-15 13:43:10	1,320,800	----a-w	C:\WINDOWS\system32\msxml6.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1686016]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"RK Launcher"="C:\Program Files\RK Launcher\RKLauncher.exe" [2005-10-19 09:40 393216]
"Alt+Q Hotkey Tool"="C:\WINDOWS\Alt+Q Hotkey.exe" [2005-12-18 21:14 27648]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-02-24 02:32 188416]
"WinRoll"="C:\Program Files\WinRoll\winroll.exe" [2006-01-02 00:27 15872]
"Yz Shadow"="C:\Program Files\YzShadow\YzShadow.exe" [2006-02-24 04:51 172032]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 16:50 1289000]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 11:40 270336]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-31 16:59 949376]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 07:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 07:03 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 01:41 118485]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-04-23 22:50 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"D:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-03 21:18]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
S3 GPU-Z;GPU-Z;C:\DOCUME~1\LUKSED~1\LOCALS~1\Temp\GPU-Z.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 15:41:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Projekt Hacker l AMD Athlon 64 3200+ 2GHz@2,5GHz (255x10)l Asus M2NPV-MX l DDR2 2x1GB A-Data Extreme Edition 700MHz (3-3-3-6)l EAH2600XT 256MB DDR3 l WD Green 750GB l Samsung SpinPoint F1 1TB | Fortron SAGA400GLN 80+ l NEC 2070NX + Samsung 203B
NTB: Asus F3E

:heart: Phone: N900 Maemo 5 :heart:
Ryan
Čestný člen
Příspěvky: 316
Registrován: sob dub 21, 2007 11:05
Bydliště: tam kde je přístup k netu:-) / Českomoravská Vysočina
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Ryan »

provedl jsi to dobře. co teď PC?
Uživatelský avatar
Sedlo
Moderátor
Moderátor
Příspěvky: 1668
Registrován: čtv kvě 03, 2007 06:38
Bydliště: České Budějovice
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Sedlo »

No PC je v pohodě, přestalo to trhání při otevírání opery,... Řeknu tak zítra jestli se to celkově zlepšilo. Na to je těd ještě brzo.
Projekt Hacker l AMD Athlon 64 3200+ 2GHz@2,5GHz (255x10)l Asus M2NPV-MX l DDR2 2x1GB A-Data Extreme Edition 700MHz (3-3-3-6)l EAH2600XT 256MB DDR3 l WD Green 750GB l Samsung SpinPoint F1 1TB | Fortron SAGA400GLN 80+ l NEC 2070NX + Samsung 203B
NTB: Asus F3E

:heart: Phone: N900 Maemo 5 :heart:
Ryan
Čestný člen
Příspěvky: 316
Registrován: sob dub 21, 2007 11:05
Bydliště: tam kde je přístup k netu:-) / Českomoravská Vysočina
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Ryan »

šlo o rootkit, tak doufejme, že to bude opravdu OK
Uživatelský avatar
Sedlo
Moderátor
Moderátor
Příspěvky: 1668
Registrován: čtv kvě 03, 2007 06:38
Bydliště: České Budějovice
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Sedlo »

Vypadá to že je to už v pohodě, takže ti patří moje velký DÍKY :ups: :ups:
Projekt Hacker l AMD Athlon 64 3200+ 2GHz@2,5GHz (255x10)l Asus M2NPV-MX l DDR2 2x1GB A-Data Extreme Edition 700MHz (3-3-3-6)l EAH2600XT 256MB DDR3 l WD Green 750GB l Samsung SpinPoint F1 1TB | Fortron SAGA400GLN 80+ l NEC 2070NX + Samsung 203B
NTB: Asus F3E

:heart: Phone: N900 Maemo 5 :heart:
Ryan
Čestný člen
Příspěvky: 316
Registrován: sob dub 21, 2007 11:05
Bydliště: tam kde je přístup k netu:-) / Českomoravská Vysočina
Kontaktovat uživatele:

Re: PC není v pohodě

Příspěvek od Ryan »

rád jsem pomohl;-) ať se vede!
Odpovědět