Prosim o kontrolu logu. Vyřešeno

[HAFcool]

Tady mas fotku.
Ono je to asi k te licensi, ale me tam zarazi to SP2. Radsi se zeptam, nez bych neco pokazil.

[Reklama]

[memphisto]

Vyžaduje bootovací disketu se systém s SP2 Tak moment, takový podraz jsem nečekal

[HAFcool]

Stava se to casto?

[memphisto]

Takže, to uděláme podle tohoto návodu. Stáhni tu konzoli a jen přetáhni nad ikonu CF. Stejně jako v tom návodě

[HAFcool]

Bohuzel. Furt to same.

[bledulka]

Omlouvám se za vstup.
Co pořád to samé? Pořád to vyžaduje tu instalaci sp2? To je ta recovery konzole, ono se to tak jmenuje, sp2 platí i pro sp3, klidně to potvrďte.

[HAFcool]

Ok.Zkusim to.

[HAFcool]

Omlouvam se, ale nemam na to nervy. Nechal jsem to bezet asi 2 hodiny a furt nic. Zadnej radek. Jestli to nepujde bez Combofixu, tak to muzu dat ze vyresene.
Nejaky viry jsem pres predchozi programy nasel a vymazal, takze neco jsem udelal.

[bledulka]

Můžeme to zkusit i bez combofixu .

Stáhni MBR
http://www2.gmer.net/mbr/mbr.exe
-ulož ho na plochu
- start-spustit
do okénka zkopíruj
"%userprofile%\plocha\mbr" -t
ok
-na ploše se vytvoří log s názvem mbr.log, vlož ho sem




Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c


-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož

[HAFcool]

Tady je z OTL

OTL logfile created on: 12/22/2010 8:05:15 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = F:\Documents and Settings\Windows\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.75 Gb Total Space | 370.07 Gb Free Space | 79.46% Space Free | Partition Type: NTFS

Computer Name: WINDOWS | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2010/12/22 19:57:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Windows\Desktop\OTL.exe
PRC - [2010/12/09 00:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- F:\Documents and Settings\Windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/10/14 22:27:09 | 000,134,808 | ---- | M] (Google Inc.) -- F:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- F:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- F:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- F:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- F:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- F:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/02/22 15:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies) -- F:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2007/12/13 18:10:56 | 001,688,872 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/12/03 13:21:24 | 002,213,160 | ---- | M] (Nero AG) -- F:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2007/09/25 05:47:00 | 000,094,208 | R--- | M] (SigmaTel, Inc.) -- F:\WINDOWS\system32\stacsv.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- F:\WINDOWS\system32\PAStiSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/12/22 19:57:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Windows\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- F:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- F:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- F:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/27 01:07:18 | 003,562,408 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- F:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/10/27 08:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- F:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/09/25 05:47:00 | 000,094,208 | R--- | M] (SigmaTel, Inc.) [Auto | Running] -- F:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- F:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- F:\WINDOWS\System32\XDva281.sys -- (XDva281)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\WINDOWS\System32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\DOCUME~1\Windows\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- F:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- F:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- F:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/07/30 21:49:03 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- F:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/02 21:57:50 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/15 21:50:50 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/10/04 16:14:00 | 006,854,464 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/09/25 05:48:21 | 000,254,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/09/25 05:47:01 | 001,222,840 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/09/25 05:47:00 | 000,054,272 | R--- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2006/12/28 17:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/08/29 15:56:19 | 000,032,377 | ---- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\prodigy.sys -- (PRODIGY)
DRV - [2005/11/03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- F:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- F:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- F:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/04/08 10:46:18 | 000,162,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\pfc027.sys -- (PAC207)
DRV - [2004/03/19 02:00:00 | 000,091,392 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\P1171Vid.sys -- (P1171VID)
DRV - [2002/09/09 19:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-73586283-2052111302-682003330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-73586283-2052111302-682003330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-73586283-2052111302-682003330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 30 67 41 FB 28 CB 01 [binary data]
IE - HKU\S-1-5-21-73586283-2052111302-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/03/13 17:51:15 | 000,228,383 | R--- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8011 more lines...
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - F:\Program Files\Brothersoft\tbBro2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-73586283-2052111302-682003330-1007\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - F:\Program Files\Brothersoft\tbBro2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] F:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] F:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NBKeyScan] F:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] F:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] F:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Windows Defender] F:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-73586283-2052111302-682003330-1007..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-73586283-2052111302-682003330-1007..\Run: [WeatherBugAlert] F:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: F:\Documents and Settings\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = F:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-2052111302-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-73586283-2052111302-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - F:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - F:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: F:\Documents and Settings\Windows\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\Windows\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - F:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - F:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/24 19:15:36 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{794b7772-f0a5-11dc-a15a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{794b7772-f0a5-11dc-a15a-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{794b7772-f0a5-11dc-a15a-806d6172696f}\Shell\AutoRun\command - "" = D:\start.exe -- [2003/04/23 13:02:40 | 005,877,760 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

Drivers32: msacm.iac2 - F:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - F:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - F:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - F:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - F:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - F:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - F:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - F:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - F:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - F:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - F:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.VP60 - F:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - F:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - F:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 7 Days ==========

[2010/12/22 19:57:00 | 000,602,624 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Windows\Desktop\OTL.exe
[2010/12/22 17:47:29 | 000,000,000 | ---D | C] -- F:\Program Files\temp
[2010/12/22 17:45:39 | 000,000,000 | ---D | C] -- F:\Program Files\persistent_logs
[2010/12/22 17:45:03 | 000,000,000 | ---D | C] -- F:\Program Files\preferences
[2010/12/22 17:43:31 | 000,000,000 | ---D | C] -- F:\Program Files\Docs
[2010/12/22 17:32:01 | 000,000,000 | ---D | C] -- F:\Program Files\Miles
[2010/12/22 17:31:03 | 000,000,000 | ---D | C] -- F:\Program Files\saves
[2010/12/22 14:20:50 | 000,000,000 | --SD | C] -- F:\ComboFix
[2010/12/22 13:02:32 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Windows\Local Settings\Application Data\Activision
[2010/12/22 13:02:25 | 002,106,216 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\D3DCompiler_43.dll
[2010/12/22 13:02:25 | 000,527,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\XAudio2_7.dll
[2010/12/22 13:02:25 | 000,239,960 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xactengine3_7.dll
[2010/12/22 13:02:25 | 000,074,072 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\XAPOFX1_5.dll
[2010/12/22 13:02:24 | 001,998,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\D3DX9_43.dll
[2010/12/22 13:02:24 | 001,868,128 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\d3dcsx_43.dll
[2010/12/22 13:02:24 | 000,470,880 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\d3dx10_43.dll
[2010/12/22 13:02:24 | 000,248,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\d3dx11_43.dll
[2010/12/22 13:02:23 | 000,528,216 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\XAudio2_6.dll
[2010/12/22 13:02:23 | 000,238,936 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xactengine3_6.dll
[2010/12/22 13:02:23 | 000,074,072 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\XAPOFX1_4.dll
[2010/12/22 13:02:23 | 000,022,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\X3DAudio1_7.dll
[2010/12/21 23:44:51 | 000,000,000 | ---D | C] -- F:\Program Files\Steam
[2010/12/21 23:23:15 | 000,000,000 | ---D | C] -- F:\cmdcons
[2010/12/21 23:22:47 | 000,031,232 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe
[2010/12/21 21:01:33 | 000,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe
[2010/12/21 21:01:33 | 000,161,792 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe
[2010/12/21 21:01:33 | 000,136,704 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe
[2010/12/21 21:01:27 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERDNT
[2010/12/21 21:01:21 | 000,000,000 | ---D | C] -- F:\Qoobox
[2010/12/21 20:46:10 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Windows\Application Data\Malwarebytes
[2010/12/21 20:46:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/21 20:46:02 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/21 20:45:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2010/12/21 20:45:59 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2010/12/21 20:13:03 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Windows\DoctorWeb
[2010/12/21 19:40:05 | 000,000,000 | ---D | C] -- F:\Program Files\Trend Micro
[2009/07/29 23:24:22 | 000,041,351 | ---- | C] (CLASS/BACKLASH) -- F:\Program Files\RegSetup.exe
[2004/11/24 19:25:52 | 000,335,872 | ---- | C] ( ) -- F:\WINDOWS\System32\drvc.dll
[2004/09/07 23:13:08 | 008,884,224 | ---- | C] (The Creative Assembly Ltd) -- F:\Program Files\RomeTW.exe
[6 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[3 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010/12/22 20:06:00 | 000,000,438 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{C38E39ED-BD7F-4B9C-AB7C-036E3A522872}.job
[2010/12/22 20:05:00 | 000,000,424 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{1CC85209-C724-4AF1-91A1-FCE72C702F3D}.job
[2010/12/22 20:03:45 | 000,000,330 | -H-- | M] () -- F:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/12/22 20:03:00 | 000,000,420 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{839E4BDE-93A6-498E-85FE-0DFB10B07699}.job
[2010/12/22 20:01:13 | 000,013,646 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2010/12/22 20:01:06 | 003,932,160 | -H-- | M] () -- F:\Documents and Settings\Windows\NTUSER.DAT
[2010/12/22 20:00:57 | 000,000,882 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6c53e1eba6d6.job
[2010/12/22 20:00:54 | 000,000,434 | ---- | M] () -- F:\WINDOWS\tasks\RegPowerClean.job
[2010/12/22 20:00:54 | 000,000,416 | ---- | M] () -- F:\WINDOWS\tasks\PCConfidential.job
[2010/12/22 20:00:47 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010/12/22 20:00:43 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010/12/22 19:57:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Windows\Desktop\OTL.exe
[2010/12/22 19:55:07 | 000,089,088 | ---- | M] () -- F:\Documents and Settings\Windows\Desktop\mbr.exe
[2010/12/22 19:49:45 | 000,020,980 | ---- | M] () -- F:\Program Files\keys.dat
[2010/12/22 19:34:00 | 000,000,886 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cb6c53e2227cec.job
[2010/12/22 19:32:00 | 000,000,986 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-2052111302-682003330-1007UA.job
[2010/12/22 18:30:52 | 000,000,478 | -H-- | M] () -- F:\WINDOWS\tasks\Norton Security Scan for Windows.job
[2010/12/22 17:43:38 | 000,001,405 | ---- | M] () -- F:\Documents and Settings\Windows\Desktop\Rome - Total War.lnk
[2010/12/22 17:43:34 | 000,000,220 | ---- | M] () -- F:\WINDOWS\RomeTW.ini
[2010/12/22 13:19:55 | 003,996,261 | R--- | M] () -- F:\Documents and Settings\Windows\Desktop\ComboFix.exe
[2010/12/21 23:49:03 | 000,002,265 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/12/21 23:23:21 | 000,000,327 | RHS- | M] () -- F:\boot.ini
[2010/12/21 21:36:43 | 000,131,367 | ---- | M] () -- F:\Documents and Settings\Windows\Desktop\untitled.JPG
[2010/12/21 20:46:03 | 000,000,784 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/21 19:40:05 | 000,001,988 | ---- | M] () -- F:\Documents and Settings\Windows\Desktop\HiJackThis.lnk
[2010/12/20 23:32:00 | 000,000,934 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-2052111302-682003330-1007Core.job
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2010/12/15 22:14:00 | 000,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[6 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[3 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/22 19:55:07 | 000,089,088 | ---- | C] () -- F:\Documents and Settings\Windows\Desktop\mbr.exe
[2010/12/22 17:45:39 | 000,020,980 | ---- | C] () -- F:\Program Files\keys.dat
[2010/12/22 17:45:39 | 000,001,567 | ---- | C] () -- F:\Program Files\preferences.txt
[2010/12/22 17:44:56 | 000,000,010 | ---- | C] () -- F:\Program Files\player.txt
[2010/12/22 17:43:38 | 000,001,405 | ---- | C] () -- F:\Documents and Settings\Windows\Desktop\Rome - Total War.lnk
[2010/12/22 17:43:34 | 000,000,220 | ---- | C] () -- F:\WINDOWS\RomeTW.ini
[2010/12/22 17:43:32 | 000,001,078 | ---- | C] () -- F:\Program Files\gamespy.ico
[2010/12/21 23:23:21 | 000,000,210 | ---- | C] () -- F:\Boot.bak
[2010/12/21 23:23:20 | 000,260,272 | RHS- | C] () -- F:\cmldr
[2010/12/21 21:36:42 | 000,131,367 | ---- | C] () -- F:\Documents and Settings\Windows\Desktop\untitled.JPG
[2010/12/21 21:01:33 | 000,256,512 | ---- | C] () -- F:\WINDOWS\PEV.exe
[2010/12/21 21:01:33 | 000,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe
[2010/12/21 21:01:33 | 000,089,088 | ---- | C] () -- F:\WINDOWS\MBR.exe
[2010/12/21 21:01:33 | 000,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe
[2010/12/21 21:01:33 | 000,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe
[2010/12/21 20:52:20 | 003,996,261 | R--- | C] () -- F:\Documents and Settings\Windows\Desktop\ComboFix.exe
[2010/12/21 20:46:03 | 000,000,784 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/21 19:40:05 | 000,001,988 | ---- | C] () -- F:\Documents and Settings\Windows\Desktop\HiJackThis.lnk
[2010/07/18 10:36:46 | 000,000,022 | -HS- | C] () -- F:\Documents and Settings\Windows\Application Data\Sys6925.Config Collection.sys
[2010/07/05 20:08:09 | 000,043,520 | ---- | C] () -- F:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/02 23:44:53 | 002,111,242 | -H-- | C] () -- F:\Documents and Settings\Windows\Local Settings\Application Data\IconCache.db
[2010/07/02 07:38:28 | 000,000,130 | ---- | C] () -- F:\Documents and Settings\Windows\Local Settings\Application Data\fusioncache.dat
[2010/07/02 07:37:50 | 000,024,176 | ---- | C] () -- F:\Documents and Settings\Windows\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/02 07:36:07 | 000,000,062 | -HS- | C] () -- F:\Documents and Settings\Windows\Application Data\desktop.ini
[2009/09/16 16:44:37 | 000,001,027 | ---- | C] () -- F:\WINDOWS\WININIT.INI
[2009/08/09 15:01:26 | 000,077,824 | R--- | C] () -- F:\WINDOWS\System32\HPZIDS01.dll
[2009/08/09 14:54:31 | 000,002,204 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/07/30 21:49:02 | 000,721,904 | ---- | C] () -- F:\WINDOWS\System32\drivers\sptd.sys
[2009/07/29 23:24:19 | 000,000,192 | ---- | C] () -- F:\Program Files\game.dat
[2009/07/29 23:24:19 | 000,000,048 | ---- | C] () -- F:\Program Files\mania.dat
[2008/12/30 02:00:25 | 000,230,752 | ---- | C] () -- F:\WINDOWS\patchw32.dll
[2008/12/30 02:00:25 | 000,118,176 | ---- | C] () -- F:\WINDOWS\patchw.dll
[2008/09/05 17:56:01 | 000,354,816 | ---- | C] () -- F:\WINDOWS\System32\psisdecd.dll
[2008/08/31 18:28:08 | 000,022,328 | ---- | C] () -- F:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/05/21 15:24:35 | 000,000,754 | ---- | C] () -- F:\WINDOWS\WORDPAD.INI
[2008/04/19 09:05:59 | 000,167,064 | ---- | C] () -- F:\Program Files\custom.dat
[2008/04/18 20:26:31 | 000,000,083 | ---- | C] () -- F:\WINDOWS\wwp.INI
[2008/04/11 19:11:19 | 000,000,877 | ---- | C] () -- F:\WINDOWS\wincmd.ini
[2008/03/26 22:16:10 | 000,000,175 | ---- | C] () -- F:\WINDOWS\disney.ini
[2008/03/26 22:15:48 | 000,000,202 | ---- | C] () -- F:\WINDOWS\disneysy.ini
[2008/03/25 22:58:06 | 000,000,036 | ---- | C] () -- F:\WINDOWS\Tiny_Run.ini
[2008/03/21 11:15:44 | 000,000,032 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/03/20 13:38:27 | 000,000,020 | ---- | C] () -- F:\WINDOWS\level.ini
[2008/03/13 20:41:55 | 000,000,069 | ---- | C] () -- F:\WINDOWS\NeroDigital.ini
[2008/03/13 05:45:25 | 000,550,666 | ---- | C] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2008/03/13 05:45:24 | 000,004,161 | ---- | C] () -- F:\WINDOWS\ODBCINST.INI
[2008/03/13 05:44:59 | 000,000,062 | -HS- | C] () -- F:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/03/12 23:12:14 | 000,000,000 | ---- | C] () -- F:\WINDOWS\control.ini
[2008/03/12 23:09:29 | 000,000,037 | ---- | C] () -- F:\WINDOWS\vbaddin.ini
[2008/03/12 23:09:29 | 000,000,036 | ---- | C] () -- F:\WINDOWS\vb.ini
[2008/03/12 23:08:54 | 000,013,223 | ---- | C] () -- F:\WINDOWS\System32\tslabels.ini
[2008/03/12 23:08:52 | 000,001,931 | ---- | C] () -- F:\WINDOWS\System32\msdtcprf.ini
[2007/10/04 16:14:00 | 001,703,936 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/04 16:14:00 | 001,478,656 | ---- | C] () -- F:\WINDOWS\System32\nview.dll
[2007/10/04 16:14:00 | 001,019,904 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll
[2007/10/04 16:14:00 | 000,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll
[2007/10/04 16:14:00 | 000,286,720 | ---- | C] () -- F:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- F:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- F:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- F:\WINDOWS\System32\gthrctr.ini
[2007/07/27 13:00:00 | 001,291,776 | ---- | C] () -- F:\WINDOWS\System32\quartz.dll
[2007/07/27 13:00:00 | 001,015,477 | ---- | C] () -- F:\WINDOWS\System32\esentprf.ini
[2007/07/27 13:00:00 | 000,733,696 | ---- | C] () -- F:\WINDOWS\System32\qedwipes.dll
[2007/07/27 13:00:00 | 000,562,176 | ---- | C] () -- F:\WINDOWS\System32\qedit.dll
[2007/07/27 13:00:00 | 000,498,742 | ---- | C] () -- F:\WINDOWS\System32\dxmasf.dll
[2007/07/27 13:00:00 | 000,386,048 | ---- | C] () -- F:\WINDOWS\System32\qdvd.dll
[2007/07/27 13:00:00 | 000,355,112 | ---- | C] () -- F:\WINDOWS\System32\msjetoledb40.dll
[2007/07/27 13:00:00 | 000,279,040 | ---- | C] () -- F:\WINDOWS\System32\qdv.dll
[2007/07/27 13:00:00 | 000,270,848 | ---- | C] () -- F:\WINDOWS\System32\sbe.dll
[2007/07/27 13:00:00 | 000,252,928 | ---- | C] () -- F:\WINDOWS\System32\compatui.dll
[2007/07/27 13:00:00 | 000,199,168 | ---- | C] () -- F:\WINDOWS\System32\ir32_32.dll
[2007/07/27 13:00:00 | 000,192,512 | ---- | C] () -- F:\WINDOWS\System32\qcap.dll
[2007/07/27 13:00:00 | 000,186,880 | ---- | C] () -- F:\WINDOWS\System32\encdec.dll
[2007/07/27 13:00:00 | 000,094,282 | ---- | C] () -- F:\WINDOWS\System32\msencode.dll
[2007/07/27 13:00:00 | 000,070,656 | ---- | C] () -- F:\WINDOWS\System32\amstream.dll
[2007/07/27 13:00:00 | 000,059,904 | ---- | C] () -- F:\WINDOWS\System32\devenum.dll
[2007/07/27 13:00:00 | 000,053,478 | ---- | C] () -- F:\WINDOWS\System32\tcpmon.ini
[2007/07/27 13:00:00 | 000,042,809 | ---- | C] () -- F:\WINDOWS\System32\key01.sys
[2007/07/27 13:00:00 | 000,042,537 | ---- | C] () -- F:\WINDOWS\System32\keyboard.sys
[2007/07/27 13:00:00 | 000,035,648 | ---- | C] () -- F:\WINDOWS\System32\ntio411.sys
[2007/07/27 13:00:00 | 000,035,424 | ---- | C] () -- F:\WINDOWS\System32\ntio412.sys
[2007/07/27 13:00:00 | 000,035,328 | ---- | C] () -- F:\WINDOWS\System32\mciqtz32.dll
[2007/07/27 13:00:00 | 000,034,560 | ---- | C] () -- F:\WINDOWS\System32\ntio804.sys
[2007/07/27 13:00:00 | 000,034,560 | ---- | C] () -- F:\WINDOWS\System32\ntio404.sys
[2007/07/27 13:00:00 | 000,033,840 | ---- | C] () -- F:\WINDOWS\System32\ntio.sys
[2007/07/27 13:00:00 | 000,029,370 | ---- | C] () -- F:\WINDOWS\System32\ntdos411.sys
[2007/07/27 13:00:00 | 000,029,274 | ---- | C] () -- F:\WINDOWS\System32\ntdos412.sys
[2007/07/27 13:00:00 | 000,029,146 | ---- | C] () -- F:\WINDOWS\System32\ntdos804.sys
[2007/07/27 13:00:00 | 000,029,146 | ---- | C] () -- F:\WINDOWS\System32\ntdos404.sys
[2007/07/27 13:00:00 | 000,027,866 | ---- | C] () -- F:\WINDOWS\System32\ntdos.sys
[2007/07/27 13:00:00 | 000,027,097 | ---- | C] () -- F:\WINDOWS\System32\country.sys
[2007/07/27 13:00:00 | 000,015,360 | ---- | C] () -- F:\WINDOWS\System32\tsd32.dll
[2007/07/27 13:00:00 | 000,014,336 | ---- | C] () -- F:\WINDOWS\System32\msdmo.dll
[2007/07/27 13:00:00 | 000,013,312 | ---- | C] () -- F:\WINDOWS\System32\win87em.dll
[2007/07/27 13:00:00 | 000,012,082 | ---- | C] () -- F:\WINDOWS\System32\rsvp.ini
[2007/07/27 13:00:00 | 000,010,240 | ---- | C] () -- F:\WINDOWS\System32\scriptpw.dll
[2007/07/27 13:00:00 | 000,010,110 | ---- | C] () -- F:\WINDOWS\System32\mqperf.ini
[2007/07/27 13:00:00 | 000,009,029 | ---- | C] () -- F:\WINDOWS\System32\ansi.sys
[2007/07/27 13:00:00 | 000,006,877 | ---- | C] () -- F:\WINDOWS\System32\pschdprf.ini
[2007/07/27 13:00:00 | 000,004,768 | ---- | C] () -- F:\WINDOWS\System32\himem.sys
[2007/07/27 13:00:00 | 000,004,126 | ---- | C] () -- F:\WINDOWS\System32\msdxmlc.dll
[2007/07/27 13:00:00 | 000,003,458 | ---- | C] () -- F:\WINDOWS\System32\rasctrs.ini
[2007/07/27 13:00:00 | 000,002,891 | ---- | C] () -- F:\WINDOWS\System32\perfci.ini
[2007/07/27 13:00:00 | 000,002,732 | ---- | C] () -- F:\WINDOWS\System32\perfwci.ini
[2007/07/27 13:00:00 | 000,002,656 | ---- | C] () -- F:\WINDOWS\System32\netware.drv
[2007/07/27 13:00:00 | 000,001,405 | ---- | C] () -- F:\WINDOWS\msdfmap.ini
[2007/07/27 13:00:00 | 000,001,152 | ---- | C] () -- F:\WINDOWS\System32\perffilt.ini
[2007/07/27 13:00:00 | 000,000,562 | ---- | C] () -- F:\WINDOWS\win.ini
[2007/07/27 13:00:00 | 000,000,343 | ---- | C] () -- F:\WINDOWS\System32\prodspec.ini
[2007/07/27 13:00:00 | 000,000,250 | ---- | C] () -- F:\WINDOWS\system.ini
[2005/10/14 10:56:50 | 003,596,288 | ---- | C] () -- F:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 10:56:50 | 000,921,600 | ---- | C] () -- F:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 10:56:50 | 000,761,856 | ---- | C] () -- F:\WINDOWS\System32\xvidcore.dll
[2005/10/14 10:56:50 | 000,344,064 | ---- | C] () -- F:\WINDOWS\System32\xvid.dll
[2005/10/14 10:56:50 | 000,237,568 | ---- | C] () -- F:\WINDOWS\System32\OggDS.dll
[2005/10/14 10:56:50 | 000,188,416 | ---- | C] () -- F:\WINDOWS\System32\vorbis.dll
[2005/10/14 10:56:50 | 000,155,136 | ---- | C] () -- F:\WINDOWS\System32\unrar.dll
[2005/10/14 10:56:50 | 000,045,056 | ---- | C] () -- F:\WINDOWS\System32\ogg.dll
[2005/04/08 10:46:18 | 000,162,176 | ---- | C] () -- F:\WINDOWS\System32\drivers\pfc027.sys
[2005/01/25 15:15:42 | 000,010,240 | ---- | C] () -- F:\WINDOWS\System32\PA207Usd.dll
[2004/10/12 06:40:58 | 002,255,360 | ---- | C] () -- F:\WINDOWS\System32\libavcodec.dll
[2004/10/12 06:39:48 | 000,028,160 | ---- | C] () -- F:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 06:39:08 | 000,110,592 | ---- | C] () -- F:\WINDOWS\System32\ff_theora.dll
[2004/10/09 06:40:16 | 000,454,144 | ---- | C] () -- F:\WINDOWS\System32\ff_x264.dll
[2004/10/05 08:16:08 | 000,395,776 | ---- | C] () -- F:\WINDOWS\System32\libmplayer.dll
[2004/10/03 17:50:54 | 000,129,024 | ---- | C] () -- F:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/28 01:45:48 | 000,368,640 | ---- | C] () -- F:\Program Files\mss32.dll
[2001/08/17 23:36:28 | 000,157,696 | ---- | C] () -- F:\WINDOWS\System32\paqsp.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- F:\WINDOWS\System32\hptcpmon.ini
[2001/01/12 10:52:26 | 000,044,032 | ---- | C] () -- F:\WINDOWS\System32\vbpng1.dll
[2001/01/12 10:49:38 | 000,053,248 | ---- | C] () -- F:\WINDOWS\System32\zlib.dll
[1998/03/22 12:50:02 | 000,010,240 | ---- | C] () -- F:\WINDOWS\System32\vidx16.dll

========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 -- [2007/12/13 18:10:56 | 001,688,872 | ---- | M] (Nero AG)
"ctfmon.exe" = F:\WINDOWS\system32\ctfmon.exe -- [2008/04/14 01:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Google Update" = "F:\Documents and Settings\Windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c -- [2010/06/15 19:03:27 | 000,136,176 | ---- | M] (Google Inc.)
"msnmsgr" = "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background -- [2010/04/16 21:12:38 | 003,872,080 | ---- | M] (Microsoft Corporation)
"WeatherBugAlert" = "F:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe" /st -- [2010/02/22 15:38:12 | 000,442,368 | ---- | M] (AWS Convergence Technologies)
"Skype" = "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2010/10/11 16:49:48 | 014,940,040 | R--- | M] (Skype Technologies S.A.)

< c:\windows\*.* /U >


< MD5 for: AGP440.SYS >
[2007/07/27 13:00:00 | 018,738,937 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/13 22:39:08 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/13 22:39:08 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2007/07/27 13:00:00 | 018,738,937 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/13 22:39:08 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/13 22:39:08 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- F:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2007/07/27 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- F:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- F:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\eventlog.dll
[2007/07/27 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- F:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- F:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- F:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- F:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- F:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/07/27 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- F:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: HAL.DLL >
[2007/07/27 13:00:00 | 018,738,937 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008/08/13 22:39:08 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008/08/13 22:39:08 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008/04/13 19:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- F:\WINDOWS\system32\HAL.DLL
[2008/04/13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- F:\WINDOWS\ServicePackFiles\i386\hal.dll
[2007/07/27 13:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- F:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: LSASS.EXE >
[2007/07/27 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- F:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008/04/14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- F:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008/04/14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- F:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- F:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- F:\WINDOWS\system32\drivers\ndis.sys
[2007/07/27 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- F:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\netlogon.dll
[2007/07/27 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- F:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007/07/27 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- F:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008/04/14 01:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- F:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008/04/14 01:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- F:\WINDOWS\system32\smss.exe
[2007/07/27 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- F:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004/08/04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- F:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- F:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- F:\WINDOWS\system32\svchost.exe
[2007/07/27 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- F:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2007/07/27 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- F:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- F:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- F:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2007/07/27 13:00:00 | 000,506,880 | ---- | M] (Microsoft Corporation) MD5=051A52001D625F316CE81A539BD25192 -- F:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- F:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- F:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- F:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- F:\WINDOWS\system32\ws2_32.dll
[2007/07/27 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- F:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 F:\WINDOWS\system32\*.tmp files -> F:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< End of report >

[bledulka]

Otl je v pořádku. Ještě ten Mbr.exe.
Co počítač?

[HAFcool]

Ten Mbr.exe se mi sekne a jedinej log ktery mi vyjel je -

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Generic_ rev.1.00 -> Harddisk1\DR2 -> \Device\00000083

device: opened successfully
user: error reading MBR



A pc je celkem dobry, ale nekdy se sekne apod.