Prosim o kontrolu logu

Zpráva

cutmatic · #16 Příspěvek od **cutmatic** » 22 čer 2010 19:52

jaj tak ted jsem to asi cele zmrsil ..jelikoz to co kopiruju na flashku delam z postizeneho pc

cutmatic · #17 Příspěvek od **cutmatic** » 22 čer 2010 19:56

pokud strcim flashku do sveho pc, nehrozi nic?

cutmatic · #18 Příspěvek od **cutmatic** » 22 čer 2010 20:07

flashku jsem zalohoval u sebe a zformatoval ..

dobra nahozeno, jdu udelat boot.. vim ze uz je pozde a ze toho mas sam dost takze klidne pockame jeste nejaky cas..

ja osobne mam taky dost prace, a znamymu jsem uz vcera oznamil ze to nebude mit opraveny behem 24 hodin jak predpokladal ..jeste jednou diky za pomoc

cutmatic · #19 Příspěvek od **cutmatic** » 22 čer 2010 20:17

ted jsem trochu ztracenej v tvych poznamkach

toto je treba zmenit pred bootem?

C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys.old
C:\WINDOWS\system32\dllcache\ndis.sys.old
C:\WINDOWS\system32\drivers\ndis.sys.old

cutmatic · #20 Příspěvek od **cutmatic** » 22 čer 2010 20:25

problem has been detected ...modra obrazovka, pri spousteni win z flash ...z nocniho romanu bude jeste vyprava na par dnu ...v pohode jak pospichas, to bez .)

....tohle pc je tragedie

EDIT: znovu..

cutmatic · #21 Příspěvek od **cutmatic** » 22 čer 2010 20:29

diky, mej se

cau

cutmatic · #22 Příspěvek od **cutmatic** » 23 čer 2010 18:37

Zdravim, udelam ten postup co pises, ale mam problem. Vcera jak jsem bootoval z flash tak jsem zmenil ty soubory co si psal, ale bohuzel jsem nenahral ten ndis soubor od sebe. Ted mi to nechce nabootovat ani z flash ani normalne. Zkusim to znovu, dnes jsem se k tomu vubec nedostal.

cutmatic · #23 Příspěvek od **cutmatic** » 24 čer 2010 12:43

To je jeste z toho prvniho postupu

//////////////////////////////////////////

OTL logfile created on: 24/06/2010 21:41:19 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Bob Brady\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

759.00 Mb Total Physical Memory | 451.00 Mb Available Physical Memory | 59.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.68 Gb Total Space | 24.13 Gb Free Space | 45.80% Space Free | Partition Type: NTFS
Drive D: | 18.46 Gb Total Space | 17.74 Gb Free Space | 96.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOB
Current User Name: Bob Brady
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/24 21:40:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Brady\Desktop\OTL.exe
PRC - [2010/06/02 06:57:48 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/11/25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2005/10/27 23:41:52 | 000,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcdcoms.exe
PRC - [2005/10/25 09:56:14 | 000,107,520 | ---- | M] (WhenU.com) -- C:\Program Files\VVSN\VVSN.exe
PRC - [2005/10/07 03:01:48 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe

========== Modules (SafeList) ==========

MOD - [2010/06/24 21:40:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Brady\Desktop\OTL.exe
MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/27 23:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\dlcdcoms.exe -- (dlcd_device)

========== Driver Services (SafeList) ==========

DRV - [2010/06/03 14:20:49 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2010/06/03 14:18:56 | 000,664,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/12/02 10:10:04 | 000,173,312 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u90.sys -- (SWNC8U90) Sierra Wireless MUX NDIS Driver (UMTS90)
DRV - [2008/11/17 14:33:44 | 000,145,280 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx90.sys -- (SWUMX90) Sierra Wireless USB MUX Driver (UMTS90)
DRV - [2008/08/22 18:05:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/03/17 11:03:46 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/03/26 14:46:30 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/09/18 14:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006/09/18 14:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006/09/18 14:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006/09/18 14:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/18 14:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/09/18 14:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/05/15 14:35:36 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/03/24 23:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/13 17:35:28 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2006/03/13 17:35:26 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2006/03/13 17:35:20 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2006/03/13 17:35:18 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2006/03/13 17:35:12 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2006/03/08 18:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/02 19:24:42 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/05 03:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/22 03:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 03:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 03:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 05:00:00 | 000,041,856 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
IE - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\..\URLSearchHook: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/06/21 18:12:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\..\Toolbar\WebBrowser: (PHPNukeEN Toolbar) - {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe (WhenU.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 3521054984 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bob Brady\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob Brady\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/06/03 14:22:53 | 000,002,352 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2010/06/24 21:40:45 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob Brady\Desktop\OTL.exe
[2010/06/24 20:25:23 | 000,000,000 | ---D | C] -- C:\ndis
[2010/06/23 02:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob Brady\Local Settings\Application Data\GHISLER
[2010/06/22 21:22:28 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010/06/22 21:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob Brady\Application Data\GHISLER
[2010/06/22 19:51:59 | 000,000,000 | ---D | C] -- C:\eeepcfr
[2010/06/22 19:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob Brady\Desktop\OTLPE
[2010/06/22 19:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob Brady\Desktop\OTLPEStd
[2010/06/22 18:58:51 | 097,702,766 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Bob Brady\Desktop\OTLPEStd.exe
[2010/06/22 18:34:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/21 19:26:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/21 17:54:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/21 17:45:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/20 22:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/06/20 22:54:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bob Brady\Recent
[2009/07/24 11:45:55 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009/07/24 11:45:55 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/07/24 11:45:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009/07/24 11:45:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[2006/08/16 00:37:50 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdserv.dll
[2006/08/16 00:37:50 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdusb1.dll
[2006/08/16 00:37:50 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpmui.dll
[2006/08/16 00:37:50 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdlmpm.dll
[2006/08/16 00:37:50 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdprox.dll
[2006/08/16 00:37:50 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpplc.dll
[2006/08/16 00:37:48 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdhbn3.dll
[2006/08/16 00:37:48 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomc.dll
[2006/08/16 00:37:48 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010/06/24 21:40:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Brady\Desktop\OTL.exe
[2010/06/24 21:37:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/24 21:37:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/24 21:37:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/24 21:37:25 | 796,327,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/24 21:36:54 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Bob Brady\NTUSER.DAT
[2010/06/24 21:36:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Bob Brady\ntuser.ini
[2010/06/24 19:20:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/23 03:04:30 | 004,809,408 | -H-- | M] () -- C:\Documents and Settings\Bob Brady\Local Settings\Application Data\IconCache.db
[2010/06/23 03:04:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/22 21:22:29 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\Bob Brady\Desktop\Total Commander.lnk
[2010/06/22 19:14:01 | 097,702,766 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Bob Brady\Desktop\OTLPEStd.exe
[2010/06/22 18:59:53 | 000,515,892 | ---- | M] () -- C:\Documents and Settings\Bob Brady\Desktop\eeepcfr.zip
[2010/06/21 19:35:26 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Bob Brady\Desktop\gmer.zip
[2010/06/21 19:32:46 | 000,005,629 | ---- | M] () -- C:\Documents and Settings\Bob Brady\Desktop\Extras.rar
[2010/06/21 19:19:40 | 000,235,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/21 19:08:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bob Brady\defogger_reenable
[2010/06/21 19:04:29 | 000,990,405 | ---- | M] () -- C:\Qoobox.rar
[2010/06/21 18:13:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/21 18:12:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/21 17:54:24 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/20 23:29:14 | 000,004,300 | ---- | M] () -- C:\Documents and Settings\Bob Brady\Application Data\wklnhst.dat
[2010/06/20 23:29:11 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Bob Brady\Desktop\CV.Ireland.doc
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/22 21:22:29 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\Bob Brady\Desktop\Total Commander.lnk
[2010/06/22 21:22:28 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2010/06/22 21:22:28 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2010/06/22 21:22:28 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2010/06/22 21:22:28 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2010/06/22 21:22:28 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2010/06/22 21:22:28 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2010/06/22 21:22:28 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2010/06/22 18:59:53 | 000,515,892 | ---- | C] () -- C:\Documents and Settings\Bob Brady\Desktop\eeepcfr.zip
[2010/06/21 19:41:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Bob Brady\Desktop\gmer.exe
[2010/06/21 19:35:26 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Bob Brady\Desktop\gmer.zip
[2010/06/21 19:32:46 | 000,005,629 | ---- | C] () -- C:\Documents and Settings\Bob Brady\Desktop\Extras.rar
[2010/06/21 19:08:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bob Brady\defogger_reenable
[2010/06/21 19:04:27 | 000,990,405 | ---- | C] () -- C:\Qoobox.rar
[2010/06/21 17:54:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/21 17:54:20 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/21 17:45:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/21 17:45:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/12 15:09:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lkv72l68rqxze6cgiawd9tuu.ini
[2009/07/24 11:46:01 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/05/22 17:33:32 | 000,026,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/08/30 18:17:52 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/08/18 17:23:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/08/18 16:35:33 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8756F69A44.sys
[2006/08/18 16:32:08 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\449AF65687.sys
[2006/08/18 16:32:00 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/16 01:26:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/16 01:18:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/16 01:14:23 | 000,000,538 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/16 01:08:49 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/16 00:37:50 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2006/08/16 00:37:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2006/08/16 00:37:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2006/08/16 00:37:50 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2006/08/16 00:37:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2006/08/16 00:37:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2006/08/16 00:37:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2006/08/16 00:37:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2006/08/16 00:37:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2006/08/16 00:37:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2006/08/16 00:37:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/08/16 00:37:28 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/08/16 00:36:46 | 000,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/02 17:05:54 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlcdplc.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:15 | 000,211,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys.old
[2004/08/03 23:00:16 | 000,041,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\imapi.sys

========== LOP Check ==========

[2010/01/28 11:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\331C5
[2009/04/04 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2007/06/16 18:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/05/27 17:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/28 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\bearsharemediabartb
[2010/01/13 12:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2009/12/06 17:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Gearbox Software
[2010/06/22 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\GHISLER
[2010/01/06 19:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\imeshmediabartb
[2006/08/22 19:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Leadertech
[2009/08/05 12:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\MSNInstaller
[2009/05/28 16:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Opera
[2009/05/22 17:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Sierra Wireless
[2009/04/04 18:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Tatara Systems
[2007/08/08 13:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Teleca
[2010/05/03 12:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: NDIS >
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\eeepcfr\ndis
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\ndis\ndis

< MD5 for: NDIS.SYS >
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/03 22:07:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\Documents and Settings\Bob Brady\Desktop\OTLPE\I386\SYSTEM32\DRIVERS\NDIS.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
< End of report >

cutmatic · #24 Příspěvek od **cutmatic** » 24 čer 2010 12:52

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

cutmatic · #25 Příspěvek od **cutmatic** » 24 čer 2010 15:08

Udelal jsem co si psal:

povedlo se mi nahrat muj ndis.sys na jeho pc
zmenil jsem ty ndis soubory na old takze je to nebere ..poustim combofix uvidime co to napise

cutmatic · #26 Příspěvek od **cutmatic** » 24 čer 2010 15:15

ComboFix 10-06-23.05 - Bob Brady 25/06/2010 0:11.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.759.400 [GMT 1:00]
Running from: c:\documents and settings\Bob Brady\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-24 20:50 . 2010-06-24 20:50 77312 ----a-w- C:\mbr.exe
2010-06-24 20:35 . 2008-04-13 23:50 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-06-24 19:25 . 2010-06-24 19:25 -------- d-----w- C:\ndis
2010-06-23 01:54 . 2010-06-23 01:54 -------- d-----w- c:\documents and settings\Bob Brady\Local Settings\Application Data\GHISLER
2010-06-22 20:22 . 2010-06-22 20:22 -------- d-----w- C:\totalcmd
2010-06-22 20:22 . 2010-06-22 20:22 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\GHISLER
2010-06-22 20:22 . 2010-06-17 06:55 545 ----a-w- c:\windows\UC.PIF
2010-06-22 20:22 . 2010-06-17 06:55 545 ----a-w- c:\windows\RAR.PIF
2010-06-22 20:22 . 2010-06-17 06:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-06-22 20:22 . 2010-06-17 06:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-06-22 20:22 . 2010-06-17 06:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-06-22 20:22 . 2010-06-17 06:55 545 ----a-w- c:\windows\LHA.PIF
2010-06-22 20:22 . 2010-06-17 06:55 545 ----a-w- c:\windows\ARJ.PIF
2010-06-22 18:51 . 2010-06-23 02:04 -------- d-----w- C:\eeepcfr
2010-06-21 18:26 . 2010-06-21 18:26 -------- d-----w- C:\_OTL
2010-06-20 21:55 . 2010-06-20 21:56 -------- d-----w- c:\program files\trend micro
2010-06-03 16:13 . 2010-06-03 16:13 -------- d-----w- c:\program files\Team JPN
2010-06-03 13:21 . 2010-06-20 21:55 -------- d-----w- c:\program files\VVSN
2010-06-03 13:20 . 2010-06-03 13:20 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2010-06-03 13:20 . 2010-06-16 19:48 -------- d-----w- c:\program files\DAEMON Tools
2010-06-03 13:18 . 2010-06-03 13:18 96256 ----a-w- c:\windows\system32\drivers\sptd8333.sys
2010-06-03 13:18 . 2010-06-03 13:18 664064 ----a-w- c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 17:11 . 2009-05-28 15:09 -------- d-----w- c:\program files\Opera
2010-06-20 22:29 . 2007-01-20 17:23 4300 ----a-w- c:\documents and settings\Bob Brady\Application Data\wklnhst.dat
2010-06-20 21:18 . 2006-08-22 17:52 -------- d-----w- c:\program files\Dl_cats
2010-06-17 12:02 . 2009-04-04 20:14 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\Skype
2010-06-17 11:58 . 2009-04-08 18:30 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\skypePM
2010-06-16 19:49 . 2010-05-16 19:31 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\vlc
2010-06-15 15:29 . 2010-01-02 20:56 -------- d-----w- c:\program files\EA GAMES
2010-06-11 09:04 . 2004-08-10 11:51 211072 ----a-w- c:\windows\system32\drivers\ndis.sys.old
2010-06-07 08:25 . 2009-12-30 16:47 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-06-02 17:31 . 2006-08-18 15:32 65096 ----a-w- c:\documents and settings\Bob Brady\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-27 17:37 . 2006-08-16 00:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-16 13:36 . 2010-01-02 21:18 990 ----a-w- c:\windows\eReg.dat
2010-05-12 18:56 . 2010-05-12 18:56 111104 --sh--r- C:\xjb3.exe
2010-05-12 17:32 . 2010-05-12 17:26 -------- d-----w- c:\program files\Graboid
2010-05-03 11:59 . 2009-06-06 21:20 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\uTorrent
2010-04-28 16:52 . 2010-04-28 16:52 -------- d-----w- c:\program files\Roger Wilco
2010-04-28 16:52 . 2010-01-02 20:44 -------- d-----w- c:\program files\GameSpy Arcade
2009-09-30 20:07 . 2006-08-18 15:32 56 --sh--r- c:\windows\system32\449AF65687.sys
2009-09-30 19:56 . 2006-08-18 15:35 88 --sh--r- c:\windows\system32\8756F69A44.sys
2009-09-30 20:07 . 2006-08-18 15:32 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-12-31 11:53 2349080 ----a-w- c:\program files\PHPNukeEN\tbPHPN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"VVSN"="c:\program files\VVSN\VVSN.exe" [2005-10-25 107520]
"DLCDCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-13 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 14:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2008-05-28 14:40 1197296 ----a-w- c:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 04:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-10 14:40 20480 ----a-w- c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 19:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 19:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 19:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 09:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 09:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-16 16:54 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 22:30 282624 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 13:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07 827392 ----a-w- c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2006-11-24 00:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 16:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 17:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-03-10 13:43 270336 ----a-w- c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"wltrysvc"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"hnmsvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c9b5624e04980"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcdcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcdPSWX.EXE"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2009 22:20 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2009 22:20 20560]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S2 gupdate1c9b5624e04980;Google Update Service (gupdate1c9b5624e04980);c:\program files\Google\Update\GoogleUpdate.exe [04/04/2009 21:14 133104]
S3 SWNC8U90;Sierra Wireless MUX NDIS Driver (UMTS90);c:\windows\system32\drivers\swnc8u90.sys [02/12/2008 10:10 173312]
S3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90);c:\windows\system32\drivers\swumx90.sys [17/11/2008 14:33 145280]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/06/2010 14:18 664064]
.
Contents of the 'Scheduled Tasks' folder

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 20:14]

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 20:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 00:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-328848984-2692979925-2512256979-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2192)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-25 00:16:55
ComboFix-quarantined-files.txt 2010-06-24 23:16

Pre-Run: 25,870,024,704 bytes free
Post-Run: 25,859,735,552 bytes free

- - End Of File - - EFE5FC462DD09545783A09FF03AED43F

cutmatic · #27 Příspěvek od **cutmatic** » 24 čer 2010 15:15

ComboFix 10-06-23.05 - Bob Brady 25/06/2010 0:11.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.759.400 [GMT 1:00]
Running from: c:\documents and settings\Bob Brady\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-24 20:50 . 2010-06-24 20:50 77312 ----a-w- C:\mbr.exe
2010-06-24 20:35 . 2008-04-13 23:50 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-06-24 19:25 . 2010-06-24 19:25 -------- d-----w- C:\ndis
2010-06-23 01:54 . 2010-06-23 01:54 -------- d-----w- c:\documents and settings\Bob Brady\Local Settings\Application Data\GHISLER
2010-06-22 20:22 . 2010-06-22 20:22 -------- d-----w- C:\totalcmd
2010-06-22 20:22 . 2010-06-22 20:22 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\GHISLER
2010-06-22 20:22 . 2010-06-17 06:55 545 ----a-w- c:\windows\UC.PIF
2010-06-22 20:22 . 2010-06-17 06:55 545 ----a-w- c:\windows\RAR.PIF
2010-06-22 20:22 . 2010-06-17 06:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-06-22 20:22 . 2010-06-17 06:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-06-22 20:22 . 2010-06-17 06:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-06-22 20:22 . 2010-06-17 06:55 545 ----a-w- c:\windows\LHA.PIF
2010-06-22 20:22 . 2010-06-17 06:55 545 ----a-w- c:\windows\ARJ.PIF
2010-06-22 18:51 . 2010-06-23 02:04 -------- d-----w- C:\eeepcfr
2010-06-21 18:26 . 2010-06-21 18:26 -------- d-----w- C:\_OTL
2010-06-20 21:55 . 2010-06-20 21:56 -------- d-----w- c:\program files\trend micro
2010-06-03 16:13 . 2010-06-03 16:13 -------- d-----w- c:\program files\Team JPN
2010-06-03 13:21 . 2010-06-20 21:55 -------- d-----w- c:\program files\VVSN
2010-06-03 13:20 . 2010-06-03 13:20 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2010-06-03 13:20 . 2010-06-16 19:48 -------- d-----w- c:\program files\DAEMON Tools
2010-06-03 13:18 . 2010-06-03 13:18 96256 ----a-w- c:\windows\system32\drivers\sptd8333.sys
2010-06-03 13:18 . 2010-06-03 13:18 664064 ----a-w- c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 17:11 . 2009-05-28 15:09 -------- d-----w- c:\program files\Opera
2010-06-20 22:29 . 2007-01-20 17:23 4300 ----a-w- c:\documents and settings\Bob Brady\Application Data\wklnhst.dat
2010-06-20 21:18 . 2006-08-22 17:52 -------- d-----w- c:\program files\Dl_cats
2010-06-17 12:02 . 2009-04-04 20:14 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\Skype
2010-06-17 11:58 . 2009-04-08 18:30 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\skypePM
2010-06-16 19:49 . 2010-05-16 19:31 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\vlc
2010-06-15 15:29 . 2010-01-02 20:56 -------- d-----w- c:\program files\EA GAMES
2010-06-11 09:04 . 2004-08-10 11:51 211072 ----a-w- c:\windows\system32\drivers\ndis.sys.old
2010-06-07 08:25 . 2009-12-30 16:47 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-06-02 17:31 . 2006-08-18 15:32 65096 ----a-w- c:\documents and settings\Bob Brady\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-27 17:37 . 2006-08-16 00:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-16 13:36 . 2010-01-02 21:18 990 ----a-w- c:\windows\eReg.dat
2010-05-12 18:56 . 2010-05-12 18:56 111104 --sh--r- C:\xjb3.exe
2010-05-12 17:32 . 2010-05-12 17:26 -------- d-----w- c:\program files\Graboid
2010-05-03 11:59 . 2009-06-06 21:20 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\uTorrent
2010-04-28 16:52 . 2010-04-28 16:52 -------- d-----w- c:\program files\Roger Wilco
2010-04-28 16:52 . 2010-01-02 20:44 -------- d-----w- c:\program files\GameSpy Arcade
2009-09-30 20:07 . 2006-08-18 15:32 56 --sh--r- c:\windows\system32\449AF65687.sys
2009-09-30 19:56 . 2006-08-18 15:35 88 --sh--r- c:\windows\system32\8756F69A44.sys
2009-09-30 20:07 . 2006-08-18 15:32 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-12-31 11:53 2349080 ----a-w- c:\program files\PHPNukeEN\tbPHPN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"VVSN"="c:\program files\VVSN\VVSN.exe" [2005-10-25 107520]
"DLCDCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-13 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 14:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2008-05-28 14:40 1197296 ----a-w- c:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 04:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-10 14:40 20480 ----a-w- c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 19:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 19:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 19:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 09:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 09:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-16 16:54 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 22:30 282624 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 13:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07 827392 ----a-w- c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2006-11-24 00:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 16:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 17:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-03-10 13:43 270336 ----a-w- c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"wltrysvc"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"hnmsvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c9b5624e04980"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcdcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcdPSWX.EXE"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2009 22:20 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2009 22:20 20560]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S2 gupdate1c9b5624e04980;Google Update Service (gupdate1c9b5624e04980);c:\program files\Google\Update\GoogleUpdate.exe [04/04/2009 21:14 133104]
S3 SWNC8U90;Sierra Wireless MUX NDIS Driver (UMTS90);c:\windows\system32\drivers\swnc8u90.sys [02/12/2008 10:10 173312]
S3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90);c:\windows\system32\drivers\swumx90.sys [17/11/2008 14:33 145280]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/06/2010 14:18 664064]
.
Contents of the 'Scheduled Tasks' folder

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 20:14]

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 20:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 00:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-328848984-2692979925-2512256979-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2192)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-25 00:16:55
ComboFix-quarantined-files.txt 2010-06-24 23:16

Pre-Run: 25,870,024,704 bytes free
Post-Run: 25,859,735,552 bytes free

- - End Of File - - EFE5FC462DD09545783A09FF03AED43F

cutmatic · #28 Příspěvek od **cutmatic** » 24 čer 2010 15:31

Ja zmenu nepozoruju jelikoz to pc pouzivam jenom na to abych mu to s tvoji uzasnou pomoci opravil. Uz se tesim az to vyhodim z pokoje a nebudu se na to uz muset divat

Aktualizuju veskere softy, jak doporucujes.

VIRY.CZ

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu