Prohlizec presmerovava, adware, rootkity

Zpráva

Aldaris · #1 Příspěvek od **Aldaris** » 28 led 2012 16:39

Dobry den. Prosim o pomoc s odstranenim haveti.
Symptomy:

Prohlizec presmerovava na reklamni stranky
PC se snazi pripojit na podezrele IP adresy a weby
TDSSkiller nejde spustit
ComboFix se spusti, ale jak zacne skenovat, tak zamrzne (nedostane se ani do faze 1, dal jsem mu 4 hodiny, pak jsem ho restartoval)
[opraveno]Na plose nejsou zadne ikony
[opraveno]Nejde spustit taskmgr
Ted mi jeste spadl avast pote, co zablokoval pristup na nejakou stranku
GMER pise chybu: LoadDriver (C:/Docume.../.../fwlyypoc.sys error 0xC000010E: Cannot create a stable subkey under a volatile parent key)
Na lokalnim disku C je slozka, ktera se tvari jako Tento pocitac. Jmenuje se ComboFix a kdyz ji otevru, zobrazi se mi seznam disku, cd mechanik, atd. Kdyz dam lokalni disk C, tak se zacyklim a muzu to tak otevirat donekonecna. Asi se jedna o zbytek po neuspesnem spusteni ComboFixu.

Zatim jsem aplikoval jsem MBAM, SAS a Avast skener a prikladam RSIT log:

--------------------------------------------------------------------------

Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2012-01-28 10:33:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 61 GB (52%) free of 117 GB
Total RAM: 2543 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:34:02 AM, on 1/28/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINNT\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\lxecserv.exe
C:\WINNT\system32\lxeccoms.exe
C:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxecmon.exe] "C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe"
O4 - HKLM\..\Run: [Lexmark Pro800-Pro900 Series Fax Server] "C:\Program Files\Lexmark Pro800-Pro900 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZUxdm080YYUS
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/OneClickFix/tgctlsr.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/ ... cmatic.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {944713E8-1F29-42D9-ABD5-557728B9AC97} (PtClickLoanWF Control) - https://ilnet.wellsfargo.com/ilonline/c ... loanwf.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/seri ... /gwCID.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\WINNT\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe
O23 - Service: lxec_device - - C:\WINNT\system32\lxeccoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe

--
End of file - 14357 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
C:\WINNT\tasks\ISP signup reminder 1.job
C:\WINNT\tasks\ISP signup reminder 2.job
C:\WINNT\tasks\ISP signup reminder 3.job
C:\WINNT\tasks\Reimage Reminder.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll [2012-01-13 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Gateway Ink Monitor"=C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe [2003-11-05 303180]
"NeroCheck"=C:\WINNT\System32\NeroCheck.exe [2001-07-09 155648]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2006-01-19 11776]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-04-20 58656]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2011-01-31 38840]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2010-09-22 640440]
"Adobe_ID0ENQBO"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Conime"=C:\WINNT\system32\conime.exe [2008-04-13 27648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-04-14 421160]
"lxecmon.exe"=C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe [2010-05-17 770728]
"EzPrint"=C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe [2010-05-17 148280]
"Lexmark Pro800-Pro900 Series Fax Server"=C:\Program Files\Lexmark Pro800-Pro900 Series\fm3032.exe [2010-05-17 316072]
"Malwarebytes' Anti-Malware"=C:\Malwarebytes' Anti-Malware\mbamgui.exe [2011-12-24 460872]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2010-04-16 3872080]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-03 68856]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-18 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDesktop"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon"
"C:\Program Files\Rosetta Stone\Rosetta Stone TOTALe\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone TOTALe\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe:*:Enabled:Rosetta Stone TOTALe Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINNT\system32\lxeccoms.exe"="C:\WINNT\system32\lxeccoms.exe:*:Enabled:Pro800-Pro900 Series Server"
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Rosetta Stone\Rosetta Stone TOTALe\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone TOTALe\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe:*:Enabled:Rosetta Stone TOTALe Application"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINNT\System32\l3codeca.acm
"vidc.iv41"=ir41_32.ax
"msacm.iac2"=iac25_32.ax
"vidc.iv50"=ir50_32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"VIDC.CFHD"=CFHD.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-01-28 09:59:58 ----A---- C:\Boot.bak
2012-01-28 09:59:35 ----RASHD---- C:\cmdcons
2012-01-28 09:51:17 ----SD---- C:\ComboFix
2012-01-28 08:09:19 ----ASH---- C:\hiberfil.sys
2012-01-28 01:47:26 ----D---- C:\Program Files\SUPERAntiSpyware
2012-01-28 01:47:26 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-28 01:39:38 ----A---- C:\WINNT\ntbtlog.txt
2012-01-27 23:49:21 ----D---- C:\Program Files\Ultimate Process Manager
2012-01-27 20:10:14 ----A---- C:\WINNT\system32\drivers\aswFsBlk.sys
2012-01-27 20:10:13 ----A---- C:\WINNT\system32\drivers\aswSP.sys
2012-01-27 20:10:01 ----A---- C:\WINNT\system32\drivers\aswRdr.sys
2012-01-27 20:09:59 ----A---- C:\WINNT\system32\drivers\aswTdi.sys
2012-01-27 20:09:58 ----A---- C:\WINNT\system32\drivers\aswSnx.sys
2012-01-27 20:09:55 ----A---- C:\WINNT\system32\drivers\aswmon2.sys
2012-01-27 20:09:55 ----A---- C:\WINNT\system32\drivers\aswmon.sys
2012-01-27 20:09:54 ----A---- C:\WINNT\system32\drivers\aavmker4.sys
2012-01-27 20:09:21 ----A---- C:\WINNT\avastSS.scr
2012-01-27 20:09:19 ----A---- C:\WINNT\system32\aswBoot.exe
2012-01-27 20:09:03 ----D---- C:\Program Files\AVAST Software
2012-01-27 20:09:03 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2012-01-27 20:06:11 ----D---- C:\Program Files\trend micro
2012-01-27 20:06:09 ----D---- C:\rsit
2012-01-27 02:32:44 ----D---- C:\Malwarebytes' Anti-Malware
2012-01-27 00:35:38 ----A---- C:\WINNT\zip.exe
2012-01-27 00:35:38 ----A---- C:\WINNT\SWXCACLS.exe
2012-01-27 00:35:38 ----A---- C:\WINNT\SWSC.exe
2012-01-27 00:35:38 ----A---- C:\WINNT\SWREG.exe
2012-01-27 00:35:38 ----A---- C:\WINNT\sed.exe
2012-01-27 00:35:38 ----A---- C:\WINNT\PEV.exe
2012-01-27 00:35:38 ----A---- C:\WINNT\NIRCMD.exe
2012-01-27 00:35:38 ----A---- C:\WINNT\MBR.exe
2012-01-27 00:35:38 ----A---- C:\WINNT\grep.exe
2012-01-27 00:34:21 ----D---- C:\WINNT\ERDNT
2012-01-27 00:33:05 ----D---- C:\Qoobox
2012-01-16 19:56:10 ----A---- C:\WINNT\reimage.ini
2012-01-16 19:55:35 ----D---- C:\rei
2012-01-16 19:55:26 ----D---- C:\Program Files\Reimage
2012-01-16 17:26:06 ----AH---- C:\WINNT\CD_Start.INI
2012-01-13 03:22:38 ----HDC---- C:\WINNT\$NtUninstallKB2564958$
2012-01-13 03:22:01 ----HDC---- C:\WINNT\$NtUninstallKB2544893-v2$
2012-01-13 03:17:48 ----HDC---- C:\WINNT\$NtUninstallKB2646524$
2012-01-13 03:17:34 ----HDC---- C:\WINNT\$NtUninstallKB2631813$
2012-01-13 03:17:23 ----HDC---- C:\WINNT\$NtUninstallKB2639417$
2012-01-13 03:13:14 ----HDC---- C:\WINNT\$NtUninstallKB2598479$
2012-01-13 03:11:51 ----HDC---- C:\WINNT\$NtUninstallKB2641690$
2012-01-13 03:11:39 ----HDC---- C:\WINNT\$NtUninstallKB2624667$
2012-01-13 03:06:15 ----HDC---- C:\WINNT\$NtUninstallKB2592799$
2012-01-13 03:06:07 ----HDC---- C:\WINNT\$NtUninstallKB2570947$
2012-01-13 03:05:08 ----HDC---- C:\WINNT\$NtUninstallKB2603381$
2012-01-13 03:03:37 ----HDC---- C:\WINNT\$NtUninstallKB2633952$
2012-01-13 03:03:32 ----HDC---- C:\WINNT\$NtUninstallKB2619339$
2012-01-13 03:03:24 ----HDC---- C:\WINNT\$NtUninstallKB2618451$
2012-01-13 03:02:27 ----HDC---- C:\WINNT\$NtUninstallKB2620712$
2012-01-13 03:02:19 ----HDC---- C:\WINNT\$NtUninstallKB2584146$
2012-01-13 03:02:07 ----HDC---- C:\WINNT\$NtUninstallKB2633171$
2012-01-12 14:06:42 ----AH---- C:\WINNT\system32\drivers\mouhid.sys

======List of files/folders modified in the last 1 month======

2012-01-28 10:30:09 ----HD---- C:\WINNT\Temp
2012-01-28 10:29:41 ----HD---- C:\WINNT\Prefetch
2012-01-28 10:22:46 ----HD---- C:\WINNT\system32\CatRoot2
2012-01-28 10:07:14 ----AHD---- C:\WINNT\system32
2012-01-28 10:07:14 ----AHD---- C:\WINNT
2012-01-28 10:00:02 ----RASH---- C:\boot.ini
2012-01-28 09:54:11 ----A---- C:\WINNT\SchedLgU.Txt
2012-01-28 09:50:15 ----HD---- C:\WINNT\system32\drivers
2012-01-28 01:47:26 ----RHD---- C:\Program Files
2012-01-27 21:20:07 ----HD---- C:\Program Files\PCPitstop
2012-01-27 21:20:05 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2012-01-27 21:12:07 ----HD---- C:\WINNT\Debug
2012-01-27 20:34:50 ----SHD---- C:\WINNT\Installer
2012-01-27 20:33:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-01-27 20:33:05 ----HD---- C:\Program Files\Microsoft
2012-01-27 20:20:33 ----SD---- C:\WINNT\Tasks
2012-01-27 20:13:19 ----HD---- C:\WINNT\SoftwareDistribution
2012-01-27 20:09:37 ----HD---- C:\WINNT\WinSxS
2012-01-27 14:40:51 ----HD---- C:\WINNT\$NtUninstallKB821557$
2012-01-27 02:32:00 ----HD---- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-27 02:27:18 ----HD---- C:\Documents and Settings
2012-01-27 01:08:15 ----SHD---- C:\RECYCLER
2012-01-16 19:15:29 ----HD---- C:\Program Files\Microsoft Office
2012-01-16 17:44:24 ----SD---- C:\WINNT\Downloaded Program Files
2012-01-16 17:19:37 ----HD---- C:\WINNT\inf
2012-01-14 11:27:43 ----HD---- C:\Program Files\FinePixViewer
2012-01-13 03:41:13 ----HD---- C:\Program Files\Microsoft Silverlight
2012-01-13 03:41:07 ----RSHD---- C:\WINNT\system32\dllcache
2012-01-13 03:41:06 ----HD---- C:\Program Files\Internet Explorer
2012-01-13 03:32:30 ----RSD---- C:\WINNT\assembly
2012-01-13 03:27:04 ----HD---- C:\WINNT\Microsoft.NET
2012-01-13 03:22:33 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-01-13 03:21:00 ----AH---- C:\WINNT\system32\PerfStringBackup.INI
2012-01-13 03:09:36 ----HD---- C:\WINNT\$hf_mig$
2012-01-13 03:05:55 ----AH---- C:\WINNT\win.ini
2012-01-12 21:13:59 ----HD---- C:\Program Files\Google
2012-01-12 20:41:39 ----HD---- C:\Program Files\InstallShield Installation Information
2012-01-12 20:41:22 ----HD---- C:\TEMP
2012-01-12 20:22:16 ----HD---- C:\WINNT\network diagnostic
2012-01-12 18:45:22 ----AH---- C:\WINNT\winpoint.ini
2012-01-12 14:19:36 ----HD---- C:\Program Files\Adobe
2012-01-12 14:19:33 ----HD---- C:\Program Files\Common Files\Adobe AIR
2012-01-04 17:15:16 ----AH---- C:\WINNT\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINNT\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 iaStor;Intel Integrated RAID; C:\WINNT\System32\DRIVERS\iaStor.sys [2003-07-02 274816]
R0 PxHelp20;PxHelp20; C:\WINNT\System32\Drivers\PxHelp20.sys [2009-07-10 20576]
R0 sonypvl2;sonypvl2; C:\WINNT\system32\drivers\sonypvl2.sys [2003-07-25 19478]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINNT\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 aswRdr;aswRdr; C:\WINNT\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINNT\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINNT\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINNT\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINNT\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 sonypvf2;sonypvf2; C:\WINNT\system32\drivers\sonypvf2.sys [2004-04-08 635017]
R1 sonypvt2;sonypvt2; C:\WINNT\system32\drivers\sonypvt2.sys [2003-08-20 431236]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 adfs;adfs; C:\WINNT\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINNT\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;aswMon2; C:\WINNT\system32\drivers\aswMon2.sys [2011-11-28 111320]
R2 MASPINT;MASPINT; C:\WINNT\system32\drivers\MASPINT.sys [2000-03-29 8096]
R3 aeaudio;aeaudio; C:\WINNT\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINNT\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 IntelC51;IntelC51; C:\WINNT\System32\DRIVERS\IntelC51.sys [2003-07-16 1075685]
R3 IntelC52;IntelC52; C:\WINNT\System32\DRIVERS\IntelC52.sys [2003-07-16 481305]
R3 IntelC53;IntelC53; C:\WINNT\System32\DRIVERS\IntelC53.sys [2003-07-16 50805]
R3 MBAMProtector;MBAMProtector; \??\C:\WINNT\system32\drivers\mbam.sys []
R3 mohfilt;mohfilt; C:\WINNT\System32\DRIVERS\mohfilt.sys [2003-07-16 31440]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NWADI;NWADI Bus Enumerator; C:\WINNT\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 pfc;Padus ASPI Shell; C:\WINNT\system32\drivers\pfc.sys [2005-11-02 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINNT\System32\Drivers\RootMdm.sys [2003-03-31 5888]
R3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2003-03-18 542976]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 sonypvd2;sonypvd2; C:\WINNT\system32\DRIVERS\sonypvd2.sys [2003-06-24 64093]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2003-11-20 122110]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2003-11-20 99002]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINNT\system32\DRIVERS\BrScnUsb.sys [2004-10-14 15295]
S3 BrSerIb;Brother Serial Interface Driver(WDM); C:\WINNT\system32\DRIVERS\BrSerIb.sys [2009-11-02 71424]
S3 BrUsbSIb;Brother Serial USB Driver(WDM); C:\WINNT\system32\DRIVERS\BrUsbSIb.sys [2009-11-02 11520]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\D:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 cpuz134;cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys []
S3 Dot4;IEEE-1284.4 Driver; C:\WINNT\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINNT\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\esihdrv.sys []
S3 HidBatt;HID UPS Battery Driver; C:\WINNT\System32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINNT\system32\drivers\mfeavfk.sys [2009-09-16 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINNT\system32\drivers\mfebopk.sys [2009-09-16 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINNT\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINNT\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINNT\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINNT\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver; C:\WINNT\system32\DRIVERS\nwusbser2.sys [2007-04-19 99200]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINNT\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINNT\system32\bgsvcgen.exe [2005-04-30 86016]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 lxec_device;lxec_device; C:\WINNT\system32\lxeccoms.exe [2010-04-14 598696]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService; C:\WINNT\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe [2010-04-14 193192]
R2 MBAMService;MBAMService; C:\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R2 RosettaStoneDaemon;RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2010-05-17 1615176]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-04-14 820520]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-25 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-07-10 72704]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-02-09 1045256]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-25 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-30 182768]
S3 idsvc;Windows CardSpace; c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Aldaris · #2 Příspěvek od **Aldaris** » 28 led 2012 17:10

Mockrat dekuji za rychlou odpoved.
Zapomnel jsem zminit jeste jeden symptom. Kdyz jsem chtel vypnout obnovu systemu, abych smazal infikovane vytvorene body, neslo to vypnout. (System Restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again.)

OTL mi jeste porad bezi, generuje adresarovou strukturu. Odpovidam uz ted bez OTL logu, abych se zeptal, jestli se ted nemuze zacyklit pri vytvareni struktury nebo jestli ho mam nechat jeste dale bezet.

EDIT: omlouvam se, uz bezi dal. Brzy pridam jeste log z OTL.

MBR Scan

Kód: Vybrat vše

MBRScan v1.0.7

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 15 Model 2 Stepping 9, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/01/28 (ISO 8601) at 10:49:12
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __Maxtor 6Y120L0 (YAR41BW0)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR3 __OCZ ET1208AD (1.0)
BUS_TYPE       : (0x07)  USB
USE_PIO        : NO
MAX_TRANSFER   : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

Device\Harddisk0\DR0	114.5 Go  [Fixed] ==> XP MBR Code ==> PARTITION TABLE FAKED !!

MBR_MD5   : FBBA9F20F5B16F9C4613A36359D61E34
MBR_SHA1  : CC465E63E6126E2E2E50E47739183512E6E46BAA

Device\Harddisk0\Partition1	114.5 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition2	6.94 Mo  	0x17 Hidden HPFS/NTFS  __ BOOTABLE __
________________________________________________________________________________

Device\Harddisk1\DR3	1.95 Go  [Removable] ==> Unknown MBR Code

MBR_MD5   : 3872D9867B4BE61A171C0A36D6AC13C9
MBR_SHA1  : 84D1EC461717B433F8E1FF521FFE4AB970E72887

Device\Harddisk1\Partition1	1.95 Go __ BOOTABLE __
________________________________________________________________________________


_____FAKED   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 06 7D 06 7D 00 00 00 01   .....,Dc.}.}....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 A3 BF 4F 0E 80 FE   ...þ..?...£¿O..þ
0x000001D0   FF FF 17 FE FF FF E2 BF 4F 0E 8E 37 00 00 00 00   ...þ..â¿O..7....
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__ORIGINAL   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 06 7D 06 7D 00 00 80 01   .....,Dc.}.}....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 A3 BF 4F 0E 00 00   ...þ..?...£¿O...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    33c0            XOR AX, AX   
0x0002    8ed0            MOV SS, AX   
0x0004    bc 007c         MOV SP, 0x7c00   
0x0007    fb              STI   
0x0008    50              PUSH AX   
0x0009    07              POP ES   
0x000A    50              PUSH AX   
0x000B    1f              POP DS   
0x000C    fc              CLD   
0x000D    be 1b7c         MOV SI, 0x7c1b   
0x0010    bf 1b06         MOV DI, 0x61b   
0x0013    50              PUSH AX   
0x0014    57              PUSH DI   
0x0015    b9 e501         MOV CX, 0x1e5   
0x0018    f3 a4           REP MOVSB   
0x001A    cb              RETF   
0x001B    bd be07         MOV BP, 0x7be   
0x001E    b1 04           MOV CL, 0x4   
0x0020    386e 00         CMP [BP+0x0], CH   
0x0023    7c 09           JL 0x2e   
0x0025    75 13           JNZ 0x3a   
0x0027    83c5 10         ADD BP, 0x10   
0x002A    e2 f4           LOOP 0x20   
0x002C    cd 18           INT 0x18   
0x002E    8bf5            MOV SI, BP   
0x0030    83c6 10         ADD SI, 0x10   
0x0033    49              DEC CX   
0x0034    74 19           JZ 0x4f   
0x0036    382c            CMP [SI], CH   
0x0038    74 f6           JZ 0x30   
0x003A    a0 b507         MOV AL, [0x7b5]   
0x003D    b4 07           MOV AH, 0x7   
0x003F    8bf0            MOV SI, AX   
0x0041    ac              LODSB   
0x0042    3c 00           CMP AL, 0x0   
0x0044    74 fc           JZ 0x42   
0x0046    bb 0700         MOV BX, 0x7   
0x0049    b4 0e           MOV AH, 0xe   
0x004B    cd 10           INT 0x10   
0x004D    eb f2           JMP 0x41   
0x004F    884e 10         MOV [BP+0x10], CL   
0x0052    e8 4600         CALL 0x9b   
0x0055    73 2a           JAE 0x81   
0x0057    fe46 10         INC BYTE [BP+0x10]   
0x005A    807e 04 0b      CMP BYTE [BP+0x4], 0xb   
0x005E    74 0b           JZ 0x6b   
0x0060    807e 04 0c      CMP BYTE [BP+0x4], 0xc   
0x0064    74 05           JZ 0x6b   
0x0066    a0 b607         MOV AL, [0x7b6]   
0x0069    75 d2           JNZ 0x3d   
0x006B    8046 02 06      ADD BYTE [BP+0x2], 0x6   
0x006F    8346 08 06      ADD WORD [BP+0x8], 0x6   
0x0073    8356 0a 00      ADC WORD [BP+0xa], 0x0   
0x0077    e8 2100         CALL 0x9b   
0x007A    73 05           JAE 0x81   
0x007C    a0 b607         MOV AL, [0x7b6]   
0x007F    eb bc           JMP 0x3d   
0x0081    813e fe7d 55aa  CMP WORD [0x7dfe], 0xaa55   
0x0087    74 0b           JZ 0x94   
0x0089    807e 10 00      CMP BYTE [BP+0x10], 0x0   
0x008D    74 c8           JZ 0x57   
0x008F    a0 b707         MOV AL, [0x7b7]   
0x0092    eb a9           JMP 0x3d   
0x0094    8bfc            MOV DI, SP   
0x0096    1e              PUSH DS   
0x0097    57              PUSH DI   
0x0098    8bf5            MOV SI, BP   
0x009A    cb              RETF   
0x009B    bf 0500         MOV DI, 0x5   
0x009E    8a56 00         MOV DL, [BP+0x0]   
0x00A1    b4 08           MOV AH, 0x8   
0x00A3    cd 13           INT 0x13   
0x00A5    72 23           JB 0xca   
0x00A7    8ac1            MOV AL, CL   
0x00A9    24 3f           AND AL, 0x3f   
0x00AB    98              CBW   
0x00AC    8ade            MOV BL, DH   
0x00AE    8afc            MOV BH, AH   
0x00B0    43              INC BX   
0x00B1    f7e3            MUL BX   
0x00B3    8bd1            MOV DX, CX   
0x00B5    86d6            XCHG DH, DL   
0x00B7    b1 06           MOV CL, 0x6   
0x00B9    d2ee            SHR DH, CL   
0x00BB    42              INC DX   
0x00BC    f7e2            MUL DX   
0x00BE    3956 0a         CMP [BP+0xa], DX   
0x00C1    77 23           JA 0xe6   
0x00C3    72 05           JB 0xca   
0x00C5    3946 08         CMP [BP+0x8], AX   
0x00C8    73 1c           JAE 0xe6   
0x00CA    b8 0102         MOV AX, 0x201   
0x00CD    bb 007c         MOV BX, 0x7c00   
0x00D0    8b4e 02         MOV CX, [BP+0x2]   
0x00D3    8b56 00         MOV DX, [BP+0x0]   
0x00D6    cd 13           INT 0x13   
0x00D8    73 51           JAE 0x12b   
0x00DA    4f              DEC DI   
0x00DB    74 4e           JZ 0x12b   
0x00DD    32e4            XOR AH, AH   
0x00DF    8a56 00         MOV DL, [BP+0x0]   
0x00E2    cd 13           INT 0x13   
0x00E4    eb e4           JMP 0xca   
0x00E6    8a56 00         MOV DL, [BP+0x0]   
0x00E9    60              PUSHA   
0x00EA    bb aa55         MOV BX, 0x55aa   
0x00ED    b4 41           MOV AH, 0x41   
0x00EF    cd 13           INT 0x13   
0x00F1    72 36           JB 0x129   
0x00F3    81fb 55aa       CMP BX, 0xaa55   
0x00F7    75 30           JNZ 0x129   
0x00F9    f6c1 01         TEST CL, 0x1   
0x00FC    74 2b           JZ 0x129   
0x00FE    61              POPA   
0x00FF    60              PUSHA   
0x0100    6a 00           PUSH 0x0   
0x0102    6a 00           PUSH 0x0   
0x0104    ff76 0a         PUSH WORD [BP+0xa]   
0x0107    ff76 08         PUSH WORD [BP+0x8]   
0x010A    6a 00           PUSH 0x0   
0x010C    68 007c         PUSH 0x7c00   
0x010F    6a 01           PUSH 0x1   
0x0111    6a 10           PUSH 0x10   
0x0113    b4 42           MOV AH, 0x42   
0x0115    8bf4            MOV SI, SP   
0x0117    cd 13           INT 0x13   
0x0119    61              POPA   
0x011A    61              POPA   
0x011B    73 0e           JAE 0x12b   
0x011D    4f              DEC DI   
0x011E    74 0b           JZ 0x12b   
0x0120    32e4            XOR AH, AH   
0x0122    8a56 00         MOV DL, [BP+0x0]   
0x0125    cd 13           INT 0x13   
0x0127    eb d6           JMP 0xff   
0x0129    61              POPA   
0x012A    f9              STC   
0x012B    c3              RET   
0x012C    49              DEC CX   
0x012D    6e              OUTSB   
0x012E    76 61           JBE 0x191   
0x0130    6c              INSB   
0x0131    6964 20 7061    IMUL SP, [SI+0x20], 0x6170   
0x0136    72 74           JB 0x1ac   
0x0138    6974 69 6f6e    IMUL SI, [SI+0x69], 0x6e6f   
0x013D    2074 61         AND [SI+0x61], DH   
0x0140    626c 65         BOUND BP, [SI+0x65]   
0x0143    0045 72         ADD [DI+0x72], AL   
0x0146    72 6f           JB 0x1b7   
0x0148    72 20           JB 0x16a   
0x014A    6c              INSB   
0x014B    6f              OUTSW   
0x014C    61              POPA   
0x014D    64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20   
0x0153    70 65           JO 0x1ba   
0x0155    72 61           JB 0x1b8   
0x0157    74 69           JZ 0x1c2   
0x0159    6e              OUTSB   
0x015A    67 2073 79      AND [EBX+0x79], DH   
0x015E    73 74           JAE 0x1d4   
0x0160    65 6d           INS WORD GS:[DI], DX   
0x0162    004d 69         ADD [DI+0x69], CL   
0x0165    73 73           JAE 0x1da   
0x0167    696e 67 206f    IMUL BP, [BP+0x67], 0x6f20   
0x016C    70 65           JO 0x1d3   
0x016E    72 61           JB 0x1d1   
0x0170    74 69           JZ 0x1db   
0x0172    6e              OUTSB   
0x0173    67 2073 79      AND [EBX+0x79], DH   
0x0177    73 74           JAE 0x1ed   
0x0179    65 6d           INS WORD GS:[DI], DX   
0x017B    0000            ADD [BX+SI], AL   
0x017D    0000            ADD [BX+SI], AL   
0x017F    0000            ADD [BX+SI], AL   
0x0181    0000            ADD [BX+SI], AL   
0x0183    0000            ADD [BX+SI], AL   
0x0185    0000            ADD [BX+SI], AL   
0x0187    0000            ADD [BX+SI], AL   
0x0189    0000            ADD [BX+SI], AL   
0x018B    0000            ADD [BX+SI], AL   
0x018D    0000            ADD [BX+SI], AL   
0x018F    0000            ADD [BX+SI], AL   
0x0191    0000            ADD [BX+SI], AL   
0x0193    0000            ADD [BX+SI], AL   
0x0195    0000            ADD [BX+SI], AL   
0x0197    0000            ADD [BX+SI], AL   
0x0199    0000            ADD [BX+SI], AL   
0x019B    0000            ADD [BX+SI], AL   
0x019D    0000            ADD [BX+SI], AL   
0x019F    0000            ADD [BX+SI], AL   
0x01A1    0000            ADD [BX+SI], AL   
0x01A3    0000            ADD [BX+SI], AL   
0x01A5    0000            ADD [BX+SI], AL   
0x01A7    0000            ADD [BX+SI], AL   
0x01A9    0000            ADD [BX+SI], AL   
0x01AB    0000            ADD [BX+SI], AL   
0x01AD    0000            ADD [BX+SI], AL   
0x01AF    0000            ADD [BX+SI], AL   
0x01B1    0000            ADD [BX+SI], AL   
0x01B3    0000            ADD [BX+SI], AL   
0x01B5    2c 44           SUB AL, 0x44   
0x01B7    6306 7d06       ARPL [0x67d], AX   
0x01BB    7d 00           JGE 0x1bd   
0x01BD    0000            ADD [BX+SI], AL   
0x01BF    0101            ADD [BX+DI], AX   
0x01C1    0007            ADD [BX], AL   
0x01C3    fe              DB 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff              DB 0xff   
0x01C6    3f              AAS   
0x01C7    0000            ADD [BX+SI], AL   
0x01C9    00a3 bf4f       ADD [BP+DI+0x4fbf], AH   
0x01CD    0e              PUSH CS   
0x01CE    80fe ff         CMP DH, 0xff   
0x01D1    ff17            CALL [BX]   
0x01D3    fe              DB 0xfe   
0x01D4    ff              DB 0xff   
0x01D5    ffe2            JMP DX   
0x01D7    bf 4f0e         MOV DI, 0xe4f   
0x01DA    8e              DB 0x8e   
0x01DB    37              AAA   
0x01DC    0000            ADD [BX+SI], AL   
0x01DE    0000            ADD [BX+SI], AL   
0x01E0    0000            ADD [BX+SI], AL   
0x01E2    0000            ADD [BX+SI], AL   
0x01E4    0000            ADD [BX+SI], AL   
0x01E6    0000            ADD [BX+SI], AL   
0x01E8    0000            ADD [BX+SI], AL   
0x01EA    0000            ADD [BX+SI], AL   
0x01EC    0000            ADD [BX+SI], AL   
0x01EE    0000            ADD [BX+SI], AL   
0x01F0    0000            ADD [BX+SI], AL   
0x01F2    0000            ADD [BX+SI], AL   
0x01F4    0000            ADD [BX+SI], AL   
0x01F6    0000            ADD [BX+SI], AL   
0x01F8    0000            ADD [BX+SI], AL   
0x01FA    0000            ADD [BX+SI], AL   
0x01FC    0000            ADD [BX+SI], AL   
0x01FE    55              PUSH BP   
0x01FF    aa              STOSB   


_______MBR   \Device\Harddisk1\DR3  

0x00000000   FA 33 C0 8E D0 BC 00 7C 8B F4 50 07 50 1F FB FC   ú3À.Ð¼.|.ôP.P.ûü
0x00000010   BF 00 06 B9 00 01 F2 A5 EA 1D 06 00 00 BE BE 07   ¿..¹..ò¥ê....¾¾.
0x00000020   B3 04 80 3C 80 74 0E 80 3C 00 75 1C 83 C6 10 FE   ³..<.t..<.u..Æ.þ
0x00000030   CB 75 EF CD 18 8B 14 8B 4C 02 8B EE 83 C6 10 FE   ËuïÍ....L..î.Æ.þ
0x00000040   CB 74 1A 80 3C 00 74 F4 BE 8B 06 AC 3C 00 74 0B   Ët..<.tô¾..¬<.t.
0x00000050   56 BB 07 00 B4 0E CD 10 5E EB F0 EB FE BF 05 00   V»..´.Í.^ëðëþ¿..
0x00000060   BB 00 7C B8 01 02 57 CD 13 5F 73 0C 33 C0 CD 13   ».|¸..WÍ._s.3ÀÍ.
0x00000070   4F 75 ED BE A3 06 EB D3 BE C2 06 BF FE 7D 81 3D   Ouí¾£.ëÓ¾Â.¿þ}.=
0x00000080   55 AA 75 C7 8B F5 EA 00 7C 00 00 49 6E 76 61 6C   UªuÇ.õê.|..Inval
0x00000090   69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 62   id partition tab
0x000000A0   6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E 67   le.Error loading
0x000000B0   20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65    operating syste
0x000000C0   6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 74   m.Missing operat
0x000000D0   69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 00   ing system......
0x000000E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 24 2D F7 91 00 00 80 01   ........$-÷.....
0x000001C0   01 00 07 FE 3F FD 3F 00 00 00 C1 7F 3E 00 00 00   ...þ?ý?...Á.>...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    fa              CLI   
0x0001    33c0            XOR AX, AX   
0x0003    8ed0            MOV SS, AX   
0x0005    bc 007c         MOV SP, 0x7c00   
0x0008    8bf4            MOV SI, SP   
0x000A    50              PUSH AX   
0x000B    07              POP ES   
0x000C    50              PUSH AX   
0x000D    1f              POP DS   
0x000E    fb              STI   
0x000F    fc              CLD   
0x0010    bf 0006         MOV DI, 0x600   
0x0013    b9 0001         MOV CX, 0x100   
0x0016    f2 a5           REPNZ MOVSW   
0x0018    ea 1d06 0000    JMP FAR 0x0:0x61d   
0x001D    be be07         MOV SI, 0x7be   
0x0020    b3 04           MOV BL, 0x4   
0x0022    803c 80         CMP BYTE [SI], 0x80   
0x0025    74 0e           JZ 0x35   
0x0027    803c 00         CMP BYTE [SI], 0x0   
0x002A    75 1c           JNZ 0x48   
0x002C    83c6 10         ADD SI, 0x10   
0x002F    fecb            DEC BL   
0x0031    75 ef           JNZ 0x22   
0x0033    cd 18           INT 0x18   
0x0035    8b14            MOV DX, [SI]   
0x0037    8b4c 02         MOV CX, [SI+0x2]   
0x003A    8bee            MOV BP, SI   
0x003C    83c6 10         ADD SI, 0x10   
0x003F    fecb            DEC BL   
0x0041    74 1a           JZ 0x5d   
0x0043    803c 00         CMP BYTE [SI], 0x0   
0x0046    74 f4           JZ 0x3c   
0x0048    be 8b06         MOV SI, 0x68b   
0x004B    ac              LODSB   
0x004C    3c 00           CMP AL, 0x0   
0x004E    74 0b           JZ 0x5b   
0x0050    56              PUSH SI   
0x0051    bb 0700         MOV BX, 0x7   
0x0054    b4 0e           MOV AH, 0xe   
0x0056    cd 10           INT 0x10   
0x0058    5e              POP SI   
0x0059    eb f0           JMP 0x4b   
0x005B    eb fe           JMP 0x5b   
0x005D    bf 0500         MOV DI, 0x5   
0x0060    bb 007c         MOV BX, 0x7c00   
0x0063    b8 0102         MOV AX, 0x201   
0x0066    57              PUSH DI   
0x0067    cd 13           INT 0x13   
0x0069    5f              POP DI   
0x006A    73 0c           JAE 0x78   
0x006C    33c0            XOR AX, AX   
0x006E    cd 13           INT 0x13   
0x0070    4f              DEC DI   
0x0071    75 ed           JNZ 0x60   
0x0073    be a306         MOV SI, 0x6a3   
0x0076    eb d3           JMP 0x4b   
0x0078    be c206         MOV SI, 0x6c2   
0x007B    bf fe7d         MOV DI, 0x7dfe   
0x007E    813d 55aa       CMP WORD [DI], 0xaa55   
0x0082    75 c7           JNZ 0x4b   
0x0084    8bf5            MOV SI, BP   
0x0086    ea 007c 0000    JMP FAR 0x0:0x7c00   
0x008B    49              DEC CX   
0x008C    6e              OUTSB   
0x008D    76 61           JBE 0xf0   
0x008F    6c              INSB   
0x0090    6964 20 7061    IMUL SP, [SI+0x20], 0x6170   
0x0095    72 74           JB 0x10b   
0x0097    6974 69 6f6e    IMUL SI, [SI+0x69], 0x6e6f   
0x009C    2074 61         AND [SI+0x61], DH   
0x009F    626c 65         BOUND BP, [SI+0x65]   
0x00A2    0045 72         ADD [DI+0x72], AL   
0x00A5    72 6f           JB 0x116   
0x00A7    72 20           JB 0xc9   
0x00A9    6c              INSB   
0x00AA    6f              OUTSW   
0x00AB    61              POPA   
0x00AC    64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20   
0x00B2    70 65           JO 0x119   
0x00B4    72 61           JB 0x117   
0x00B6    74 69           JZ 0x121   
0x00B8    6e              OUTSB   
0x00B9    67 2073 79      AND [EBX+0x79], DH   
0x00BD    73 74           JAE 0x133   
0x00BF    65 6d           INS WORD GS:[DI], DX   
0x00C1    004d 69         ADD [DI+0x69], CL   
0x00C4    73 73           JAE 0x139   
0x00C6    696e 67 206f    IMUL BP, [BP+0x67], 0x6f20   
0x00CB    70 65           JO 0x132   
0x00CD    72 61           JB 0x130   
0x00CF    74 69           JZ 0x13a   
0x00D1    6e              OUTSB   
0x00D2    67 2073 79      AND [EBX+0x79], DH   
0x00D6    73 74           JAE 0x14c   
0x00D8    65 6d           INS WORD GS:[DI], DX   
0x00DA    0000            ADD [BX+SI], AL   
0x00DC    0000            ADD [BX+SI], AL   
0x00DE    0000            ADD [BX+SI], AL   
0x00E0    0000            ADD [BX+SI], AL   
0x00E2    0000            ADD [BX+SI], AL   
0x00E4    0000            ADD [BX+SI], AL   
0x00E6    0000            ADD [BX+SI], AL   
0x00E8    0000            ADD [BX+SI], AL   
0x00EA    0000            ADD [BX+SI], AL   
0x00EC    0000            ADD [BX+SI], AL   
0x00EE    0000            ADD [BX+SI], AL   
0x00F0    0000            ADD [BX+SI], AL   
0x00F2    0000            ADD [BX+SI], AL   
0x00F4    0000            ADD [BX+SI], AL   
0x00F6    0000            ADD [BX+SI], AL   
0x00F8    0000            ADD [BX+SI], AL   
0x00FA    0000            ADD [BX+SI], AL   
0x00FC    0000            ADD [BX+SI], AL   
0x00FE    0000            ADD [BX+SI], AL   
0x0100    0000            ADD [BX+SI], AL   
0x0102    0000            ADD [BX+SI], AL   
0x0104    0000            ADD [BX+SI], AL   
0x0106    0000            ADD [BX+SI], AL   
0x0108    0000            ADD [BX+SI], AL   
0x010A    0000            ADD [BX+SI], AL   
0x010C    0000            ADD [BX+SI], AL   
0x010E    0000            ADD [BX+SI], AL   
0x0110    0000            ADD [BX+SI], AL   
0x0112    0000            ADD [BX+SI], AL   
0x0114    0000            ADD [BX+SI], AL   
0x0116    0000            ADD [BX+SI], AL   
0x0118    0000            ADD [BX+SI], AL   
0x011A    0000            ADD [BX+SI], AL   
0x011C    0000            ADD [BX+SI], AL   
0x011E    0000            ADD [BX+SI], AL   
0x0120    0000            ADD [BX+SI], AL   
0x0122    0000            ADD [BX+SI], AL   
0x0124    0000            ADD [BX+SI], AL   
0x0126    0000            ADD [BX+SI], AL   
0x0128    0000            ADD [BX+SI], AL   
0x012A    0000            ADD [BX+SI], AL   
0x012C    0000            ADD [BX+SI], AL   
0x012E    0000            ADD [BX+SI], AL   
0x0130    0000            ADD [BX+SI], AL   
0x0132    0000            ADD [BX+SI], AL   
0x0134    0000            ADD [BX+SI], AL   
0x0136    0000            ADD [BX+SI], AL   
0x0138    0000            ADD [BX+SI], AL   
0x013A    0000            ADD [BX+SI], AL   
0x013C    0000            ADD [BX+SI], AL   
0x013E    0000            ADD [BX+SI], AL   
0x0140    0000            ADD [BX+SI], AL   
0x0142    0000            ADD [BX+SI], AL   
0x0144    0000            ADD [BX+SI], AL   
0x0146    0000            ADD [BX+SI], AL   
0x0148    0000            ADD [BX+SI], AL   
0x014A    0000            ADD [BX+SI], AL   
0x014C    0000            ADD [BX+SI], AL   
0x014E    0000            ADD [BX+SI], AL   
0x0150    0000            ADD [BX+SI], AL   
0x0152    0000            ADD [BX+SI], AL   
0x0154    0000            ADD [BX+SI], AL   
0x0156    0000            ADD [BX+SI], AL   
0x0158    0000            ADD [BX+SI], AL   
0x015A    0000            ADD [BX+SI], AL   
0x015C    0000            ADD [BX+SI], AL   
0x015E    0000            ADD [BX+SI], AL   
0x0160    0000            ADD [BX+SI], AL   
0x0162    0000            ADD [BX+SI], AL   
0x0164    0000            ADD [BX+SI], AL   
0x0166    0000            ADD [BX+SI], AL   
0x0168    0000            ADD [BX+SI], AL   
0x016A    0000            ADD [BX+SI], AL   
0x016C    0000            ADD [BX+SI], AL   
0x016E    0000            ADD [BX+SI], AL   
0x0170    0000            ADD [BX+SI], AL   
0x0172    0000            ADD [BX+SI], AL   
0x0174    0000            ADD [BX+SI], AL   
0x0176    0000            ADD [BX+SI], AL   
0x0178    0000            ADD [BX+SI], AL   
0x017A    0000            ADD [BX+SI], AL   
0x017C    0000            ADD [BX+SI], AL   
0x017E    0000            ADD [BX+SI], AL   
0x0180    0000            ADD [BX+SI], AL   
0x0182    0000            ADD [BX+SI], AL   
0x0184    0000            ADD [BX+SI], AL   
0x0186    0000            ADD [BX+SI], AL   
0x0188    0000            ADD [BX+SI], AL   
0x018A    0000            ADD [BX+SI], AL   
0x018C    0000            ADD [BX+SI], AL   
0x018E    0000            ADD [BX+SI], AL   
0x0190    0000            ADD [BX+SI], AL   
0x0192    0000            ADD [BX+SI], AL   
0x0194    0000            ADD [BX+SI], AL   
0x0196    0000            ADD [BX+SI], AL   
0x0198    0000            ADD [BX+SI], AL   
0x019A    0000            ADD [BX+SI], AL   
0x019C    0000            ADD [BX+SI], AL   
0x019E    0000            ADD [BX+SI], AL   
0x01A0    0000            ADD [BX+SI], AL   
0x01A2    0000            ADD [BX+SI], AL   
0x01A4    0000            ADD [BX+SI], AL   
0x01A6    0000            ADD [BX+SI], AL   
0x01A8    0000            ADD [BX+SI], AL   
0x01AA    0000            ADD [BX+SI], AL   
0x01AC    0000            ADD [BX+SI], AL   
0x01AE    0000            ADD [BX+SI], AL   
0x01B0    0000            ADD [BX+SI], AL   
0x01B2    0000            ADD [BX+SI], AL   
0x01B4    0000            ADD [BX+SI], AL   
0x01B6    0000            ADD [BX+SI], AL   
0x01B8    24 2d           AND AL, 0x2d   
0x01BA    f791 0000       NOT WORD [BX+DI+0x0]   
0x01BE    8001 01         ADD BYTE [BX+DI], 0x1   
0x01C1    0007            ADD [BX], AL   
0x01C3    fe              DB 0xfe   
0x01C4    3f              AAS   
0x01C5    fd              STD   
0x01C6    3f              AAS   
0x01C7    0000            ADD [BX+SI], AL   
0x01C9    00c1            ADD CL, AL   
0x01CB    7f 3e           JG 0x20b   
0x01CD    0000            ADD [BX+SI], AL   
0x01CF    0000            ADD [BX+SI], AL   
0x01D1    0000            ADD [BX+SI], AL   
0x01D3    0000            ADD [BX+SI], AL   
0x01D5    0000            ADD [BX+SI], AL   
0x01D7    0000            ADD [BX+SI], AL   
0x01D9    0000            ADD [BX+SI], AL   
0x01DB    0000            ADD [BX+SI], AL   
0x01DD    0000            ADD [BX+SI], AL   
0x01DF    0000            ADD [BX+SI], AL   
0x01E1    0000            ADD [BX+SI], AL   
0x01E3    0000            ADD [BX+SI], AL   
0x01E5    0000            ADD [BX+SI], AL   
0x01E7    0000            ADD [BX+SI], AL   
0x01E9    0000            ADD [BX+SI], AL   
0x01EB    0000            ADD [BX+SI], AL   
0x01ED    0000            ADD [BX+SI], AL   
0x01EF    0000            ADD [BX+SI], AL   
0x01F1    0000            ADD [BX+SI], AL   
0x01F3    0000            ADD [BX+SI], AL   
0x01F5    0000            ADD [BX+SI], AL   
0x01F7    0000            ADD [BX+SI], AL   
0x01F9    0000            ADD [BX+SI], AL   
0x01FB    0000            ADD [BX+SI], AL   
0x01FD    0055 aa         ADD [DI-0x56], DL

---------------------------------------

Aldaris · #3 Příspěvek od **Aldaris** » 28 led 2012 18:11

Jsem rad, ze si budes moci pridat jednu trofej do sbirky navic

OTL konecne dobehnul. Vysledek bohuzel nemohu vlozit do vlakna, protoze je moc dlouhy, tak jsem oba soubory zazipoval a vlozil jako prilohu:

OTL.zip: (67.23 KiB) Staženo 92 x

CD mam pripravene, pojdme dorazit toho parchanta

Aldaris · #4 Příspěvek od **Aldaris** » 28 led 2012 20:00

Bohuzel to trvalo trochu dele, ale narazil jsem na problemy. Pri vytvareni flash USB mi program nemohl najit zadnou flashku. Mam tu win 7 a nejprve jsem spoustel usb_prep8.cmd. Po zmcknuti klavesy se mi spustil program PeToUSB, ktery ale nenasel zadnou USB flash. Zkusil jsem ten cmd tedy spustit jako spravce. Po zmacknuti klavesy se mi zobrazilo jen textove menu. Tak jsem zkusil spustit jako admin primo PeToUSB. Ten se mi otevrel, nasel mi flashku, a ja nechal zaskrtnute to co bylo (enable disk format, quick format, enable LBA a navic zaskrtl enable file copy, protoze mi po formatu na flashku nic nezkopiroval.

Nemohl jsem se orientovat podle prilozeneho obrazku, protoze zadny prilozeny obrazek nebyl, tak jsem improvizoval.

Dale jsem vlozil flashku do infikovaneho pc, spustil ho, nastavil spravny boot order, ale zobrazila se mi po bootu jen cerna obrazovka s pismenem "j" vlevo nahore.

Udelal jsem neco spatne nebo mam zkusit CD?

Aldaris · #5 Příspěvek od **Aldaris** » 28 led 2012 20:29

Jo tak to jsem nejak nepochopil. Kde ze ma byt ta varianta pro cd?

Aldaris · #6 Příspěvek od **Aldaris** » 28 led 2012 21:27

Tak už to mám

Log v příloze.

Aldaris · #7 Příspěvek od **Aldaris** » 28 led 2012 21:45

Jen pro ujasneni. Offset 0x1CE zmenit z 80 na 00 (cerveny) a offset 0x1BE taky na 00?

Ted mam 0x1CE (cerveny)=80 a 0x1BE(podtrzeny)=00

Aldaris · #8 Příspěvek od **Aldaris** » 28 led 2012 22:03

Disk upraven, ulozen - restart normalne do win.

MBRScan najdu prosimte kde?

Zatim aspon vysledek z tdsskilleru. Uz se rozjede

a vse bylo podle nej ciste.

16:12:26.0718 0992 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
16:12:27.0125 0992 ============================================================
16:12:27.0125 0992 Current date / time: 2012/01/28 16:12:27.0125
16:12:27.0125 0992 SystemInfo:
16:12:27.0125 0992
16:12:27.0125 0992 OS Version: 5.1.2600 ServicePack: 3.0
16:12:27.0125 0992 Product type: Workstation
16:12:27.0125 0992 ComputerName: MISSYS-PC
16:12:27.0125 0992 UserName: Owner
16:12:27.0125 0992 Windows directory: C:\WINNT
16:12:27.0125 0992 System windows directory: C:\WINNT
16:12:27.0125 0992 Processor architecture: Intel x86
16:12:27.0125 0992 Number of processors: 2
16:12:27.0125 0992 Page size: 0x1000
16:12:27.0125 0992 Boot type: Normal boot
16:12:27.0125 0992 ============================================================
16:12:29.0031 0992 Drive \Device\Harddisk0\DR0 - Size: 0x1C9FEF0000 (114.50 Gb), SectorSize: 0x200, Cylinders: 0x3A62, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:12:29.0187 0992 Initialize success
16:13:06.0437 2912 ============================================================
16:13:06.0437 2912 Scan started
16:13:06.0437 2912 Mode: Manual;
16:13:06.0437 2912 ============================================================
16:13:06.0718 2912 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINNT\system32\drivers\Aavmker4.sys
16:13:06.0734 2912 Aavmker4 - ok
16:13:06.0812 2912 Abiosdsk - ok
16:13:06.0890 2912 abp480n5 - ok
16:13:07.0000 2912 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINNT\system32\drivers\ac97intc.sys
16:13:07.0000 2912 ac97intc - ok
16:13:07.0125 2912 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINNT\system32\DRIVERS\ACPI.sys
16:13:07.0140 2912 ACPI - ok
16:13:07.0250 2912 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINNT\system32\drivers\ACPIEC.sys
16:13:07.0250 2912 ACPIEC - ok
16:13:07.0343 2912 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINNT\system32\drivers\adfs.sys
16:13:07.0359 2912 adfs - ok
16:13:07.0484 2912 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINNT\system32\DRIVERS\adpu160m.sys
16:13:07.0500 2912 adpu160m - ok
16:13:07.0640 2912 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINNT\system32\drivers\aeaudio.sys
16:13:07.0640 2912 aeaudio - ok
16:13:07.0750 2912 aec (8bed39e3c35d6a489438b8141717a557) C:\WINNT\system32\drivers\aec.sys
16:13:07.0750 2912 aec - ok
16:13:07.0875 2912 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINNT\System32\drivers\afd.sys
16:13:07.0890 2912 AFD - ok
16:13:08.0000 2912 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINNT\system32\DRIVERS\agp440.sys
16:13:08.0000 2912 agp440 - ok
16:13:08.0093 2912 Aha154x - ok
16:13:08.0156 2912 aic78u2 - ok
16:13:08.0234 2912 aic78xx - ok
16:13:08.0296 2912 AliIde - ok
16:13:08.0359 2912 amsint - ok
16:13:08.0453 2912 asc - ok
16:13:08.0546 2912 asc3350p - ok
16:13:08.0593 2912 asc3550 - ok
16:13:08.0703 2912 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINNT\system32\drivers\aswFsBlk.sys
16:13:08.0703 2912 aswFsBlk - ok
16:13:08.0828 2912 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINNT\system32\drivers\aswMon2.sys
16:13:08.0828 2912 aswMon2 - ok
16:13:08.0937 2912 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINNT\system32\drivers\aswRdr.sys
16:13:08.0937 2912 aswRdr - ok
16:13:09.0062 2912 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINNT\system32\drivers\aswSnx.sys
16:13:09.0062 2912 aswSnx - ok
16:13:09.0187 2912 aswSP (010012597333da1f46c3243f33f8409e) C:\WINNT\system32\drivers\aswSP.sys
16:13:09.0203 2912 aswSP - ok
16:13:09.0312 2912 aswTdi (f9f84364416658e9786235904d448d37) C:\WINNT\system32\drivers\aswTdi.sys
16:13:09.0312 2912 aswTdi - ok
16:13:09.0484 2912 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINNT\system32\DRIVERS\asyncmac.sys
16:13:09.0484 2912 AsyncMac - ok
16:13:09.0609 2912 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINNT\system32\DRIVERS\atapi.sys
16:13:09.0609 2912 atapi - ok
16:13:09.0703 2912 Atdisk - ok
16:13:09.0796 2912 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINNT\system32\DRIVERS\atmarpc.sys
16:13:09.0812 2912 Atmarpc - ok
16:13:09.0921 2912 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINNT\system32\DRIVERS\audstub.sys
16:13:09.0921 2912 audstub - ok
16:13:10.0046 2912 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINNT\system32\drivers\Beep.sys
16:13:10.0046 2912 Beep - ok
16:13:10.0171 2912 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINNT\system32\DRIVERS\BrScnUsb.sys
16:13:10.0171 2912 BrScnUsb - ok
16:13:10.0296 2912 BrSerIb (9f80879913dc2712fd0c4d734e3f519b) C:\WINNT\system32\DRIVERS\BrSerIb.sys
16:13:10.0296 2912 BrSerIb - ok
16:13:10.0437 2912 BrUsbSIb (b67512da42c0c90bf236d5485226c1c7) C:\WINNT\system32\DRIVERS\BrUsbSIb.sys
16:13:10.0437 2912 BrUsbSIb - ok
16:13:10.0453 2912 BVRPMPR5 - ok
16:13:10.0531 2912 catchme - ok
16:13:10.0656 2912 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINNT\system32\drivers\cbidf2k.sys
16:13:10.0656 2912 cbidf2k - ok
16:13:10.0734 2912 cd20xrnt - ok
16:13:10.0828 2912 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINNT\system32\drivers\Cdaudio.sys
16:13:10.0828 2912 Cdaudio - ok
16:13:10.0921 2912 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINNT\system32\drivers\Cdfs.sys
16:13:10.0921 2912 Cdfs - ok
16:13:11.0031 2912 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINNT\system32\DRIVERS\cdrom.sys
16:13:11.0031 2912 Cdrom - ok
16:13:11.0125 2912 Changer - ok
16:13:11.0218 2912 CmdIde - ok
16:13:11.0312 2912 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINNT\system32\DRIVERS\compbatt.sys
16:13:11.0312 2912 Compbatt - ok
16:13:11.0421 2912 Cpqarray - ok
16:13:11.0546 2912 cpuz134 - ok
16:13:11.0656 2912 dac2w2k - ok
16:13:11.0765 2912 dac960nt - ok
16:13:11.0890 2912 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINNT\system32\DRIVERS\disk.sys
16:13:11.0890 2912 Disk - ok
16:13:12.0031 2912 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINNT\system32\drivers\dmboot.sys
16:13:12.0062 2912 dmboot - ok
16:13:12.0187 2912 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINNT\system32\drivers\dmio.sys
16:13:12.0187 2912 dmio - ok
16:13:12.0296 2912 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINNT\system32\drivers\dmload.sys
16:13:12.0296 2912 dmload - ok
16:13:12.0421 2912 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINNT\system32\drivers\DMusic.sys
16:13:12.0421 2912 DMusic - ok
16:13:12.0578 2912 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINNT\system32\DRIVERS\Dot4.sys
16:13:12.0593 2912 Dot4 - ok
16:13:12.0703 2912 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINNT\system32\DRIVERS\Dot4Prt.sys
16:13:12.0703 2912 Dot4Print - ok
16:13:12.0796 2912 dpti2o - ok
16:13:12.0890 2912 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINNT\system32\drivers\drmkaud.sys
16:13:12.0890 2912 drmkaud - ok
16:13:13.0015 2912 E100B (98b46b331404a951cabad8b4877e1276) C:\WINNT\system32\DRIVERS\e100b325.sys
16:13:13.0015 2912 E100B - ok
16:13:13.0109 2912 esihdrv (81c32592f29e647a29a998b8b2f4b931) C:\DOCUME~1\Owner\LOCALS~1\Temp\esihdrv.sys
16:13:13.0125 2912 esihdrv - ok
16:13:13.0250 2912 Fastfat (38d332a6d56af32635675f132548343e) C:\WINNT\system32\drivers\Fastfat.sys
16:13:13.0250 2912 Fastfat - ok
16:13:13.0375 2912 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINNT\system32\DRIVERS\fdc.sys
16:13:13.0375 2912 Fdc - ok
16:13:13.0484 2912 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINNT\system32\drivers\Fips.sys
16:13:13.0484 2912 Fips - ok
16:13:13.0640 2912 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINNT\system32\DRIVERS\flpydisk.sys
16:13:13.0640 2912 Flpydisk - ok
16:13:13.0750 2912 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINNT\system32\drivers\fltmgr.sys
16:13:13.0750 2912 FltMgr - ok
16:13:13.0859 2912 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINNT\system32\drivers\Fs_Rec.sys
16:13:13.0859 2912 Fs_Rec - ok
16:13:13.0921 2912 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINNT\system32\DRIVERS\ftdisk.sys
16:13:13.0937 2912 Ftdisk - ok
16:13:14.0031 2912 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINNT\system32\DRIVERS\GEARAspiWDM.sys
16:13:14.0031 2912 GEARAspiWDM - ok
16:13:14.0109 2912 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINNT\system32\DRIVERS\msgpc.sys
16:13:14.0125 2912 Gpc - ok
16:13:14.0234 2912 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINNT\system32\DRIVERS\HidBatt.sys
16:13:14.0234 2912 HidBatt - ok
16:13:14.0343 2912 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINNT\system32\DRIVERS\hidusb.sys
16:13:14.0343 2912 HidUsb - ok
16:13:14.0437 2912 hpn - ok
16:13:14.0578 2912 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINNT\system32\Drivers\HTTP.sys
16:13:14.0593 2912 HTTP - ok
16:13:14.0703 2912 i2omgmt - ok
16:13:14.0781 2912 i2omp - ok
16:13:14.0859 2912 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINNT\system32\DRIVERS\i8042prt.sys
16:13:14.0859 2912 i8042prt - ok
16:13:15.0015 2912 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINNT\system32\DRIVERS\ialmnt5.sys
16:13:15.0046 2912 ialm - ok
16:13:15.0156 2912 iaStor (50b56e7de809be4b8f4d24b3f0381520) C:\WINNT\system32\DRIVERS\iaStor.sys
16:13:15.0171 2912 iaStor - ok
16:13:15.0281 2912 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINNT\system32\DRIVERS\imapi.sys
16:13:15.0281 2912 Imapi - ok
16:13:15.0375 2912 ini910u - ok
16:13:15.0546 2912 IntelC51 (dd476200776d9bd8b693ad733d33cdfd) C:\WINNT\system32\DRIVERS\IntelC51.sys
16:13:15.0562 2912 IntelC51 - ok
16:13:15.0687 2912 IntelC52 (633ce6c73add83b2cbd3d121978d74c4) C:\WINNT\system32\DRIVERS\IntelC52.sys
16:13:15.0687 2912 IntelC52 - ok
16:13:15.0812 2912 IntelC53 (ddc319760dfc9f898682599f4ae025ea) C:\WINNT\system32\DRIVERS\IntelC53.sys
16:13:15.0812 2912 IntelC53 - ok
16:13:15.0890 2912 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINNT\system32\DRIVERS\intelide.sys
16:13:15.0906 2912 IntelIde - ok
16:13:16.0015 2912 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINNT\system32\DRIVERS\intelppm.sys
16:13:16.0015 2912 intelppm - ok
16:13:16.0140 2912 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINNT\system32\drivers\ip6fw.sys
16:13:16.0140 2912 ip6fw - ok
16:13:16.0265 2912 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINNT\system32\DRIVERS\ipfltdrv.sys
16:13:16.0265 2912 IpFilterDriver - ok
16:13:16.0375 2912 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINNT\system32\DRIVERS\ipinip.sys
16:13:16.0375 2912 IpInIp - ok
16:13:16.0500 2912 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINNT\system32\DRIVERS\ipnat.sys
16:13:16.0500 2912 IpNat - ok
16:13:16.0640 2912 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINNT\system32\DRIVERS\ipsec.sys
16:13:16.0640 2912 IPSec - ok
16:13:16.0765 2912 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINNT\system32\DRIVERS\irenum.sys
16:13:16.0765 2912 IRENUM - ok
16:13:16.0921 2912 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINNT\system32\DRIVERS\isapnp.sys
16:13:16.0921 2912 isapnp - ok
16:13:17.0046 2912 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINNT\system32\DRIVERS\kbdclass.sys
16:13:17.0046 2912 Kbdclass - ok
16:13:17.0156 2912 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINNT\system32\DRIVERS\kbdhid.sys
16:13:17.0156 2912 kbdhid - ok
16:13:17.0265 2912 kmixer (692bcf44383d056aed41b045a323d378) C:\WINNT\system32\drivers\kmixer.sys
16:13:17.0281 2912 kmixer - ok
16:13:17.0421 2912 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINNT\system32\drivers\KSecDD.sys
16:13:17.0421 2912 KSecDD - ok
16:13:17.0546 2912 lbrtfdc - ok
16:13:17.0656 2912 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINNT\system32\drivers\MASPINT.sys
16:13:17.0656 2912 MASPINT - ok
16:13:17.0781 2912 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINNT\system32\drivers\mbam.sys
16:13:17.0781 2912 MBAMProtector - ok
16:13:17.0906 2912 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINNT\system32\drivers\mfeavfk.sys
16:13:17.0906 2912 mfeavfk - ok
16:13:18.0000 2912 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINNT\system32\drivers\mfebopk.sys
16:13:18.0015 2912 mfebopk - ok
16:13:18.0140 2912 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINNT\system32\drivers\mfehidk.sys
16:13:18.0140 2912 mfehidk - ok
16:13:18.0265 2912 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINNT\system32\drivers\mferkdk.sys
16:13:18.0265 2912 mferkdk - ok
16:13:18.0390 2912 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINNT\system32\drivers\mfesmfk.sys
16:13:18.0390 2912 mfesmfk - ok
16:13:18.0515 2912 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINNT\system32\drivers\mnmdd.sys
16:13:18.0515 2912 mnmdd - ok
16:13:18.0656 2912 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINNT\system32\drivers\Modem.sys
16:13:18.0656 2912 Modem - ok
16:13:18.0765 2912 mohfilt (b23378126af4e02dc691e9f5880f2acd) C:\WINNT\system32\DRIVERS\mohfilt.sys
16:13:18.0765 2912 mohfilt - ok
16:13:18.0875 2912 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINNT\system32\DRIVERS\mouclass.sys
16:13:18.0875 2912 Mouclass - ok
16:13:18.0968 2912 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINNT\system32\DRIVERS\mouhid.sys
16:13:18.0968 2912 mouhid - ok
16:13:19.0062 2912 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINNT\system32\drivers\MountMgr.sys
16:13:19.0062 2912 MountMgr - ok
16:13:19.0156 2912 mraid35x - ok
16:13:19.0265 2912 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINNT\system32\DRIVERS\mrxdav.sys
16:13:19.0265 2912 MRxDAV - ok
16:13:19.0406 2912 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINNT\system32\DRIVERS\mrxsmb.sys
16:13:19.0421 2912 MRxSmb - ok
16:13:19.0578 2912 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINNT\system32\drivers\Msfs.sys
16:13:19.0578 2912 Msfs - ok
16:13:19.0687 2912 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINNT\system32\drivers\MSKSSRV.sys
16:13:19.0687 2912 MSKSSRV - ok
16:13:19.0796 2912 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINNT\system32\drivers\MSPCLOCK.sys
16:13:19.0796 2912 MSPCLOCK - ok
16:13:19.0921 2912 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINNT\system32\drivers\MSPQM.sys
16:13:19.0921 2912 MSPQM - ok
16:13:20.0046 2912 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINNT\system32\DRIVERS\mssmbios.sys
16:13:20.0046 2912 mssmbios - ok
16:13:20.0171 2912 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINNT\system32\drivers\Mup.sys
16:13:20.0171 2912 Mup - ok
16:13:20.0281 2912 NDIS (1df7f42665c94b825322fae71721130d) C:\WINNT\system32\drivers\NDIS.sys
16:13:20.0296 2912 NDIS - ok
16:13:20.0406 2912 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINNT\system32\DRIVERS\ndistapi.sys
16:13:20.0406 2912 NdisTapi - ok
16:13:20.0531 2912 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINNT\system32\DRIVERS\ndisuio.sys
16:13:20.0531 2912 Ndisuio - ok
16:13:20.0656 2912 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINNT\system32\DRIVERS\ndiswan.sys
16:13:20.0671 2912 NdisWan - ok
16:13:20.0781 2912 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINNT\system32\drivers\NDProxy.sys
16:13:20.0781 2912 NDProxy - ok
16:13:20.0906 2912 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINNT\system32\DRIVERS\netbios.sys
16:13:20.0906 2912 NetBIOS - ok
16:13:21.0031 2912 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINNT\system32\DRIVERS\netbt.sys
16:13:21.0031 2912 NetBT - ok
16:13:21.0187 2912 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINNT\system32\drivers\Npfs.sys
16:13:21.0187 2912 Npfs - ok
16:13:21.0328 2912 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINNT\system32\drivers\Ntfs.sys
16:13:21.0343 2912 Ntfs - ok
16:13:21.0500 2912 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINNT\system32\drivers\Null.sys
16:13:21.0500 2912 Null - ok
16:13:21.0703 2912 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINNT\system32\DRIVERS\nv4_mini.sys
16:13:21.0765 2912 nv - ok
16:13:21.0875 2912 NWADI (67fb86eeb94059177642050718d57460) C:\WINNT\system32\DRIVERS\NWADIenum.sys
16:13:21.0890 2912 NWADI - ok
16:13:22.0000 2912 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINNT\system32\DRIVERS\nwlnkflt.sys
16:13:22.0000 2912 NwlnkFlt - ok
16:13:22.0109 2912 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
16:13:22.0109 2912 NwlnkFwd - ok
16:13:22.0218 2912 NWUSBModem (4e651808b35656ac88a4dcdaf6cc1169) C:\WINNT\system32\DRIVERS\nwusbmdm.sys
16:13:22.0234 2912 NWUSBModem - ok
16:13:22.0359 2912 NWUSBPort (4e651808b35656ac88a4dcdaf6cc1169) C:\WINNT\system32\DRIVERS\nwusbser.sys
16:13:22.0359 2912 NWUSBPort - ok
16:13:22.0484 2912 NWUSBPort2 (4e651808b35656ac88a4dcdaf6cc1169) C:\WINNT\system32\DRIVERS\nwusbser2.sys
16:13:22.0484 2912 NWUSBPort2 - ok
16:13:22.0625 2912 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINNT\system32\DRIVERS\parport.sys
16:13:22.0625 2912 Parport - ok
16:13:22.0750 2912 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINNT\system32\drivers\PartMgr.sys
16:13:22.0750 2912 PartMgr - ok
16:13:22.0875 2912 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINNT\system32\drivers\ParVdm.sys
16:13:22.0875 2912 ParVdm - ok
16:13:22.0984 2912 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINNT\system32\DRIVERS\pci.sys
16:13:22.0984 2912 PCI - ok
16:13:23.0078 2912 PCIDump - ok
16:13:23.0187 2912 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINNT\system32\DRIVERS\pciide.sys
16:13:23.0187 2912 PCIIde - ok
16:13:23.0312 2912 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINNT\system32\drivers\Pcmcia.sys
16:13:23.0312 2912 Pcmcia - ok
16:13:23.0406 2912 PDCOMP - ok
16:13:23.0515 2912 PDFRAME - ok
16:13:23.0578 2912 PDRELI - ok
16:13:23.0656 2912 PDRFRAME - ok
16:13:23.0718 2912 perc2 - ok
16:13:23.0796 2912 perc2hib - ok
16:13:23.0906 2912 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINNT\system32\drivers\pfc.sys
16:13:23.0906 2912 pfc - ok
16:13:24.0046 2912 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINNT\system32\DRIVERS\raspptp.sys
16:13:24.0046 2912 PptpMiniport - ok
16:13:24.0140 2912 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINNT\system32\DRIVERS\processr.sys
16:13:24.0140 2912 Processor - ok
16:13:24.0265 2912 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINNT\system32\DRIVERS\psched.sys
16:13:24.0265 2912 PSched - ok
16:13:24.0359 2912 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINNT\system32\DRIVERS\ptilink.sys
16:13:24.0359 2912 Ptilink - ok
16:13:24.0500 2912 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINNT\system32\Drivers\PxHelp20.sys
16:13:24.0500 2912 PxHelp20 - ok
16:13:24.0578 2912 ql1080 - ok
16:13:24.0656 2912 Ql10wnt - ok
16:13:24.0734 2912 ql12160 - ok
16:13:24.0796 2912 ql1240 - ok
16:13:24.0875 2912 ql1280 - ok
16:13:24.0953 2912 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINNT\system32\DRIVERS\rasacd.sys
16:13:24.0953 2912 RasAcd - ok
16:13:25.0062 2912 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINNT\system32\DRIVERS\rasl2tp.sys
16:13:25.0062 2912 Rasl2tp - ok
16:13:25.0171 2912 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINNT\system32\DRIVERS\raspppoe.sys
16:13:25.0171 2912 RasPppoe - ok
16:13:25.0281 2912 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINNT\system32\DRIVERS\raspti.sys
16:13:25.0281 2912 Raspti - ok
16:13:25.0437 2912 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINNT\system32\DRIVERS\rdbss.sys
16:13:25.0437 2912 Rdbss - ok
16:13:25.0546 2912 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINNT\system32\DRIVERS\RDPCDD.sys
16:13:25.0562 2912 RDPCDD - ok
16:13:25.0656 2912 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINNT\system32\drivers\RDPWD.sys
16:13:25.0671 2912 RDPWD - ok
16:13:25.0781 2912 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINNT\system32\DRIVERS\redbook.sys
16:13:25.0781 2912 redbook - ok
16:13:25.0906 2912 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINNT\system32\Drivers\RootMdm.sys
16:13:25.0906 2912 ROOTMODEM - ok
16:13:26.0031 2912 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:13:26.0031 2912 SASDIFSV - ok
16:13:26.0125 2912 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:13:26.0125 2912 SASKUTIL - ok
16:13:26.0250 2912 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINNT\system32\DRIVERS\secdrv.sys
16:13:26.0265 2912 Secdrv - ok
16:13:26.0390 2912 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINNT\system32\DRIVERS\serenum.sys
16:13:26.0390 2912 serenum - ok
16:13:26.0531 2912 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINNT\system32\DRIVERS\serial.sys
16:13:26.0531 2912 Serial - ok
16:13:26.0718 2912 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINNT\system32\drivers\Sfloppy.sys
16:13:26.0718 2912 Sfloppy - ok
16:13:26.0843 2912 Simbad - ok
16:13:26.0875 2912 SMNDIS5 - ok
16:13:27.0031 2912 smwdm (eba50c8f7efd8178e8c4bde6b74e744c) C:\WINNT\system32\drivers\smwdm.sys
16:13:27.0046 2912 smwdm - ok
16:13:27.0156 2912 sonypvd2 (4101a5a53d93a7c6d059e630992b9149) C:\WINNT\system32\DRIVERS\sonypvd2.sys
16:13:27.0156 2912 sonypvd2 - ok
16:13:27.0296 2912 sonypvf2 (810caa0bf9325cd10c87127aed3f9ff2) C:\WINNT\system32\drivers\sonypvf2.sys
16:13:27.0296 2912 sonypvf2 - ok
16:13:27.0406 2912 sonypvl2 (4efce4ce7813b8c4d7c526ad3b821fe9) C:\WINNT\system32\drivers\sonypvl2.sys
16:13:27.0406 2912 sonypvl2 - ok
16:13:27.0531 2912 sonypvt2 (04be0be6b50bac71de235c0cb766268c) C:\WINNT\system32\drivers\sonypvt2.sys
16:13:27.0546 2912 sonypvt2 - ok
16:13:27.0656 2912 Sparrow - ok
16:13:27.0750 2912 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINNT\system32\drivers\splitter.sys
16:13:27.0750 2912 splitter - ok
16:13:27.0890 2912 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINNT\system32\DRIVERS\sr.sys
16:13:27.0890 2912 sr - ok
16:13:28.0000 2912 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINNT\system32\DRIVERS\srv.sys
16:13:28.0000 2912 Srv - ok
16:13:28.0140 2912 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINNT\system32\DRIVERS\swenum.sys
16:13:28.0140 2912 swenum - ok
16:13:28.0250 2912 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINNT\system32\drivers\swmidi.sys
16:13:28.0250 2912 swmidi - ok
16:13:28.0359 2912 symc810 - ok
16:13:28.0453 2912 symc8xx - ok
16:13:28.0515 2912 sym_hi - ok
16:13:28.0593 2912 sym_u3 - ok
16:13:28.0687 2912 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINNT\system32\drivers\sysaudio.sys
16:13:28.0687 2912 sysaudio - ok
16:13:28.0828 2912 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINNT\system32\DRIVERS\tcpip.sys
16:13:28.0828 2912 Tcpip - ok
16:13:28.0953 2912 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINNT\system32\drivers\TDPIPE.sys
16:13:28.0953 2912 TDPIPE - ok
16:13:29.0078 2912 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINNT\system32\drivers\TDTCP.sys
16:13:29.0078 2912 TDTCP - ok
16:13:29.0203 2912 TermDD (88155247177638048422893737429d9e) C:\WINNT\system32\DRIVERS\termdd.sys
16:13:29.0203 2912 TermDD - ok
16:13:29.0296 2912 TosIde - ok
16:13:29.0437 2912 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINNT\system32\drivers\Udfs.sys
16:13:29.0437 2912 Udfs - ok
16:13:29.0546 2912 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINNT\system32\DRIVERS\ultra.sys
16:13:29.0546 2912 ultra - ok
16:13:29.0671 2912 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINNT\system32\DRIVERS\update.sys
16:13:29.0687 2912 Update - ok
16:13:29.0812 2912 usbaudio (e919708db44ed8543a7c017953148330) C:\WINNT\system32\drivers\usbaudio.sys
16:13:29.0828 2912 usbaudio - ok
16:13:29.0937 2912 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINNT\system32\DRIVERS\usbccgp.sys
16:13:29.0937 2912 usbccgp - ok
16:13:30.0062 2912 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINNT\system32\DRIVERS\usbehci.sys
16:13:30.0062 2912 usbehci - ok
16:13:30.0187 2912 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINNT\system32\DRIVERS\usbhub.sys
16:13:30.0187 2912 usbhub - ok
16:13:30.0312 2912 usbprint (a717c8721046828520c9edf31288fc00) C:\WINNT\system32\DRIVERS\usbprint.sys
16:13:30.0312 2912 usbprint - ok
16:13:30.0421 2912 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINNT\system32\DRIVERS\usbscan.sys
16:13:30.0421 2912 usbscan - ok
16:13:30.0546 2912 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINNT\system32\DRIVERS\USBSTOR.SYS
16:13:30.0546 2912 USBSTOR - ok
16:13:30.0656 2912 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINNT\system32\DRIVERS\usbuhci.sys
16:13:30.0656 2912 usbuhci - ok
16:13:30.0781 2912 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINNT\System32\drivers\vga.sys
16:13:30.0781 2912 VgaSave - ok
16:13:30.0937 2912 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINNT\system32\DRIVERS\viaide.sys
16:13:30.0937 2912 ViaIde - ok
16:13:31.0062 2912 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINNT\system32\drivers\VolSnap.sys
16:13:31.0062 2912 VolSnap - ok
16:13:31.0187 2912 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINNT\system32\DRIVERS\wanarp.sys
16:13:31.0187 2912 Wanarp - ok
16:13:31.0281 2912 wanatw - ok
16:13:31.0343 2912 WDICA - ok
16:13:31.0484 2912 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINNT\system32\drivers\wdmaud.sys
16:13:31.0500 2912 wdmaud - ok
16:13:31.0671 2912 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINNT\System32\drivers\ws2ifsl.sys
16:13:31.0671 2912 WS2IFSL - ok
16:13:31.0812 2912 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINNT\system32\DRIVERS\WudfPf.sys
16:13:31.0812 2912 WudfPf - ok
16:13:31.0937 2912 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINNT\system32\DRIVERS\wudfrd.sys
16:13:31.0937 2912 WudfRd - ok
16:13:32.0093 2912 {6080A529-897E-4629-A488-ABA0C29B635E} (e6c22d34baef5196e1b23a4492c275b7) C:\WINNT\system32\drivers\ialmsbw.sys
16:13:32.0093 2912 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
16:13:32.0218 2912 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (6e53bd96b0ebad721cdd6320dbfc3f5f) C:\WINNT\system32\drivers\ialmkchw.sys
16:13:32.0218 2912 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
16:13:32.0250 2912 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:13:32.0375 2912 \Device\Harddisk0\DR0 - ok
16:13:32.0390 2912 Boot (0x1200) (ec16924fae9f0c667c4329a38ab0d218) \Device\Harddisk0\DR0\Partition0
16:13:32.0390 2912 \Device\Harddisk0\DR0\Partition0 - ok
16:13:32.0390 2912 ============================================================
16:13:32.0390 2912 Scan finished
16:13:32.0390 2912 ============================================================
16:13:32.0406 2836 Detected object count: 0
16:13:32.0406 2836 Actual detected object count: 0

Aldaris · #9 Příspěvek od **Aldaris** » 28 led 2012 22:23

Jo ty uz jsi mi na nej vlastne dneska daval odkaz, zapomnel jsem

Kód: Vybrat vše

MBRScan v1.0.7

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 15 Model 2 Stepping 9, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/01/28 (ISO 8601) at 16:22:14
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __Maxtor 6Y120L0 (YAR41BW0)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	114.5 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : 87A8D7694947F13BEE9D262C90769784
MBR_SHA1  : 76948BD07AFC8F26E8F3F12A0FDA920A3D09C03E

Device\Harddisk0\Partition1	114.5 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	6.94 Mo  	0x17 Hidden HPFS/NTFS 
________________________________________________________________________________


_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 06 7D 06 7D 00 00 80 01   .....,Dc.}.}....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 A3 BF 4F 0E 00 FE   ...þ..?...£¿O..þ
0x000001D0   FF FF 17 FE FF FF E2 BF 4F 0E 8E 37 00 00 00 00   ...þ..â¿O..7....
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    33c0            XOR AX, AX   
0x0002    8ed0            MOV SS, AX   
0x0004    bc 007c         MOV SP, 0x7c00   
0x0007    fb              STI   
0x0008    50              PUSH AX   
0x0009    07              POP ES   
0x000A    50              PUSH AX   
0x000B    1f              POP DS   
0x000C    fc              CLD   
0x000D    be 1b7c         MOV SI, 0x7c1b   
0x0010    bf 1b06         MOV DI, 0x61b   
0x0013    50              PUSH AX   
0x0014    57              PUSH DI   
0x0015    b9 e501         MOV CX, 0x1e5   
0x0018    f3 a4           REP MOVSB   
0x001A    cb              RETF   
0x001B    bd be07         MOV BP, 0x7be   
0x001E    b1 04           MOV CL, 0x4   
0x0020    386e 00         CMP [BP+0x0], CH   
0x0023    7c 09           JL 0x2e   
0x0025    75 13           JNZ 0x3a   
0x0027    83c5 10         ADD BP, 0x10   
0x002A    e2 f4           LOOP 0x20   
0x002C    cd 18           INT 0x18   
0x002E    8bf5            MOV SI, BP   
0x0030    83c6 10         ADD SI, 0x10   
0x0033    49              DEC CX   
0x0034    74 19           JZ 0x4f   
0x0036    382c            CMP [SI], CH   
0x0038    74 f6           JZ 0x30   
0x003A    a0 b507         MOV AL, [0x7b5]   
0x003D    b4 07           MOV AH, 0x7   
0x003F    8bf0            MOV SI, AX   
0x0041    ac              LODSB   
0x0042    3c 00           CMP AL, 0x0   
0x0044    74 fc           JZ 0x42   
0x0046    bb 0700         MOV BX, 0x7   
0x0049    b4 0e           MOV AH, 0xe   
0x004B    cd 10           INT 0x10   
0x004D    eb f2           JMP 0x41   
0x004F    884e 10         MOV [BP+0x10], CL   
0x0052    e8 4600         CALL 0x9b   
0x0055    73 2a           JAE 0x81   
0x0057    fe46 10         INC BYTE [BP+0x10]   
0x005A    807e 04 0b      CMP BYTE [BP+0x4], 0xb   
0x005E    74 0b           JZ 0x6b   
0x0060    807e 04 0c      CMP BYTE [BP+0x4], 0xc   
0x0064    74 05           JZ 0x6b   
0x0066    a0 b607         MOV AL, [0x7b6]   
0x0069    75 d2           JNZ 0x3d   
0x006B    8046 02 06      ADD BYTE [BP+0x2], 0x6   
0x006F    8346 08 06      ADD WORD [BP+0x8], 0x6   
0x0073    8356 0a 00      ADC WORD [BP+0xa], 0x0   
0x0077    e8 2100         CALL 0x9b   
0x007A    73 05           JAE 0x81   
0x007C    a0 b607         MOV AL, [0x7b6]   
0x007F    eb bc           JMP 0x3d   
0x0081    813e fe7d 55aa  CMP WORD [0x7dfe], 0xaa55   
0x0087    74 0b           JZ 0x94   
0x0089    807e 10 00      CMP BYTE [BP+0x10], 0x0   
0x008D    74 c8           JZ 0x57   
0x008F    a0 b707         MOV AL, [0x7b7]   
0x0092    eb a9           JMP 0x3d   
0x0094    8bfc            MOV DI, SP   
0x0096    1e              PUSH DS   
0x0097    57              PUSH DI   
0x0098    8bf5            MOV SI, BP   
0x009A    cb              RETF   
0x009B    bf 0500         MOV DI, 0x5   
0x009E    8a56 00         MOV DL, [BP+0x0]   
0x00A1    b4 08           MOV AH, 0x8   
0x00A3    cd 13           INT 0x13   
0x00A5    72 23           JB 0xca   
0x00A7    8ac1            MOV AL, CL   
0x00A9    24 3f           AND AL, 0x3f   
0x00AB    98              CBW   
0x00AC    8ade            MOV BL, DH   
0x00AE    8afc            MOV BH, AH   
0x00B0    43              INC BX   
0x00B1    f7e3            MUL BX   
0x00B3    8bd1            MOV DX, CX   
0x00B5    86d6            XCHG DH, DL   
0x00B7    b1 06           MOV CL, 0x6   
0x00B9    d2ee            SHR DH, CL   
0x00BB    42              INC DX   
0x00BC    f7e2            MUL DX   
0x00BE    3956 0a         CMP [BP+0xa], DX   
0x00C1    77 23           JA 0xe6   
0x00C3    72 05           JB 0xca   
0x00C5    3946 08         CMP [BP+0x8], AX   
0x00C8    73 1c           JAE 0xe6   
0x00CA    b8 0102         MOV AX, 0x201   
0x00CD    bb 007c         MOV BX, 0x7c00   
0x00D0    8b4e 02         MOV CX, [BP+0x2]   
0x00D3    8b56 00         MOV DX, [BP+0x0]   
0x00D6    cd 13           INT 0x13   
0x00D8    73 51           JAE 0x12b   
0x00DA    4f              DEC DI   
0x00DB    74 4e           JZ 0x12b   
0x00DD    32e4            XOR AH, AH   
0x00DF    8a56 00         MOV DL, [BP+0x0]   
0x00E2    cd 13           INT 0x13   
0x00E4    eb e4           JMP 0xca   
0x00E6    8a56 00         MOV DL, [BP+0x0]   
0x00E9    60              PUSHA   
0x00EA    bb aa55         MOV BX, 0x55aa   
0x00ED    b4 41           MOV AH, 0x41   
0x00EF    cd 13           INT 0x13   
0x00F1    72 36           JB 0x129   
0x00F3    81fb 55aa       CMP BX, 0xaa55   
0x00F7    75 30           JNZ 0x129   
0x00F9    f6c1 01         TEST CL, 0x1   
0x00FC    74 2b           JZ 0x129   
0x00FE    61              POPA   
0x00FF    60              PUSHA   
0x0100    6a 00           PUSH 0x0   
0x0102    6a 00           PUSH 0x0   
0x0104    ff76 0a         PUSH WORD [BP+0xa]   
0x0107    ff76 08         PUSH WORD [BP+0x8]   
0x010A    6a 00           PUSH 0x0   
0x010C    68 007c         PUSH 0x7c00   
0x010F    6a 01           PUSH 0x1   
0x0111    6a 10           PUSH 0x10   
0x0113    b4 42           MOV AH, 0x42   
0x0115    8bf4            MOV SI, SP   
0x0117    cd 13           INT 0x13   
0x0119    61              POPA   
0x011A    61              POPA   
0x011B    73 0e           JAE 0x12b   
0x011D    4f              DEC DI   
0x011E    74 0b           JZ 0x12b   
0x0120    32e4            XOR AH, AH   
0x0122    8a56 00         MOV DL, [BP+0x0]   
0x0125    cd 13           INT 0x13   
0x0127    eb d6           JMP 0xff   
0x0129    61              POPA   
0x012A    f9              STC   
0x012B    c3              RET   
0x012C    49              DEC CX   
0x012D    6e              OUTSB   
0x012E    76 61           JBE 0x191   
0x0130    6c              INSB   
0x0131    6964 20 7061    IMUL SP, [SI+0x20], 0x6170   
0x0136    72 74           JB 0x1ac   
0x0138    6974 69 6f6e    IMUL SI, [SI+0x69], 0x6e6f   
0x013D    2074 61         AND [SI+0x61], DH   
0x0140    626c 65         BOUND BP, [SI+0x65]   
0x0143    0045 72         ADD [DI+0x72], AL   
0x0146    72 6f           JB 0x1b7   
0x0148    72 20           JB 0x16a   
0x014A    6c              INSB   
0x014B    6f              OUTSW   
0x014C    61              POPA   
0x014D    64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20   
0x0153    70 65           JO 0x1ba   
0x0155    72 61           JB 0x1b8   
0x0157    74 69           JZ 0x1c2   
0x0159    6e              OUTSB   
0x015A    67 2073 79      AND [EBX+0x79], DH   
0x015E    73 74           JAE 0x1d4   
0x0160    65 6d           INS WORD GS:[DI], DX   
0x0162    004d 69         ADD [DI+0x69], CL   
0x0165    73 73           JAE 0x1da   
0x0167    696e 67 206f    IMUL BP, [BP+0x67], 0x6f20   
0x016C    70 65           JO 0x1d3   
0x016E    72 61           JB 0x1d1   
0x0170    74 69           JZ 0x1db   
0x0172    6e              OUTSB   
0x0173    67 2073 79      AND [EBX+0x79], DH   
0x0177    73 74           JAE 0x1ed   
0x0179    65 6d           INS WORD GS:[DI], DX   
0x017B    0000            ADD [BX+SI], AL   
0x017D    0000            ADD [BX+SI], AL   
0x017F    0000            ADD [BX+SI], AL   
0x0181    0000            ADD [BX+SI], AL   
0x0183    0000            ADD [BX+SI], AL   
0x0185    0000            ADD [BX+SI], AL   
0x0187    0000            ADD [BX+SI], AL   
0x0189    0000            ADD [BX+SI], AL   
0x018B    0000            ADD [BX+SI], AL   
0x018D    0000            ADD [BX+SI], AL   
0x018F    0000            ADD [BX+SI], AL   
0x0191    0000            ADD [BX+SI], AL   
0x0193    0000            ADD [BX+SI], AL   
0x0195    0000            ADD [BX+SI], AL   
0x0197    0000            ADD [BX+SI], AL   
0x0199    0000            ADD [BX+SI], AL   
0x019B    0000            ADD [BX+SI], AL   
0x019D    0000            ADD [BX+SI], AL   
0x019F    0000            ADD [BX+SI], AL   
0x01A1    0000            ADD [BX+SI], AL   
0x01A3    0000            ADD [BX+SI], AL   
0x01A5    0000            ADD [BX+SI], AL   
0x01A7    0000            ADD [BX+SI], AL   
0x01A9    0000            ADD [BX+SI], AL   
0x01AB    0000            ADD [BX+SI], AL   
0x01AD    0000            ADD [BX+SI], AL   
0x01AF    0000            ADD [BX+SI], AL   
0x01B1    0000            ADD [BX+SI], AL   
0x01B3    0000            ADD [BX+SI], AL   
0x01B5    2c 44           SUB AL, 0x44   
0x01B7    6306 7d06       ARPL [0x67d], AX   
0x01BB    7d 00           JGE 0x1bd   
0x01BD    0080 0101       ADD [BX+SI+0x101], AL   
0x01C1    0007            ADD [BX], AL   
0x01C3    fe              DB 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff              DB 0xff   
0x01C6    3f              AAS   
0x01C7    0000            ADD [BX+SI], AL   
0x01C9    00a3 bf4f       ADD [BP+DI+0x4fbf], AH   
0x01CD    0e              PUSH CS   
0x01CE    00fe            ADD DH, BH   
0x01D0    ff              DB 0xff   
0x01D1    ff17            CALL [BX]   
0x01D3    fe              DB 0xfe   
0x01D4    ff              DB 0xff   
0x01D5    ffe2            JMP DX   
0x01D7    bf 4f0e         MOV DI, 0xe4f   
0x01DA    8e              DB 0x8e   
0x01DB    37              AAA   
0x01DC    0000            ADD [BX+SI], AL   
0x01DE    0000            ADD [BX+SI], AL   
0x01E0    0000            ADD [BX+SI], AL   
0x01E2    0000            ADD [BX+SI], AL   
0x01E4    0000            ADD [BX+SI], AL   
0x01E6    0000            ADD [BX+SI], AL   
0x01E8    0000            ADD [BX+SI], AL   
0x01EA    0000            ADD [BX+SI], AL   
0x01EC    0000            ADD [BX+SI], AL   
0x01EE    0000            ADD [BX+SI], AL   
0x01F0    0000            ADD [BX+SI], AL   
0x01F2    0000            ADD [BX+SI], AL   
0x01F4    0000            ADD [BX+SI], AL   
0x01F6    0000            ADD [BX+SI], AL   
0x01F8    0000            ADD [BX+SI], AL   
0x01FA    0000            ADD [BX+SI], AL   
0x01FC    0000            ADD [BX+SI], AL   
0x01FE    55              PUSH BP   
0x01FF    aa              STOSB

Aldaris · #10 Příspěvek od **Aldaris** » 28 led 2012 23:15

Partition jsem smazal přes správce disku. Opravdu jsi mi dnes moc pomohl, děkuji za rychlé vyřešení problému. Systém se chová korektně. Brzy pošlu opět nějakou tu stovečku

Aldaris · #11 Příspěvek od **Aldaris** » 29 led 2012 20:24

ComboFix 12-01-29.02 - Owner 01/29/2012 13:44:31.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2543.1785 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~COfPWPqobqLY9p
c:\documents and settings\All Users\Application Data\~COfPWPqobqLY9pr
c:\documents and settings\All Users\Application Data\COfPWPqobqLY9p
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Application Data\Adobe\shalom.exe
c:\documents and settings\Owner\Desktop\System Check.lnk
c:\documents and settings\Owner\g2ax_customer_downloadhelper_win32_x86.exe
c:\documents and settings\Owner\g2mdlhlpx.exe
c:\documents and settings\Owner\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Owner\Start Menu\Programs\System Check
c:\documents and settings\Owner\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Owner\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\Owner\WINDOWS
c:\winnt\~
c:\winnt\help\wmplayer.bak
c:\winnt\jestertb.dll
c:\winnt\system32\FF05DA0D.dll
c:\winnt\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-28 19:54 . 2012-01-28 19:54 512 ----a-w- C:\Physical0MBR.bin
2012-01-28 16:00 . 2012-01-28 16:00 512 ----a-w- C:\PhysicalMBR.bin
2012-01-28 04:49 . 2012-01-28 04:49 -------- d-----w- c:\program files\Ultimate Process Manager
2012-01-28 01:10 . 2011-11-28 17:51 20568 ----a-w- c:\winnt\system32\drivers\aswFsBlk.sys
2012-01-28 01:10 . 2011-11-28 17:53 314456 ----a-w- c:\winnt\system32\drivers\aswSP.sys
2012-01-28 01:10 . 2011-11-28 17:52 34392 ----a-w- c:\winnt\system32\drivers\aswRdr.sys
2012-01-28 01:09 . 2011-11-28 17:52 52952 ----a-w- c:\winnt\system32\drivers\aswTdi.sys
2012-01-28 01:09 . 2011-11-28 17:53 435032 ----a-w- c:\winnt\system32\drivers\aswSnx.sys
2012-01-28 01:09 . 2011-11-28 17:52 111320 ----a-w- c:\winnt\system32\drivers\aswmon2.sys
2012-01-28 01:09 . 2011-11-28 17:51 105176 ----a-w- c:\winnt\system32\drivers\aswmon.sys
2012-01-28 01:09 . 2011-11-28 17:48 30808 ----a-w- c:\winnt\system32\drivers\aavmker4.sys
2012-01-28 01:09 . 2011-11-28 18:01 41184 ----a-w- c:\winnt\avastSS.scr
2012-01-28 01:09 . 2011-11-28 18:01 199816 ----a-w- c:\winnt\system32\aswBoot.exe
2012-01-28 01:09 . 2012-01-28 01:09 -------- d-----w- c:\program files\AVAST Software
2012-01-28 01:09 . 2012-01-28 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-01-28 01:06 . 2012-01-28 15:33 -------- d-----w- c:\program files\trend micro
2012-01-27 07:32 . 2012-01-27 07:32 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-01-27 05:59 . 2012-01-27 05:59 -------- d-----w- c:\documents and settings\Administrator
2012-01-17 00:55 . 2012-01-17 00:56 -------- d-----w- C:\rei
2012-01-17 00:55 . 2012-01-17 00:55 -------- d-----w- c:\program files\Reimage
2012-01-12 19:06 . 2001-08-17 18:48 12160 ---ha-w- c:\winnt\system32\drivers\mouhid.sys
2012-01-12 19:06 . 2001-08-17 18:48 12160 ---ha-w- c:\winnt\system32\dllcache\mouhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2009-06-08 18:21 20464 ----a-w- c:\winnt\system32\drivers\mbam.sys
2011-11-25 21:57 . 1980-01-01 06:00 293376 ---ha-w- c:\winnt\system32\winsrv.dll
2011-11-23 13:25 . 1980-01-01 06:00 1859584 ---ha-w- c:\winnt\system32\win32k.sys
2011-11-18 12:35 . 1980-01-01 06:00 60416 ---ha-w- c:\winnt\system32\packager.exe
2011-11-04 19:20 . 2004-02-06 22:05 916992 ---ha-w- c:\winnt\system32\wininet.dll
2011-11-04 19:20 . 1980-01-01 06:00 43520 ---ha-w- c:\winnt\system32\licmgr10.dll
2011-11-04 19:20 . 1980-01-01 06:00 1469440 ---h--w- c:\winnt\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 05:59 385024 ---ha-w- c:\winnt\system32\html.iec
2011-11-03 15:28 . 2003-05-30 15:00 386048 ---ha-w- c:\winnt\system32\qdvd.dll
2011-11-03 15:28 . 2003-05-30 15:00 1292288 ---ha-w- c:\winnt\system32\quartz.dll
2011-11-01 16:07 . 2004-04-23 21:49 1288704 ---ha-w- c:\winnt\system32\ole32.dll
2008-09-11 21:12 . 2008-09-11 21:01 540857312 ---ha-w- c:\program files\APRO8_Win_WEB_WWEFG.exe
2008-05-14 19:27 . 2008-05-14 19:21 265949336 ---ha-w- c:\program files\AcroPro80_efg.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\atapi.sys
[-] 2003-04-23 . E52B3B3F78C9AE85806CE49DCDD80C18 . 87296 . . [5.1.2600.1211] . . c:\winnt\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[-] 2003-04-23 . E52B3B3F78C9AE85806CE49DCDD80C18 . 87296 . . [5.1.2600.1211] . . c:\winnt\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[-] 2003-03-31 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\winnt\$NtUninstallQ331958$\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gateway Ink Monitor"="c:\program files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe" [2003-11-05 303180]
"NeroCheck"="c:\winnt\System32\NeroCheck.exe" [2001-07-09 155648]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Conime"="c:\winnt\system32\conime.exe" [2008-04-14 27648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"lxecmon.exe"="c:\program files\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files\Lexmark Pro800-Pro900 Series\ezprint.exe" [2010-05-17 148280]
"Lexmark Pro800-Pro900 Series Fax Server"="c:\program files\Lexmark Pro800-Pro900 Series\fm3032.exe" [2010-05-17 316072]
"Malwarebytes' Anti-Malware"="c:\malwarebytes' anti-malware\mbamgui.exe" [2011-12-24 460872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2007-5-17 294912]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone TOTALe\\RosettaStoneTOTALe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINNT\\system32\\lxeccoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R0 sonypvl2;sonypvl2;c:\winnt\system32\drivers\sonypvl2.sys [9/4/2009 11:28 AM 19478]
R1 aswSnx;aswSnx;c:\winnt\system32\drivers\aswSnx.sys [1/27/2012 8:09 PM 435032]
R1 aswSP;aswSP;c:\winnt\system32\drivers\aswSP.sys [1/27/2012 8:10 PM 314456]
R1 sonypvf2;sonypvf2;c:\winnt\system32\drivers\sonypvf2.sys [9/4/2009 11:28 AM 635017]
R1 sonypvt2;sonypvt2;c:\winnt\system32\drivers\sonypvt2.sys [9/4/2009 11:28 AM 431236]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [1/27/2012 8:10 PM 20568]
R2 lxec_device;lxec_device;c:\winnt\system32\lxeccoms.exe -service --> c:\winnt\system32\lxeccoms.exe -service [?]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\winnt\system32\spool\drivers\w32x86\3\lxecserv.exe [5/9/2011 7:15 PM 193192]
R2 MBAMService;MBAMService;c:\malwarebytes' anti-malware\mbamservice.exe [1/27/2012 2:32 AM 652872]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [5/17/2010 2:45 PM 1615176]
R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [6/8/2009 1:21 PM 20464]
S1 sonypvd2;sonypvd2;c:\winnt\system32\drivers\sonypvd2.sys [9/4/2009 11:28 AM 64093]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/25/2009 8:14 AM 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\winnt\system32\drivers\BrSerIb.sys [1/25/2011 1:25 PM 71424]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\winnt\system32\drivers\BrUsbSib.sys [1/25/2011 1:25 PM 11520]
S3 cpuz134;cpuz134;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 esihdrv;esihdrv;\??\c:\docume~1\Owner\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\Owner\LOCALS~1\Temp\esihdrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/25/2009 8:14 AM 133104]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\winnt\system32\drivers\nwusbser2.sys [4/19/2007 11:09 AM 99200]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-01-29 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 13:13]
.
2012-01-28 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 13:13]
.
2004-03-25 c:\winnt\Tasks\ISP signup reminder 1.job
- c:\winnt\System32\OOBE\oobebaln.exe [2003-10-06 00:12]
.
2004-04-02 c:\winnt\Tasks\ISP signup reminder 2.job
- c:\winnt\System32\OOBE\oobebaln.exe [2003-10-06 00:12]
.
2004-04-07 c:\winnt\Tasks\ISP signup reminder 3.job
- c:\winnt\System32\OOBE\oobebaln.exe [2003-10-06 00:12]
.
2012-01-20 c:\winnt\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2012-01-05 15:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.0.1
DPF: {944713E8-1F29-42D9-ABD5-557728B9AC97} - hxxps://ilnet.wellsfargo.com/ilonline/clickloan/ptclickloanwf.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-29 14:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-01-29 14:14:41
ComboFix-quarantined-files.txt 2012-01-29 19:14
.
Pre-Run: 63,712,825,344 bytes free
Post-Run: 64,110,977,024 bytes free
.
- - End Of File - - 2A5DE959A6185B63DFB4E620DC235217

Aldaris · #12 Příspěvek od **Aldaris** » 30 led 2012 17:10

Soubor je cisty (0/43) a v popisu je napsano "Console IME"

Aldaris · #13 Příspěvek od **Aldaris** » 30 led 2012 17:36

Paráda, ještě jednou díky

VIRY.CZ

Prohlizec presmerovava, adware, rootkity

Prohlizec presmerovava, adware, rootkity

Re: Prohlizec presmerovava, adware, rootkity

Re: Prohlizec presmerovava, adware, rootkity

Re: Prohlizec presmerovava, adware, rootkity

Re: Prohlizec presmerovava, adware, rootkity

Re: Prohlizec presmerovava, adware, rootkity

Re: Prohlizec presmerovava, adware, rootkity

Re: Prohlizec presmerovava, adware, rootkity

Re: Prohlizec presmerovava, adware, rootkity

Re: Prohlizec presmerovava, adware, rootkity

Re: Prohlizec presmerovava, adware, rootkity

Re: Prohlizec presmerovava, adware, rootkity

Re: Prohlizec presmerovava, adware, rootkity