ok a AV: Spyware Doctor,szed le a geprol,
es majd meglatod hogy mi van,
nincsen mit,

Jelenleg most nem produkál kékhalálokat, de volt olyan, hogy egy hét után kezdte el, de aznap vagy 10 kékhalál volt. Most tesztelem egy hétig. Nyúzom mint az örült.Remélem jó lett és köszönöm szépen a segítségedet.

kerdeztem ,hogy mukszik a gep,van e meg problem??

No, íme a combofix reportja:

ComboFix 09-12-06.01 - Máté Balázs 009.12.07. 18:11.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.3327.2827 [GMT 1:00]
Running from: C:\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
* Resident AV is active

.
Error: Cfiles.dat

((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 15:24 . 2009-12-07 15:24 150181 ----a-w- C:\sfcdrvrem.zip
2009-12-06 22:46 . 2009-12-06 22:46 50621 ----a-w- C:\Defogger.exe
2009-12-06 17:08 . 2009-12-06 17:08 3581982 ----a-r- C:\ComboFix.exe
2009-12-06 14:33 . 2007-09-12 13:11 765952 ----a-w- c:\windows\OALInst.exe
2009-12-06 14:33 . 2008-03-18 16:02 22833304 ----a-w- c:\windows\system32\AppSetup.exe
2009-12-06 14:33 . 2006-07-03 11:55 53248 ----a-w- c:\windows\resdef.exe
2009-12-06 14:33 . 2006-07-03 11:43 10752 ----a-w- c:\windows\system32\SPIRun.dll
2009-12-06 14:33 . 2006-06-02 10:08 197632 ----a-w- c:\windows\SF32.exe
2009-12-06 14:33 . 2003-10-02 17:48 53248 ----a-w- c:\windows\system32\P17CPI.dll
2009-12-06 14:31 . 1999-12-13 00:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2009-12-06 14:31 . 1999-11-18 00:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2009-12-06 14:24 . 2009-12-06 14:29 65612416 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Sound Blaster X-Fi Xtreme Audio Pack 1.04.0079__\XFXA_PCDRV_LB_1_04_0079.exe
2009-12-05 21:07 . 2009-12-05 23:02 -------- d-----w- c:\program files\RegCure
2009-12-05 15:20 . 2009-12-05 15:20 -------- d-----w- c:\program files\VideoLAN
2009-12-05 13:26 . 2009-12-05 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2009-12-05 13:24 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2009-12-05 13:24 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2009-12-05 13:24 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2009-12-05 13:24 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2009-12-05 13:24 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-12-05 13:24 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2009-12-05 13:24 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2009-12-05 13:24 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2009-12-05 13:24 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2009-12-05 13:24 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2009-12-05 13:24 . 2009-12-05 13:24 -------- d-----w- c:\program files\BRS
2009-11-28 10:28 . 2009-11-28 10:28 -------- d-----w- c:\program files\Common Files\Skype
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\DCoder Image Source
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\SHOUTcast Source
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\CD Audio Reader Filter
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\Gabest MPEG Splitter
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\RealMedia
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\DScaler5
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\AC3Filter
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\DirectVobSub
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\Haali
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\Bass Audio Decoder
2009-11-25 10:41 . 2008-12-17 18:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\ffdshow
2009-11-25 10:41 . 2008-12-11 12:26 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-11-25 10:40 . 2009-12-05 15:16 -------- d-----w- c:\program files\Zoom Player
2009-11-24 15:18 . 2009-11-24 15:18 -------- d--h--w- c:\windows\msdownld.tmp
2009-11-22 13:43 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 13:43 . 2009-11-22 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-22 13:43 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 13:43 . 2009-11-22 13:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 21:44 . 2009-12-06 14:23 -------- d-----w- c:\program files\InCode Solutions
2009-11-21 19:30 . 2009-11-21 19:30 -------- d-----w- c:\program files\CleanUp!
2009-11-18 19:20 . 2009-11-18 19:21 -------- d-----w- c:\program files\Flobo HDDBadSectorRepair
2009-11-18 11:58 . 2009-11-18 11:58 -------- d-----w- c:\program files\Common Files\Creative
2009-11-18 11:57 . 2007-10-10 18:31 1664384 ----a-w- c:\windows\system32\drivers\p17xfilt.sys
2009-11-18 11:57 . 2006-01-25 13:55 137728 ----a-w- c:\windows\system32\P17res.dll
2009-11-18 11:57 . 2003-04-01 23:13 139264 ----a-r- c:\windows\system32\EAX.DLL
2009-11-18 11:57 . 2007-11-21 16:06 1174528 ----a-w- c:\windows\system32\drivers\P17xfi.sys
2009-11-18 11:57 . 2004-12-22 18:58 8704 ----a-w- c:\windows\system32\drivers\Pfmodnt.sys
2009-11-15 10:12 . 2009-11-15 10:12 -------- d-----w- c:\program files\Common Files\CyberLink
2009-11-15 10:10 . 2009-11-15 10:09 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-11-15 10:10 . 2009-11-15 10:09 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-11-14 21:54 . 2009-11-17 11:08 -------- d-----w- c:\program files\Registry Winner
2009-11-14 21:45 . 2009-11-14 21:46 -------- d-----w- c:\program files\WhoCrashed
2009-11-14 14:42 . 2009-11-14 14:42 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-13 20:49 . 2009-11-13 20:49 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-12 16:42 . 2009-11-12 16:42 -------- d-----w- c:\windows\system32\AGEIA
2009-11-12 16:42 . 2009-11-12 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-12 16:41 . 2009-11-12 16:42 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-12 16:41 . 2009-11-12 16:41 -------- d-----w- C:\NVIDIA
2009-11-12 15:52 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-12 15:52 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-12 15:52 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-12 15:52 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-12 15:52 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-12 15:52 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-12 15:52 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 17:03 . 2009-09-30 12:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-07 17:03 . 2009-10-22 12:46 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-12-07 15:45 . 2008-10-20 08:43 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 1
2009-12-06 14:35 . 2009-06-25 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-12-06 14:34 . 2008-08-30 09:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-06 14:33 . 2009-08-29 20:50 -------- d-----w- c:\program files\Creative
2009-12-06 14:32 . 2009-06-25 16:39 -------- d--h--w- c:\program files\Creative Installation Information
2009-12-05 21:58 . 2009-09-18 12:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-05 13:23 . 2009-02-12 11:43 -------- d-----w- c:\program files\OpenAL
2009-12-05 13:23 . 2008-08-30 12:41 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-05 13:23 . 2003-10-14 03:53 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-02 14:49 . 2009-09-18 12:54 -------- d-----w- c:\program files\Spyware Doctor
2009-11-28 12:21 . 2008-09-07 14:10 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-28 12:12 . 2008-09-07 14:11 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-28 10:28 . 2009-02-25 14:54 -------- d-----r- c:\program files\Skype
2009-11-28 10:28 . 2008-09-04 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-25 10:52 . 2008-08-30 18:51 -------- d-----w- c:\program files\GRETECH
2009-11-23 18:19 . 2008-10-06 08:46 -------- d-----w- c:\program files\Java
2009-11-23 18:19 . 2004-08-18 12:00 526546 ----a-w- c:\windows\system32\perfh00E.dat
2009-11-23 18:19 . 2004-08-18 12:00 131798 ----a-w- c:\windows\system32\perfc00E.dat
2009-11-21 21:34 . 2008-09-02 16:08 -------- d-----w- c:\program files\BCDC++
2009-11-18 19:43 . 2009-10-27 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-15 10:18 . 2008-09-11 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-15 10:10 . 2008-09-11 11:37 -------- d-----w- c:\program files\CyberLink
2009-11-14 21:12 . 2008-12-18 18:59 -------- d-----w- c:\program files\Setup Files
2009-11-14 14:47 . 2009-02-15 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-13 23:04 . 2009-09-27 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-13 18:40 . 2008-09-19 06:48 -------- d-----w- c:\program files\Lavalys
2009-11-13 18:12 . 2009-09-28 21:18 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-11-13 18:12 . 2008-09-10 18:53 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-11-12 16:42 . 2008-10-07 10:27 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-12 16:42 . 2008-10-23 21:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-08 14:27 . 2009-01-08 10:51 -------- d-----w- c:\program files\Windows Live
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-10-29 16:03 . 2009-10-29 16:03 -------- d-----w- c:\program files\CCleaner
2009-10-28 21:43 . 2008-09-11 08:39 -------- d-----w- c:\program files\Common Files\Apple
2009-10-20 20:17 . 2009-03-16 14:35 58468 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-16 20:33 . 2008-09-07 14:10 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-11 03:17 . 2008-11-19 12:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 13:57 . 2007-10-09 12:03 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2004-08-18 12:00 22016 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2004-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-09-27 17:20 . 2009-09-27 17:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 17:20 . 2009-09-27 17:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 17:19 . 2009-09-27 17:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 17:19 . 2009-09-27 17:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 17:19 . 2009-09-27 17:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 17:19 . 2009-09-27 17:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 17:19 . 2009-09-27 17:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 17:19 . 2009-09-27 17:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 17:19 . 2009-09-27 17:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 17:19 . 2009-09-27 17:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 17:19 . 2009-09-27 17:19 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 17:19 . 2009-09-27 17:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 17:19 . 2009-09-27 17:19 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 15:12 . 2009-09-27 15:12 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 15:12 . 2009-09-27 15:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 15:12 . 2009-09-27 15:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 15:12 . 2009-09-27 15:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 15:12 . 2009-09-27 15:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-27 15:12 . 2009-04-30 20:02 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 15:12 . 2008-05-16 12:01 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:12 . 2008-05-16 12:01 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-25 21:45 . 2009-09-25 15:37 573472 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-25 21:45 . 2009-09-25 15:37 23328 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-20 14:08 . 2009-09-20 14:08 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-09-20 12:31 . 2009-09-20 12:31 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-09-14 12:03 . 2009-09-08 10:28 2729092 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-09-11 14:19 . 2004-08-18 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-05_22.21.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-07 17:03 . 2009-12-07 17:03 16384 c:\windows\temp\Perflib_Perfdata_55c.dat
+ 2008-06-27 16:04 . 2005-12-08 10:54 21504 c:\windows\system32\sfman32.dll
- 2008-06-27 16:04 . 2005-12-08 03:54 21504 c:\windows\system32\sfman32.dll
+ 2009-12-06 14:33 . 2006-07-03 11:43 10752 c:\windows\system32\ReinstallBackups\0057\DriverFiles\SPIRun.dll
+ 2009-12-06 14:33 . 2003-10-02 17:48 53248 c:\windows\system32\ReinstallBackups\0057\DriverFiles\P17CPI.dll
+ 2009-12-06 14:33 . 2008-04-14 17:02 23552 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\wdmaud.drv
+ 2009-12-06 14:33 . 2008-04-13 10:45 49408 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\stream.sys
+ 2009-12-06 14:33 . 2008-04-13 10:45 60160 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\drmk.sys
+ 2009-12-06 14:33 . 2002-04-10 17:41 65536 c:\windows\system32\ReinstallBackups\0057\DriverFiles\A3d.dll
+ 2009-12-06 14:34 . 2005-12-08 03:54 21504 c:\windows\system32\ReinstallBackups\0053\DriverFiles\W2KXPDRV\sfman32.dll
+ 2008-06-27 16:26 . 2002-04-11 00:41 65536 c:\windows\system32\dllcache\a3d.dll
- 2008-06-27 16:26 . 2002-04-10 17:41 65536 c:\windows\system32\dllcache\a3d.dll
+ 2008-06-27 16:26 . 2002-04-11 00:41 65536 c:\windows\system32\A3d.dll
- 2008-06-27 16:26 . 2002-04-10 17:41 65536 c:\windows\system32\A3d.dll
+ 2009-12-06 14:33 . 2004-12-22 11:58 8704 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\Pfmodnt.sys
+ 2009-12-06 14:33 . 2008-04-14 07:01 4096 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\ksuser.dll
+ 2009-12-06 21:42 . 2009-12-06 21:42 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2009-12-04 21:58 . 2009-12-04 21:58 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2008-06-27 16:04 . 2005-12-08 03:54 120832 c:\windows\system32\sfms32.dll
+ 2008-06-27 16:04 . 2005-12-08 10:54 120832 c:\windows\system32\sfms32.dll
+ 2009-12-06 14:33 . 2006-01-25 06:55 137728 c:\windows\system32\ReinstallBackups\0057\DriverFiles\P17res.dll
+ 2009-12-06 14:33 . 2007-05-08 00:59 137216 c:\windows\system32\ReinstallBackups\0057\DriverFiles\OemSpi.dll
+ 2009-12-06 14:33 . 2008-04-13 11:19 146048 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\portcls.sys
+ 2009-12-06 14:33 . 2008-04-13 11:16 141056 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\ks.sys
+ 2009-12-06 14:33 . 2005-06-27 10:37 133632 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\CtDvInst.dll
+ 2009-12-06 14:34 . 2005-12-08 03:54 120832 c:\windows\system32\ReinstallBackups\0053\DriverFiles\W2KXPDRV\sfms32.dll
+ 2009-12-06 14:34 . 2006-08-07 11:30 162176 c:\windows\system32\ReinstallBackups\0053\DriverFiles\W2KXPDRV\ctusfsyn.sys
+ 2009-12-06 14:34 . 2005-12-08 03:54 142336 c:\windows\system32\ReinstallBackups\0053\DriverFiles\W2KXPDRV\ctsfm2k.sys
+ 2009-12-06 14:34 . 2005-12-08 03:54 114688 c:\windows\system32\ReinstallBackups\0053\DriverFiles\W2KXPDRV\ctoss2k.sys
+ 2009-03-11 08:53 . 2009-12-07 17:04 224388 c:\windows\system32\inetsrv\MetaBase.bin
- 2004-08-18 12:00 . 2009-09-19 23:24 361600 c:\windows\system32\drivers\TCPIP.SYS
+ 2004-08-18 12:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
- 2009-06-25 16:38 . 2006-08-07 11:30 162176 c:\windows\system32\drivers\ctusfsyn.sys
+ 2009-06-25 16:38 . 2006-08-07 18:30 162176 c:\windows\system32\drivers\ctusfsyn.sys
+ 2008-07-07 09:34 . 2005-12-08 10:54 142336 c:\windows\system32\drivers\ctsfm2k.sys
- 2008-07-07 09:34 . 2005-12-08 03:54 142336 c:\windows\system32\drivers\ctsfm2k.sys
+ 2008-07-07 09:33 . 2005-12-08 10:54 114688 c:\windows\system32\drivers\ctoss2k.sys
- 2008-07-07 09:33 . 2005-12-08 03:54 114688 c:\windows\system32\drivers\ctoss2k.sys
+ 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
- 2008-06-20 11:51 . 2009-09-19 23:24 361600 c:\windows\system32\dllcache\TCPIP.SYS
- 2007-10-16 16:59 . 2007-10-16 16:59 171520 c:\windows\system32\CtDvIns1.dll
+ 2007-10-16 16:59 . 2007-10-16 17:59 171520 c:\windows\system32\CtDvIns1.dll
+ 2009-12-06 14:33 . 2007-03-22 16:35 1659008 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\p17xfilt.sys
+ 2009-12-06 14:33 . 2006-09-25 09:58 1173504 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\P17xfi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"PC Suite Tray"="h:\nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-29 949376]
"DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-05-04 354312]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-05-04 2817544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"P17Helper"="SPIRun.dll" [2006-07-03 10752]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\M t‚ Bal zs\Start Menu\Programs\Indˇt˘pult\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2009-9-17 192512]
ExifLauncher2.lnk - h:\fiji1000fd\QuickDCF2.exe [2008-12-23 303104]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-9-11 118784]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Steam\\SteamApps\\wogwog\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\UPS\\Upsman\\upsman.exe"=
"c:\\Program Files\\UPS\\Upsman\\www\\ServiceDriver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\BCDC++\\DCPlusPlus.exe"=
"d:\\Steam\\SteamApps\\wogwog\\day of defeat source\\hl2.exe"=
"h:\\Crysis special edition\\Bin32\\Crysis.exe"=
"h:\\Crysis special edition\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"d:\\Steam\\SteamApps\\wogwog\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\half-life deathmatch source\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\source sdk base\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"d:\\Steam\\SteamApps\\wogwog\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"h:\\Burnout Paradise\\BurnoutLauncher.exe"=
"h:\\Burnout Paradise\\BurnoutConfigTool.exe"=
"h:\\Burnout Paradise\\BurnoutParadise.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Máté Balázs\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"i:\\KOD2\\CoD2MP_s.exe"=
"h:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"h:\\World of Warcraft\\BackgroundDownloader.exe"=
"h:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"h:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"h:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"h:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"h:\\KOD4\\iw3mp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"h:\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"i:\\Dirt2\\dirt2_game.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009.09.18. 13:54 206256]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009.09.18. 14:02 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009.09.18. 14:02 39200]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009.08.29. 1:43 15424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009.09.18. 13:54 159600]
R2 qHTTPs;UPSMAN HTTP;c:\program files\UPS\Upsman\www\ServiceDriver.exe [2009.09.09. 13:57 225353]
R2 UPSMan;UPSMan;c:\program files\UPS\Upsman\upsman.exe [2009.09.09. 13:57 2990165]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009.05.13. 19:00 12032]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008.09.05. 12:39 717296]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008.06.27. 19:21 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008.06.27. 19:21 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008.06.27. 19:21 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008.06.27. 19:21 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008.06.27. 19:21 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008.06.27. 19:21 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008.06.27. 19:21 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008.06.27. 19:21 566296]
S3 FIXUSTOR;FIXUSTOR; [x]
S3 MsibiosDevice;MsibiosDevice;c:\program files\MSI\Live Update 4\LU4\msibios.sys [2009.09.14. 17:16 18432]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009.09.18. 13:54 64392]
S3 RTCore32;RTCore32;c:\program files\RightMark Memory Analyzer\RTCore32.sys [2008.10.18. 20:42 4608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009.09.18. 13:54 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009.09.18. 14:02 33056]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.freemail.hu
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Máté Balázs\Application Data\Mozilla\Firefox\Profiles\ukn1m0f3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.freemail.hu/
FF - component: c:\program files\Mozilla Firefox 3.1 Beta 1\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\imon.dll
.
Completion time: 2009-12-07 18:22
ComboFix-quarantined-files.txt 2009-12-07 17:21
ComboFix2.txt 2009-12-06 17:38
ComboFix3.txt 2009-12-05 22:23

Pre-Run: 2 738 917 376 bájt szabad
Post-Run: 2 726 440 960 bájt szabad

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B3AD47586995379A3C9EE293F9B27904

Ja, amit legutóbb írtál, azt megcsináltam. Akkor futtatom a combofixet.

igen lefutathatod a combofixet,de olvasd azt is el amit irok,,nem kel kapkodni,,

Megcsináltam, de log file-t nem csinált ez a program. Újra combofix-el nézzem át?

Már csinálom is.

http://leteckaposta.cz/file/614758123.1 ... 4f6653b751
tolds le-csomagold ki,es futasd az exe falylot..restart,aztan kapcsold be visza a Daemont futatod a defoggert-klik reenable>>restart aztan ird le mi a helyzet a gepel,

Megvan, és itt az eredmény:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8B6BC8E0]<<
kernel: MBR read successfully
user & kernel MBR OK

es mit nem ertel a futatasba masold be ezt a sort,textet,parancsot a mit vastagon van kiirva

cmd /c mbr.exe -t >log.txt&start log.txt
ad log.txt
ted ide,

Az mbr-t az asztalon hagyom, eddig oké. A futtatásba milyen text-et másolok be és a log.txt alatt a combofix logját érted, ugye? Tehát azt a sort csak simán dos ablakban be kell írni ha jól értem.Jól értem?

Az első részét még értem, de az mbr-essel mit is kell pontosan csinálni?

http://jpshortstuff.247fixes.com/beta/Defogger.exe
letoltod<futatod>klik disadled>restart,

>> MBR - http://www2.gmer.net/mbr/mbr.exe
letoltod az asztalra,,es ot hagyod
start>futatas>bemasolod a textet es a log.txt ted ide
cmd /c mbr.exe -t >log.txt&start log.txt

Remélem, hogy amit Te ki tudsz olvasni belőle az sikerült, vagy van még következő lépés?

No...lépésról lépésre megcsináltam amit írtál és íme a log:

ComboFix 09-12-06.01 - Máté Balázs 009.12.06. 18:16.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.3327.2871 [GMT 1:00]
Running from: C:\ComboFix.exe
Command switches used :: c:\documents and settings\Máté Balázs\Asztal\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
* Resident AV is active

.
Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\TCPIP.SYS --> c:\windows\system32\drivers\TCPIP.SYS
c:\windows\ServicePackFiles\i386\TCPIP.SYS --> c:\windows\system32\dllcache\TCPIP.SYS
.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-06 17:08 . 2009-12-06 17:08 3581982 ----a-r- C:\ComboFix.exe
2009-12-06 14:33 . 2007-09-12 13:11 765952 ----a-w- c:\windows\OALInst.exe
2009-12-06 14:33 . 2008-03-18 16:02 22833304 ----a-w- c:\windows\system32\AppSetup.exe
2009-12-06 14:33 . 2006-07-03 11:55 53248 ----a-w- c:\windows\resdef.exe
2009-12-06 14:33 . 2006-07-03 11:43 10752 ----a-w- c:\windows\system32\SPIRun.dll
2009-12-06 14:33 . 2006-06-02 10:08 197632 ----a-w- c:\windows\SF32.exe
2009-12-06 14:33 . 2003-10-02 17:48 53248 ----a-w- c:\windows\system32\P17CPI.dll
2009-12-06 14:31 . 1999-12-13 00:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2009-12-06 14:31 . 1999-11-18 00:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2009-12-06 14:24 . 2009-12-06 14:29 65612416 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Sound Blaster X-Fi Xtreme Audio Pack 1.04.0079__\XFXA_PCDRV_LB_1_04_0079.exe
2009-12-05 21:07 . 2009-12-05 23:02 -------- d-----w- c:\program files\RegCure
2009-12-05 15:20 . 2009-12-05 15:20 -------- d-----w- c:\program files\VideoLAN
2009-12-05 13:26 . 2009-12-05 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2009-12-05 13:24 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2009-12-05 13:24 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2009-12-05 13:24 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2009-12-05 13:24 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2009-12-05 13:24 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-12-05 13:24 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2009-12-05 13:24 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2009-12-05 13:24 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2009-12-05 13:24 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2009-12-05 13:24 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2009-12-05 13:24 . 2009-12-05 13:24 -------- d-----w- c:\program files\BRS
2009-11-28 10:28 . 2009-11-28 10:28 -------- d-----w- c:\program files\Common Files\Skype
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\DCoder Image Source
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\SHOUTcast Source
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\CD Audio Reader Filter
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\Gabest MPEG Splitter
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\RealMedia
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\DScaler5
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\AC3Filter
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\DirectVobSub
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\Haali
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\Bass Audio Decoder
2009-11-25 10:41 . 2008-12-17 18:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\ffdshow
2009-11-25 10:41 . 2008-12-11 12:26 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-11-25 10:40 . 2009-12-05 15:16 -------- d-----w- c:\program files\Zoom Player
2009-11-24 15:18 . 2009-11-24 15:18 -------- d--h--w- c:\windows\msdownld.tmp
2009-11-22 13:43 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 13:43 . 2009-11-22 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-22 13:43 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 13:43 . 2009-11-22 13:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 21:44 . 2009-12-06 14:23 -------- d-----w- c:\program files\InCode Solutions
2009-11-21 19:30 . 2009-11-21 19:30 -------- d-----w- c:\program files\CleanUp!
2009-11-18 19:20 . 2009-11-18 19:21 -------- d-----w- c:\program files\Flobo HDDBadSectorRepair
2009-11-18 11:58 . 2009-11-18 11:58 -------- d-----w- c:\program files\Common Files\Creative
2009-11-18 11:57 . 2007-10-10 18:31 1664384 ----a-w- c:\windows\system32\drivers\p17xfilt.sys
2009-11-18 11:57 . 2006-01-25 13:55 137728 ----a-w- c:\windows\system32\P17res.dll
2009-11-18 11:57 . 2003-04-01 23:13 139264 ----a-r- c:\windows\system32\EAX.DLL
2009-11-18 11:57 . 2007-11-21 16:06 1174528 ----a-w- c:\windows\system32\drivers\P17xfi.sys
2009-11-18 11:57 . 2004-12-22 18:58 8704 ----a-w- c:\windows\system32\drivers\Pfmodnt.sys
2009-11-15 10:12 . 2009-11-15 10:12 -------- d-----w- c:\program files\Common Files\CyberLink
2009-11-15 10:10 . 2009-11-15 10:09 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-11-15 10:10 . 2009-11-15 10:09 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-11-14 21:54 . 2009-11-17 11:08 -------- d-----w- c:\program files\Registry Winner
2009-11-14 21:45 . 2009-11-14 21:46 -------- d-----w- c:\program files\WhoCrashed
2009-11-14 14:42 . 2009-11-14 14:42 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-13 20:49 . 2009-11-13 20:49 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-12 16:42 . 2009-11-12 16:42 -------- d-----w- c:\windows\system32\AGEIA
2009-11-12 16:42 . 2009-11-12 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-12 16:41 . 2009-11-12 16:42 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-12 16:41 . 2009-11-12 16:41 -------- d-----w- C:\NVIDIA
2009-11-12 15:52 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-12 15:52 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-12 15:52 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-12 15:52 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-12 15:52 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-12 15:52 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-12 15:52 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 17:27 . 2009-09-30 12:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-06 17:27 . 2009-10-22 12:46 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-12-06 14:35 . 2009-06-25 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-12-06 14:34 . 2008-08-30 09:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-06 14:33 . 2009-08-29 20:50 -------- d-----w- c:\program files\Creative
2009-12-06 14:32 . 2009-06-25 16:39 -------- d--h--w- c:\program files\Creative Installation Information
2009-12-06 11:52 . 2008-10-20 08:43 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 1
2009-12-05 21:58 . 2009-09-18 12:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-05 13:23 . 2009-02-12 11:43 -------- d-----w- c:\program files\OpenAL
2009-12-05 13:23 . 2008-08-30 12:41 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-05 13:23 . 2003-10-14 03:53 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-02 14:49 . 2009-09-18 12:54 -------- d-----w- c:\program files\Spyware Doctor
2009-11-28 12:21 . 2008-09-07 14:10 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-28 12:12 . 2008-09-07 14:11 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-28 10:28 . 2009-02-25 14:54 -------- d-----r- c:\program files\Skype
2009-11-28 10:28 . 2008-09-04 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-25 10:52 . 2008-08-30 18:51 -------- d-----w- c:\program files\GRETECH
2009-11-23 18:19 . 2008-10-06 08:46 -------- d-----w- c:\program files\Java
2009-11-23 18:19 . 2004-08-18 12:00 526546 ----a-w- c:\windows\system32\perfh00E.dat
2009-11-23 18:19 . 2004-08-18 12:00 131798 ----a-w- c:\windows\system32\perfc00E.dat
2009-11-21 21:34 . 2008-09-02 16:08 -------- d-----w- c:\program files\BCDC++
2009-11-18 19:43 . 2009-10-27 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-15 10:18 . 2008-09-11 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-15 10:10 . 2008-09-11 11:37 -------- d-----w- c:\program files\CyberLink
2009-11-14 21:12 . 2008-12-18 18:59 -------- d-----w- c:\program files\Setup Files
2009-11-14 14:47 . 2009-02-15 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-13 23:04 . 2009-09-27 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-13 18:40 . 2008-09-19 06:48 -------- d-----w- c:\program files\Lavalys
2009-11-13 18:12 . 2009-09-28 21:18 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-11-13 18:12 . 2008-09-10 18:53 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-11-12 16:42 . 2008-10-07 10:27 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-12 16:42 . 2008-10-23 21:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-08 14:27 . 2009-01-08 10:51 -------- d-----w- c:\program files\Windows Live
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-10-29 16:03 . 2009-10-29 16:03 -------- d-----w- c:\program files\CCleaner
2009-10-28 21:43 . 2008-09-11 08:39 -------- d-----w- c:\program files\Common Files\Apple
2009-10-20 20:17 . 2009-03-16 14:35 58468 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-16 20:33 . 2008-09-07 14:10 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-11 03:17 . 2008-11-19 12:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 13:57 . 2007-10-09 12:03 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2004-08-18 12:00 22016 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2004-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-09-27 17:20 . 2009-09-27 17:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 17:20 . 2009-09-27 17:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 17:19 . 2009-09-27 17:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 17:19 . 2009-09-27 17:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 17:19 . 2009-09-27 17:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 17:19 . 2009-09-27 17:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 17:19 . 2009-09-27 17:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 17:19 . 2009-09-27 17:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 17:19 . 2009-09-27 17:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 17:19 . 2009-09-27 17:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 17:19 . 2009-09-27 17:19 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 17:19 . 2009-09-27 17:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 17:19 . 2009-09-27 17:19 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 15:12 . 2009-09-27 15:12 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 15:12 . 2009-09-27 15:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 15:12 . 2009-09-27 15:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 15:12 . 2009-09-27 15:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 15:12 . 2009-09-27 15:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-27 15:12 . 2009-04-30 20:02 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 15:12 . 2008-05-16 12:01 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:12 . 2008-05-16 12:01 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-25 21:45 . 2009-09-25 15:37 573472 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-25 21:45 . 2009-09-25 15:37 23328 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-20 14:08 . 2009-09-20 14:08 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-09-20 12:31 . 2009-09-20 12:31 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-09-14 12:03 . 2009-09-08 10:28 2729092 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-09-11 14:19 . 2004-08-18 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-05_22.21.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-06 17:33 . 2009-12-06 17:33 16384 c:\windows\temp\Perflib_Perfdata_f68.dat
+ 2009-12-06 17:28 . 2009-12-06 17:28 16384 c:\windows\temp\Perflib_Perfdata_788.dat
+ 2008-06-27 16:04 . 2005-12-08 10:54 21504 c:\windows\system32\sfman32.dll
- 2008-06-27 16:04 . 2005-12-08 03:54 21504 c:\windows\system32\sfman32.dll
+ 2009-12-06 14:33 . 2006-07-03 11:43 10752 c:\windows\system32\ReinstallBackups\0057\DriverFiles\SPIRun.dll
+ 2009-12-06 14:33 . 2003-10-02 17:48 53248 c:\windows\system32\ReinstallBackups\0057\DriverFiles\P17CPI.dll
+ 2009-12-06 14:33 . 2008-04-14 17:02 23552 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\wdmaud.drv
+ 2009-12-06 14:33 . 2008-04-13 10:45 49408 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\stream.sys
+ 2009-12-06 14:33 . 2008-04-13 10:45 60160 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\drmk.sys
+ 2009-12-06 14:33 . 2002-04-10 17:41 65536 c:\windows\system32\ReinstallBackups\0057\DriverFiles\A3d.dll
+ 2009-12-06 14:34 . 2005-12-08 03:54 21504 c:\windows\system32\ReinstallBackups\0053\DriverFiles\W2KXPDRV\sfman32.dll
- 2008-06-27 16:26 . 2002-04-10 17:41 65536 c:\windows\system32\dllcache\a3d.dll
+ 2008-06-27 16:26 . 2002-04-11 00:41 65536 c:\windows\system32\dllcache\a3d.dll
- 2008-06-27 16:26 . 2002-04-10 17:41 65536 c:\windows\system32\A3d.dll
+ 2008-06-27 16:26 . 2002-04-11 00:41 65536 c:\windows\system32\A3d.dll
+ 2009-12-06 14:33 . 2004-12-22 11:58 8704 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\Pfmodnt.sys
+ 2009-12-06 14:33 . 2008-04-14 07:01 4096 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\ksuser.dll
+ 2009-12-06 17:28 . 2008-12-16 20:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2008-06-27 16:04 . 2005-12-08 10:54 120832 c:\windows\system32\sfms32.dll
- 2008-06-27 16:04 . 2005-12-08 03:54 120832 c:\windows\system32\sfms32.dll
+ 2009-12-06 14:33 . 2006-01-25 06:55 137728 c:\windows\system32\ReinstallBackups\0057\DriverFiles\P17res.dll
+ 2009-12-06 14:33 . 2007-05-08 00:59 137216 c:\windows\system32\ReinstallBackups\0057\DriverFiles\OemSpi.dll
+ 2009-12-06 14:33 . 2008-04-13 11:19 146048 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\portcls.sys
+ 2009-12-06 14:33 . 2008-04-13 11:16 141056 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\ks.sys
+ 2009-12-06 14:33 . 2005-06-27 10:37 133632 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\CtDvInst.dll
+ 2009-12-06 14:34 . 2005-12-08 03:54 120832 c:\windows\system32\ReinstallBackups\0053\DriverFiles\W2KXPDRV\sfms32.dll
+ 2009-12-06 14:34 . 2006-08-07 11:30 162176 c:\windows\system32\ReinstallBackups\0053\DriverFiles\W2KXPDRV\ctusfsyn.sys
+ 2009-12-06 14:34 . 2005-12-08 03:54 142336 c:\windows\system32\ReinstallBackups\0053\DriverFiles\W2KXPDRV\ctsfm2k.sys
+ 2009-12-06 14:34 . 2005-12-08 03:54 114688 c:\windows\system32\ReinstallBackups\0053\DriverFiles\W2KXPDRV\ctoss2k.sys
+ 2009-03-11 08:53 . 2009-12-06 17:28 224383 c:\windows\system32\inetsrv\MetaBase.bin
- 2009-06-25 16:38 . 2006-08-07 11:30 162176 c:\windows\system32\drivers\ctusfsyn.sys
+ 2009-06-25 16:38 . 2006-08-07 18:30 162176 c:\windows\system32\drivers\ctusfsyn.sys
- 2008-07-07 09:34 . 2005-12-08 03:54 142336 c:\windows\system32\drivers\ctsfm2k.sys
+ 2008-07-07 09:34 . 2005-12-08 10:54 142336 c:\windows\system32\drivers\ctsfm2k.sys
- 2008-07-07 09:33 . 2005-12-08 03:54 114688 c:\windows\system32\drivers\ctoss2k.sys
+ 2008-07-07 09:33 . 2005-12-08 10:54 114688 c:\windows\system32\drivers\ctoss2k.sys
+ 2007-10-16 16:59 . 2007-10-16 17:59 171520 c:\windows\system32\CtDvIns1.dll
- 2007-10-16 16:59 . 2007-10-16 16:59 171520 c:\windows\system32\CtDvIns1.dll
+ 2009-12-06 14:33 . 2007-03-22 16:35 1659008 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\p17xfilt.sys
+ 2009-12-06 14:33 . 2006-09-25 09:58 1173504 c:\windows\system32\ReinstallBackups\0057\DriverFiles\i386\P17xfi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"PC Suite Tray"="h:\nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-29 949376]
"DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-05-04 354312]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-05-04 2817544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"P17Helper"="SPIRun.dll" [2006-07-03 10752]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\M t‚ Bal zs\Start Menu\Programs\Indˇt˘pult\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2009-9-17 192512]
ExifLauncher2.lnk - h:\fiji1000fd\QuickDCF2.exe [2008-12-23 303104]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-9-11 118784]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Steam\\SteamApps\\wogwog\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\UPS\\Upsman\\upsman.exe"=
"c:\\Program Files\\UPS\\Upsman\\www\\ServiceDriver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\BCDC++\\DCPlusPlus.exe"=
"d:\\Steam\\SteamApps\\wogwog\\day of defeat source\\hl2.exe"=
"h:\\Crysis special edition\\Bin32\\Crysis.exe"=
"h:\\Crysis special edition\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"d:\\Steam\\SteamApps\\wogwog\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\half-life deathmatch source\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\source sdk base\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"d:\\Steam\\SteamApps\\wogwog\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"h:\\Burnout Paradise\\BurnoutLauncher.exe"=
"h:\\Burnout Paradise\\BurnoutConfigTool.exe"=
"h:\\Burnout Paradise\\BurnoutParadise.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Máté Balázs\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"i:\\KOD2\\CoD2MP_s.exe"=
"h:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"h:\\World of Warcraft\\BackgroundDownloader.exe"=
"h:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"h:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"h:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"h:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"h:\\KOD4\\iw3mp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"h:\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"i:\\Dirt2\\dirt2_game.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009.09.18. 13:54 206256]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008.09.05. 12:39 717296]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009.09.18. 14:02 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009.09.18. 14:02 39200]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009.08.29. 1:43 15424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009.09.18. 13:54 159600]
R2 qHTTPs;UPSMAN HTTP;c:\program files\UPS\Upsman\www\ServiceDriver.exe [2009.09.09. 13:57 225353]
R2 UPSMan;UPSMan;c:\program files\UPS\Upsman\upsman.exe [2009.09.09. 13:57 2990165]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2009.09.17. 0:17 28160]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009.05.13. 19:00 12032]
R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [2009.09.17. 0:17 56320]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008.06.27. 19:21 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008.06.27. 19:21 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008.06.27. 19:21 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008.06.27. 19:21 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008.06.27. 19:21 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008.06.27. 19:21 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008.06.27. 19:21 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008.06.27. 19:21 566296]
S3 FIXUSTOR;FIXUSTOR; [x]
S3 MsibiosDevice;MsibiosDevice;c:\program files\MSI\Live Update 4\LU4\msibios.sys [2009.09.14. 17:16 18432]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009.09.18. 13:54 64392]
S3 RTCore32;RTCore32;c:\program files\RightMark Memory Analyzer\RTCore32.sys [2008.10.18. 20:42 4608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009.09.18. 13:54 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009.09.18. 14:02 33056]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DUALCORECENTER
*NewlyCreated* - RUSHTOPDEVICE2
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.freemail.hu
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Máté Balázs\Application Data\Mozilla\Firefox\Profiles\ukn1m0f3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.freemail.hu/
FF - component: c:\program files\Mozilla Firefox 3.1 Beta 1\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-RemoveIT Pro v7Ent - c:\program files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 18:29
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8B6695A0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e67cb8
\Driver\atapi -> prosync1.sys @ 0xb85b06c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: SMC9452TX-2 Gigabit Ethernet PCI Adapter -> SendCompleteHandler -> NDIS.sys @ 0xb7c80bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7c8da21
SendHandler -> NDIS.sys @ 0xb7c6b87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\WININET.dll
c:\windows\system32\themeui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
h:\nokia\Nokia PC Suite 7\PhoneBrowser.dll
h:\nokia\Nokia PC Suite 7\NGSCM.DLL
h:\nokia\Nokia PC Suite 7\Lang\PhoneBrowser_hun.nlr
h:\nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Razer\Lachesis\OSD.exe
c:\windows\system32\Rundll32.exe
c:\program files\Razer\Lachesis\razertra.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Razer\Lachesis\razerofa.exe
c:\program files\MSI\DualCoreCenter\DualCoreCenter.exe
c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2009-12-06 18:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-06 17:38
ComboFix2.txt 2009-12-05 22:23

Pre-Run: 2 743 824 384 bájt szabad
Post-Run: 2 851 999 744 bájt szabad

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 9F756B3861AC0A16C22E8B01BED95897

Okés, megcsinálom amit írtál. Remélem jó lesz a gépem már.

oszinten megmondva nemszeretem az ilyen oszevisza kapkodast,kersz segitsegedes aztan torolsz fut,fat,,csak azt kel csinalni amit irok semi mast
Kinyitod a Notepadot>Start>futatas>beirod notepad
Es bemasolod a piros textet


Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl<
legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett:

A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide

Aztán van ilyen az eseménynaplóban:

A szórótábla <C:\DOCUMENTS AND SETTINGS\MÁTÉ BALÁZS\START MENU\PROGRAMS\CYBERLINK POWERDVD 9\POWERDVD 9 HELP FILE.LNK> bejegyzését nem sikerült frissíteni.

Környezet: alkalmazás, SystemIndex katalógus

Részletek:
Egy rendszerhez csatlakoztatott eszköz nem működik. (0x8007001f)

Meg ilyen:

A Windows Search szolgáltatás 3013 eseménye 4 alkalommal lett felfüggesztve 12:58:38 időpont óta. Ezt az eseményt a Windows Search szolgáltatás rövid idő alatt gyakran előforduló eseményeinek felfüggesztéséhez használja a rendszer. Az eseményről a(z) 3013 eseményazonosító nyújt bővebb felvilágosítást.

Ez az egy fájl volt, de ha még produkálja akkor beteszem ide. Szóval hangkártya újrainstall?

es min csodalkozol ha torolted,aval a paraonikus programal
Ja csak közben írom, hogy amikor bejön az XP azt írja ki, hogy a fájl nem tölthető be spirun.dll.
SPIRun SPIRun
Related to Creative audio products. Kapcsolódó Creative audio termékek.
ez a minidump a mai volt tobb nincsen??

http://leteckaposta.cz/137675431

Ja csak közben írom, hogy amikor bejön az XP azt írja ki, hogy a fájl nem tölthető be spirun.dll. Mégegy tünet, hogy neten akartam videót nézni és jött a kékhalál, és az utolsó hangfoszlány szaggatva ismétlődött.

majd azt en kicserelem a combofixel,,csak ujra lekelesz toltened es eztet leszedni a geprol,eloszor a minidump tartalma erdekel,

Az egyes menüpont megvan, hogyan cseréljem ki a TCP drivert?

udv
1:Leszedni az ,c:\program files\Ask.com\programot a vezerlo pulton keresztul
2:valamit torolt a combofix es meg kikei cserelni a TCP drivert
3:Azt a remover programot amit hasznaltal,az egy paranoikus program ugyan olyan mint a prevx,,nemszabad minden programot hasznalni ami az inteneten van,en zserintem minden amit toroltel vele renben van
4:tonkre teted a combofixed is mert torolted a falylojat
5:Jelenitsd meg a rejtet mapak es falylokat,talald meg a C:\windows\minidump mapat es a tartalmat vagy az egesz mapat jatszd fel ide
http://leteckaposta.cz/
a linket ted ide,
egyelore enyi,

http://freemail.origo.hu/index.html
Amikor telepíted pl a nem is tudom hirtelnjében win alatt melyik,de pl a Nero a végén,megkérdezi hogy kell-e neked a Google-toolbar Ask.com keresővel...De pl az Opera mint böngésző alapból azt teszi első helyre a a keresők közül.
Okozhat hasonló hibát egy rossz telepítés is,onnantól kezdve megborul az egész op agya.Pl: 98 alatt rendszeresen,de xp alatt is egy-egy eszköz telepítése után:újraindítás szükséges felirat kb 5 percenként.Pl:nálam a W.Vista a webkamera-drivertől ue-t művelte az eső időkben.kb félévig használhatalan volt,de xp alatt,sőt linux alatt is teljesen hibátlan volt..,de mivel kettyós volt a driver állandóan ki akart mászni a netre,ha nem engedtem,a gép jobbik esetben'csak'újraindult,rosszabb esetben tejesen kimerevedett

De ami érdekes, hogy az indítólapom nem az origo, hanem a freemail.
A másik, hogy amivel játszom - nem túl sok fajta játék - azt megveszem...
És akkor miért indul újra a gépem? Minden hardware-es dolgot megnéztem...memtest, cpu stress test...vinyókat megnéztem...hiába...
Ezek a hibák ezekszerint, nem vírusok okozhatnak ilyen dolgokat?
És mit ajánlanál ezek ellen? Hopp mégegy.Ask.com-ot hogyan tíltsam le?

Köszönöm a segítségedet.

Ráadás a winfosom is eredeti, adták régen dsl-hez...

I think so ..komoly bajok nincsenek még,de lesznek..IE8 és az egyebek,pdig van mozilla is a gépen

Az indítólappal is komoly gondok vannak az origó maga az egyik legnagyobb spammerterjesztő,holott a levélszemétgyűjtője működik
Az ask.com-ot azon nyomban tiltds le a böngészőben-soha sem fogsz egy alapvetően kereskedelmi amerikai kereskedelmi szevertől semmit sem kérdezni.
Az Adobe-nak is csakakkor van helye a böngészőben a ha egy pdf-filét a neten akarsz megnézni,ill egy fash alkalmazást futtatsz egyik alapítója a BSA-nak és ellentétben a richmondi céggel,Ők a mai napig nem csinálták meg a dolgukat-de megoldottnak tekintik a 64-bites flashpalyert!
Aztán megtudtuk hogy,játszol a gépen:World of Warcraft,Crisis,és hogy ott van a neved is!

Nem kellenek aLive updaték az alaplapodhoz,sem a videokártyádhoz!-"döglötten" is letölthetők amikor kell!

A PEV.exe a CoboFix szerint Pot.Unwanted-mert amikor nem kellett már nem irtottad le úgy mint amit már stell-mester javasolt nem is egyszer futtatás,irtás fixálás és a program törlése :combifix/u mert már nem kell és az összes virkill. hibát jelez!

fcachdll.dll :hibás programtelepítés,de ne próbálkozz az újratelepítéssel mert,maga az alkalmazás vírusos,ezért meg is fogta az irtó v.a tűzfal.
iisext.dll :exporerhiba-nyakilag
inetsloc.dll :ua
snprfdll.dll:hibás adatvisszállítás javításuk a kicsipuha-oldalán
spirun.dll hibás taskindítás:nemlétező v törölt program miatt

A RemoveIT Pro v4 SE pedig ezeket találta.


23:30:11: Infected file (Sys32.fcachdll) C:\WINDOWS\system32\fcachdll.dll
23:30:21: Infected file (Sys32.iisext) C:\WINDOWS\system32\iisext.dll
23:30:21: Infected file (Sys32.inetsloc) C:\WINDOWS\system32\inetsloc.dll
23:30:57: Infected file (Sys32.snprfdll) C:\WINDOWS\system32\snprfdll.dll
23:30:57: Infected file (Sys32.spirun) C:\WINDOWS\system32\spirun.dll
23:31:44: Infected file (Sys32.pev) C:\WINDOWS\pev.exe

Ez pedig a Combofix




ComboFix 09-12-05.01 - Máté Balázs 009.12.05. 23:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.3327.2851 [GMT 1:00]
Running from: i:\dvd-re xxx\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3247190855-3109746679-4224636872-1000
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-01-08_11-44_15e8-zhva5s70.log
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-02-22_12-40_f70-lxa4t57b.log
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-11-08_15-22_878-l9ej3c5w.log
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.

2009-12-05 21:07 . 2009-12-05 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-12-05 21:07 . 2009-12-05 21:07 -------- d-----w- c:\program files\RegCure
2009-12-05 15:20 . 2009-12-05 15:20 -------- d-----w- c:\program files\VideoLAN
2009-12-05 13:26 . 2009-12-05 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2009-12-05 13:24 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2009-12-05 13:24 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2009-12-05 13:24 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2009-12-05 13:24 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2009-12-05 13:24 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-12-05 13:24 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2009-12-05 13:24 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2009-12-05 13:24 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2009-12-05 13:24 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2009-12-05 13:24 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2009-12-05 13:24 . 2009-12-05 13:24 -------- d-----w- c:\program files\BRS
2009-11-28 10:28 . 2009-11-28 10:28 -------- d-----w- c:\program files\Common Files\Skype
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\DCoder Image Source
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\SHOUTcast Source
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\CD Audio Reader Filter
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\Gabest MPEG Splitter
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\RealMedia
2009-11-25 10:42 . 2009-11-25 10:42 -------- d-----w- c:\program files\DScaler5
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\AC3Filter
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\DirectVobSub
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\Haali
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\Bass Audio Decoder
2009-11-25 10:41 . 2008-12-17 18:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-25 10:41 . 2009-11-25 10:41 -------- d-----w- c:\program files\ffdshow
2009-11-25 10:41 . 2008-12-11 12:26 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-11-25 10:40 . 2009-12-05 15:16 -------- d-----w- c:\program files\Zoom Player
2009-11-24 15:18 . 2009-11-24 15:18 -------- d--h--w- c:\windows\msdownld.tmp
2009-11-22 13:43 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 13:43 . 2009-11-22 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-22 13:43 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 13:43 . 2009-11-22 13:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 21:44 . 2009-11-21 21:44 -------- d-----w- c:\program files\InCode Solutions
2009-11-21 19:30 . 2009-11-21 19:30 -------- d-----w- c:\program files\CleanUp!
2009-11-18 19:20 . 2009-11-18 19:21 -------- d-----w- c:\program files\Flobo HDDBadSectorRepair
2009-11-18 11:59 . 1999-12-12 17:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2009-11-18 11:59 . 1999-11-17 17:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2009-11-18 11:58 . 2009-11-18 11:58 -------- d-----w- c:\program files\Common Files\Creative
2009-11-18 11:57 . 2007-03-22 16:35 1659008 ----a-r- c:\windows\system32\drivers\p17xfilt.sys
2009-11-18 11:57 . 2006-01-25 06:55 137728 ----a-r- c:\windows\system32\P17res.dll
2009-11-18 11:57 . 2003-04-01 23:13 139264 ----a-r- c:\windows\system32\EAX.DLL
2009-11-18 11:57 . 2006-09-25 09:58 1173504 ----a-r- c:\windows\system32\drivers\P17xfi.sys
2009-11-18 11:57 . 2004-12-22 11:58 8704 ----a-r- c:\windows\system32\drivers\Pfmodnt.sys
2009-11-15 10:12 . 2009-11-15 10:12 -------- d-----w- c:\program files\Common Files\CyberLink
2009-11-15 10:10 . 2009-11-15 10:09 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-11-15 10:10 . 2009-11-15 10:09 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-11-14 21:54 . 2009-11-17 11:08 -------- d-----w- c:\program files\Registry Winner
2009-11-14 21:45 . 2009-11-14 21:46 -------- d-----w- c:\program files\WhoCrashed
2009-11-14 14:42 . 2009-11-14 14:42 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-13 20:49 . 2009-11-13 20:49 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-12 16:42 . 2009-11-12 16:42 -------- d-----w- c:\windows\system32\AGEIA
2009-11-12 16:42 . 2009-11-12 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-12 16:41 . 2009-11-12 16:42 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-12 16:41 . 2009-11-12 16:41 -------- d-----w- C:\NVIDIA
2009-11-12 15:52 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-12 15:52 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-12 15:52 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-12 15:52 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-12 15:52 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-12 15:52 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-12 15:52 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-09 13:26 . 2009-11-09 13:26 -------- d-----w- c:\program files\Ask.com
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 22:10 . 2009-09-30 12:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-05 22:10 . 2009-10-22 12:46 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-12-05 21:58 . 2009-09-18 12:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-05 16:40 . 2008-10-20 08:43 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 1
2009-12-05 13:23 . 2009-02-12 11:43 -------- d-----w- c:\program files\OpenAL
2009-12-05 13:23 . 2008-08-30 12:41 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-05 13:23 . 2003-10-14 03:53 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-05 13:05 . 2008-08-30 09:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-02 14:49 . 2009-09-18 12:54 -------- d-----w- c:\program files\Spyware Doctor
2009-11-28 12:21 . 2008-09-07 14:10 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-28 12:12 . 2008-09-07 14:11 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-28 10:28 . 2009-02-25 14:54 -------- d-----r- c:\program files\Skype
2009-11-28 10:28 . 2008-09-04 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-25 10:52 . 2008-08-30 18:51 -------- d-----w- c:\program files\GRETECH
2009-11-23 18:19 . 2008-10-06 08:46 -------- d-----w- c:\program files\Java
2009-11-23 18:19 . 2004-08-18 12:00 526546 ----a-w- c:\windows\system32\perfh00E.dat
2009-11-23 18:19 . 2004-08-18 12:00 131798 ----a-w- c:\windows\system32\perfc00E.dat
2009-11-21 21:34 . 2008-09-02 16:08 -------- d-----w- c:\program files\BCDC++
2009-11-18 19:43 . 2009-10-27 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-18 12:00 . 2009-08-29 20:50 -------- d-----w- c:\program files\Creative
2009-11-18 11:59 . 2009-06-25 16:39 -------- d--h--w- c:\program files\Creative Installation Information
2009-11-15 10:18 . 2008-09-11 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-15 10:10 . 2008-09-11 11:37 -------- d-----w- c:\program files\CyberLink
2009-11-14 21:12 . 2008-12-18 18:59 -------- d-----w- c:\program files\Setup Files
2009-11-14 14:47 . 2009-02-15 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-13 23:04 . 2009-09-27 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-13 18:40 . 2008-09-19 06:48 -------- d-----w- c:\program files\Lavalys
2009-11-13 18:12 . 2009-09-28 21:18 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-11-13 18:12 . 2008-09-10 18:53 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-11-12 16:42 . 2008-10-07 10:27 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-12 16:42 . 2008-10-23 21:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-08 14:27 . 2009-01-08 10:51 -------- d-----w- c:\program files\Windows Live
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-10-29 16:03 . 2009-10-29 16:03 -------- d-----w- c:\program files\CCleaner
2009-10-28 21:43 . 2008-09-11 08:39 -------- d-----w- c:\program files\Common Files\Apple
2009-10-20 20:17 . 2009-03-16 14:35 58468 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-16 20:33 . 2008-09-07 14:10 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-11 03:17 . 2008-11-19 12:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 13:57 . 2007-10-09 12:03 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2004-08-18 12:00 22016 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2004-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-09-27 17:20 . 2009-09-27 17:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 17:20 . 2009-09-27 17:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 17:19 . 2009-09-27 17:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 17:19 . 2009-09-27 17:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 17:19 . 2009-09-27 17:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 17:19 . 2009-09-27 17:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 17:19 . 2009-09-27 17:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 17:19 . 2009-09-27 17:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 17:19 . 2009-09-27 17:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 17:19 . 2009-09-27 17:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 17:19 . 2009-09-27 17:19 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 17:19 . 2009-09-27 17:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 17:19 . 2009-09-27 17:19 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 15:12 . 2009-09-27 15:12 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 15:12 . 2009-09-27 15:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 15:12 . 2009-09-27 15:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 15:12 . 2009-09-27 15:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 15:12 . 2009-09-27 15:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-27 15:12 . 2009-04-30 20:02 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 15:12 . 2008-05-16 12:01 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:12 . 2008-05-16 12:01 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-25 21:45 . 2009-09-25 15:37 573472 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-25 21:45 . 2009-09-25 15:37 23328 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-20 14:08 . 2009-09-20 14:08 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-09-20 12:31 . 2009-09-20 12:31 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-09-19 23:24 . 2004-08-18 12:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-09-14 12:03 . 2009-09-08 10:28 2729092 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-09-11 14:19 . 2004-08-18 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

------- Sigcheck -------

[-] 2009-09-19 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-09-19 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 13:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"PC Suite Tray"="h:\nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-29 949376]
"DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-05-04 354312]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-05-04 2817544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"P17Helper"="SPIRun.dll" [2006-07-03 10752]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\M t‚ Bal zs\Start Menu\Programs\Indˇt˘pult\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2009-9-17 192512]
ExifLauncher2.lnk - h:\fiji1000fd\QuickDCF2.exe [2008-12-23 303104]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-9-11 118784]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Steam\\SteamApps\\wogwog\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\UPS\\Upsman\\upsman.exe"=
"c:\\Program Files\\UPS\\Upsman\\www\\ServiceDriver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\BCDC++\\DCPlusPlus.exe"=
"d:\\Steam\\SteamApps\\wogwog\\day of defeat source\\hl2.exe"=
"h:\\Crysis special edition\\Bin32\\Crysis.exe"=
"h:\\Crysis special edition\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"d:\\Steam\\SteamApps\\wogwog\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\half-life deathmatch source\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\source sdk base\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"d:\\Steam\\SteamApps\\wogwog\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"h:\\Burnout Paradise\\BurnoutLauncher.exe"=
"h:\\Burnout Paradise\\BurnoutConfigTool.exe"=
"h:\\Burnout Paradise\\BurnoutParadise.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Máté Balázs\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"i:\\KOD2\\CoD2MP_s.exe"=
"h:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"h:\\World of Warcraft\\BackgroundDownloader.exe"=
"h:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"h:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"h:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"h:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"h:\\KOD4\\iw3mp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"h:\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"i:\\Dirt2\\dirt2_game.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009.09.18. 13:54 206256]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009.09.18. 14:02 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009.09.18. 14:02 39200]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009.08.29. 1:43 15424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009.09.18. 13:54 159600]
R2 qHTTPs;UPSMAN HTTP;c:\program files\UPS\Upsman\www\ServiceDriver.exe [2009.09.09. 13:57 225353]
R2 UPSMan;UPSMan;c:\program files\UPS\Upsman\upsman.exe [2009.09.09. 13:57 2990165]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009.05.13. 19:00 12032]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys --> c:\windows\system32\drivers\sfdrv01a.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008.09.05. 12:39 717296]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008.06.27. 19:21 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008.06.27. 19:21 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008.06.27. 19:21 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008.06.27. 19:21 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008.06.27. 19:21 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008.06.27. 19:21 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008.06.27. 19:21 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008.06.27. 19:21 566296]
S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2009.09.17. 0:17 28160]
S3 FIXUSTOR;FIXUSTOR; [x]
S3 MsibiosDevice;MsibiosDevice;c:\program files\MSI\Live Update 4\LU4\msibios.sys [2009.09.14. 17:16 18432]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009.09.18. 13:54 64392]
S3 RTCore32;RTCore32;c:\program files\RightMark Memory Analyzer\RTCore32.sys [2008.10.18. 20:42 4608]
S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [2009.09.17. 0:17 56320]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009.09.18. 13:54 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009.09.18. 14:02 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.freemail.hu
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Máté Balázs\Application Data\Mozilla\Firefox\Profiles\ukn1m0f3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.freemail.hu/
FF - component: c:\program files\Mozilla Firefox 3.1 Beta 1\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Crysis WARHEAD(R) - c:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-NVIDIA Drivers - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
AddRemove-Steam App 215 - d:\steam\steam.exe steam://uninstall/215
AddRemove-Steam App 218 - d:\steam\steam.exe steam://uninstall/218
AddRemove-Steam App 400 - d:\steam\steam.exe steam://uninstall/400
AddRemove-Steam App 420 - d:\steam\steam.exe steam://uninstall/420
AddRemove-Steam App 440 - d:\steam\steam.exe steam://uninstall/440
AddRemove-Steam App 500 - d:\steam\steam.exe steam://uninstall/500
AddRemove-Uniblue RegistryBooster 2009 - c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-{021d77fd-e61a-4d59-8b24-5560595e94e9} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(848)
c:\windows\system32\imon.dll
.
Completion time: 2009-12-05 23:23
ComboFix-quarantined-files.txt 2009-12-05 22:22

Pre-Run: 2 544 439 296 bájt szabad
Post-Run: 2 927 886 336 bájt szabad

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional - magyar" /NOEXECUTE=OPTIN /FASTDETECT

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 680DEF7521B62F9ECDBBA2CECFBB67D5

és már tépem a hajam. Jelenség: random szerűen ójraindul a gép de előbb kékhalál.

HijackThis log-ja:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:42, on 2009.12.05.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\UPS\Upsman\www\ServiceDriver.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPS\Upsman\upsman.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
H:\FIJI1000FD\QuickDCF2.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freemail.hu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "H:\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: ExifLauncher2.lnk = H:\FIJI1000FD\QuickDCF2.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Küldés blogba - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Küldés blogba a Windows Live Writer programmal - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirements ... b_srlx.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 8597888796
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7680083296
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: UPSMAN HTTP (qHTTPs) - Quazar Software GmbH - C:\Program Files\UPS\Upsman\www\ServiceDriver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: UPSMan - Generex GmbH - C:\Program Files\UPS\Upsman\upsman.exe

--
End of file - 13927 bytes