Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen trojský

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Well
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 25 bře 2012 00:09

MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen trojský

#1 Příspěvek od Well »

Dobrý večer,
viz. nadpis, nod začal hlásit po tom co jsem ho po delší době nechal aktualizovat. Vír to vypsalo celkem 3x zde příkládám log.
Bojím se aby se nestalo něco s OS nebo abych nepřišel o duležitá data které mama na disku..
Děkuji za pomoc

Log ke stáhnutí zde : http://leteckaposta.cz/807775405

Logfile of random's system information tool 1.09 (written by random/random)
Run by Well at 2012-03-25 01:00:30
Microsoft Windows 7 Ultimate
System drive C: has 15 GB (15%) free of 100 GB
Total RAM: 4095 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:00:32, on 25.3.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Seznam.cz\bin\postak.exe
D:\Hry\SteamClient\Steam.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\trend micro\Well.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_1.dll
R3 - URLSearchHook: softxpansion Toolbar - {09941640-d3fa-4943-8e5c-8f838e4b058b} - C:\Program Files (x86)\softxpansion\tbsoft.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: softxpansion Toolbar - {09941640-d3fa-4943-8e5c-8f838e4b058b} - C:\Program Files (x86)\softxpansion\tbsoft.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\Inbox Toolbar\Inbox.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_1.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: softxpansion Toolbar - {09941640-d3fa-4943-8e5c-8f838e4b058b} - C:\Program Files (x86)\softxpansion\tbsoft.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\Inbox Toolbar\Inbox.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Samsung_AppInst] H:\SamsungSoftware\AppInst.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files (x86)\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [Steam] "D:\Hry\SteamClient\steam.exe" -silent
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1552637797-538921506-3541309676-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1552637797-538921506-3541309676-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files (x86)\Software602\Print2PDF\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files (x86)\Software602\Print2PDF\Print602.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} (MediaLoader Class) - http://www.bravearms.com/razor/plugins/ ... Player.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/stati ... 0.53.2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\Inbox Toolbar\Inbox.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13301 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1ac3557b-c18f-4872-b9a7-5d699ff76619 -SystemEventPortName:HostProcess-44a44f42-4aa1-45f4-a0e7-c1c04dcb8d62 -IoCancelEventPortName:HostProcess-ee0d310b-72cb-4d3e-b39e-036b82dada40 -NonStateChangingEventPortName:HostProcess-c16af4ce-da6c-4585-ba46-0a05d7631190 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4c21cfdf-6edb-4b97-a17a-73c33f1e57c4
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
"C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Seznam.cz\bin\postak.exe" -s
"D:\Hry\SteamClient\Steam.exe" -silent
"C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\Windows\System32\mobsync.exe -Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe"
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe" /TUStart /pid:4560
"taskhost.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe18_ Global\UsGthrCtrlFltPipeMssGthrPipe18 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Well\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09941640-d3fa-4943-8e5c-8f838e4b058b}]
softxpansion Toolbar - C:\Program Files (x86)\softxpansion\tbsoft.dll [2007-08-28 1440792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-08-22 414416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~2\Inbox Toolbar\Inbox.dll [2011-09-20 874664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-05-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_1.dll [2010-10-17 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2010-03-25 1548096]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_1.dll [2010-10-17 2735200]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{09941640-d3fa-4943-8e5c-8f838e4b058b} - softxpansion Toolbar - C:\Program Files (x86)\softxpansion\tbsoft.dll [2007-08-28 1440792]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~2\Inbox Toolbar\Inbox.dll [2011-09-20 874664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 2114376]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-31 2840352]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-03-04 740216]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"Samsung_AppInst"=H:\SamsungSoftware\AppInst.exe []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"Seznam Postak"=C:\Program Files (x86)\Seznam.cz\bin\postak.exe [2012-01-10 491040]
"Steam"=D:\Hry\SteamClient\steam.exe [2011-08-11 1242448]
"KiesHelper"=C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2011-12-27 937360]
"KiesPDLR"=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-12-27 21392]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-02-29 17148552]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"Print2PDF Print Monitor"=C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe [2009-02-25 77824]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2011-12-27 3508624]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2012-02-28 1987976]

C:\Users\Well\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Samsung Auto Backup Guage.lnk - C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe
Samsung Auto Backup Real-Time Daemon.lnk - C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
Samsung Auto Backup Scheduler.lnk - C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"bin\CodeMeter.exe"="C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
"C:\Users\Well\Desktop\P17535732.JPG.exe"="C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"bin\CodeMeter.exe"="C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isfguage.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isfmgr.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isfrealtimed.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isftimerd.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\print2pdf.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\print2pdfadmin.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\szmgr.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninst.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-25 00:07:10 ----D---- C:\Program Files\trend micro
2012-03-25 00:07:09 ----D---- C:\rsit
2012-03-24 23:11:06 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2012-03-24 23:10:27 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2012-03-24 22:59:59 ----D---- C:\VB
2012-03-24 21:39:28 ----D---- C:\VBI
2012-03-24 19:24:16 ----DC---- C:\Windows\system32\DRVSTORE
2012-03-11 14:29:26 ----D---- C:\Program Files\n2n Gui
2012-03-11 14:29:26 ----A---- C:\Windows\system32\drivers\tap0901.sys
2012-03-11 14:18:37 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2012-03-11 14:01:04 ----D---- C:\Program Files (x86)\Mplayer
2012-03-11 13:44:16 ----A---- C:\Windows\Q3version.ini
2012-03-11 13:42:12 ----A---- C:\Windows\Qiii.INI
2012-03-08 12:35:15 ----D---- C:\Windows\Minidump
2012-02-29 00:52:36 ----D---- C:\Program Files (x86)\MSECache
2012-02-29 00:15:07 ----D---- C:\Output
2012-02-29 00:13:33 ----D---- C:\Program Files (x86)\Free Power Word to Pdf Converter
2012-02-29 00:03:09 ----D---- C:\Program Files (x86)\WordToPDF

======List of files/folders modified in the last 1 month======

2012-03-25 01:00:32 ----D---- C:\Windows\Temp
2012-03-25 01:00:00 ----D---- C:\Users\Well\AppData\Roaming\uTorrent
2012-03-25 00:50:45 ----D---- C:\Users\Well\AppData\Roaming\Skype
2012-03-25 00:07:21 ----D---- C:\Windows\Prefetch
2012-03-25 00:07:10 ----RD---- C:\Program Files
2012-03-24 23:46:32 ----D---- C:\Windows\system32\config
2012-03-24 23:41:12 ----SHD---- C:\Windows\Installer
2012-03-24 23:36:17 ----SHD---- C:\System Volume Information
2012-03-24 23:34:58 ----D---- C:\Windows\system32\DriverStore
2012-03-24 23:34:58 ----D---- C:\Windows\system32\catroot
2012-03-24 23:34:58 ----D---- C:\Windows\inf
2012-03-24 23:34:41 ----D---- C:\Windows\system32\drivers
2012-03-24 23:34:41 ----D---- C:\Windows\System32
2012-03-24 12:14:23 ----RD---- C:\Program Files (x86)\Skype
2012-03-24 12:14:23 ----D---- C:\Program Files (x86)\Common Files
2012-03-24 12:14:22 ----D---- C:\ProgramData\Skype
2012-03-21 15:52:38 ----D---- C:\Windows\system32\catroot2
2012-03-19 20:38:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-12 07:18:32 ----D---- C:\Windows
2012-03-11 14:18:37 ----RD---- C:\Program Files (x86)
2012-03-11 13:50:27 ----D---- C:\Windows\system32\Tasks
2012-03-11 13:49:15 ----D---- C:\Temp
2012-03-11 12:17:07 ----D---- C:\Windows\SysWOW64
2012-03-09 14:19:22 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-03-09 14:17:20 ----D---- C:\ProgramData\NVIDIA
2012-02-29 00:08:13 ----D---- C:\Windows\SYSWOW64\lib
2012-02-29 00:08:11 ----D---- C:\Windows\SYSWOW64\fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-18 871408]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-03-31 139704]
R2 aksdf;aksdf; C:\Windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-03-31 164912]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-03-31 124760]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2006-12-04 314368]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-08-23 56320]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-04-26 31232]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 ap6ecrp5;ap6ecrp5; C:\Windows\system32\drivers\ap6ecrp5.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena\safedrv.sys []
S3 mdf15;mdf15; \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mdf15.sys [2010-03-18 12288]
S3 mvd21;mvd21; \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mvd21.sys [2010-06-14 64512]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 144656]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-03-31 810120]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-10-27 1974080]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-03-22 489256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-31 42336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-02 1030600]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 136176]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SZASSIST;SecretZone Assist Service; C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-07-30 90112]
S4 WPEServ;soft Xpansion Print2Document; C:\Program Files (x86)\Common Files\WPE\wpeserv.exe [2008-03-17 339968]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen troj

#2 Příspěvek od vyosek »

Zdravim a pekny den preji :)

:arrow: Proc jste nemel doposud aktualizovany NOD :???:

:arrow: Nejak vam chybi ServicePack 1 pro windows ultimate

:arrow: Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

:arrow: Predpokladam ze ten NOD32 mate legalni = zakoupena licence :???:

:arrow: Mohu mit dotaz, proc si bezny uzivatel kupuje nejvyssi licenci Windows Ultimate, ktera je urcena spise pro velke korporace, kdyz stejne nevyuzije nic vic nez nabizi verze Home Premium :???: A nebo byla "koupena" nekde na internetu :?:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Well
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 25 bře 2012 00:09

Re: MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen troj

#3 Příspěvek od Well »

NOD nebyl dlouho aktualizovaný kvůli vypršení zkušební licence která byla přespána.
SP - ihned doinstaluji stejně jak ostatní aktualizace
Verze windows ultimate je koupena nekoupena... (jako student nemám peníze investovat tak jako čas hledat alternativy) Snad mě chápete..

Děkuji

info.txt logfile of random's system information tool 1.09 2012-03-25 00:07:33

======Uninstall list======

-->C:\Program Files (x86)\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -maintain plugin
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader 9.5.0 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A95000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Aktualizace NVIDIA 1.5.20-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.3\NVI2.DLL",UninstallPackage Display.Update
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
ASIO4ALL-->C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
ASUS RT-N10 Wireless Router Utilities-->C:\Program Files (x86)\InstallShield Installation Information\{B3618069-84A2-4767-9855-463C971C1959}\Setup.exe -runfromtemp -l0x0005 -removeonly
BS.Player FREE-->"C:\Program Files (x86)\Webteh\BSplayer\uninstall.exe"
BS_Player Toolbar-->C:\PROGRA~2\BS_PLA~1\UNWISE.EXE /U C:\PROGRA~2\BS_PLA~1\INSTALL.LOG
Canon MP Navigator EX 2.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 2.0\uninst.ini
Canon MP540 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series /L0x0005
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe uninst.ini
CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
Counter-Strike Source-->MsiExec.exe /X{0A88700E-74DF-4CBF-B4F2-2F2147D416DA}
Counter-Strike: Source Beta-->"D:\Hry\SteamClient\steam.exe" steam://uninstall/260
Counter-Strike: Source-->"D:\Hry\SteamClient\steam.exe" steam://uninstall/240
DAEMON Tools Toolbar-->C:\Program Files (x86)\DAEMON Tools Toolbar\uninst.exe
EAGLE 5.7.0-->cmd.exe /c start "EAGLE Uninstaller" /min "C:\Program Files (x86)\EAGLE-5.7.0\bin\uninstall.bat" C:\Program Files (x86)\EAGLE-5.7.0\bin
Easy Website Photo Gallery 1.1-->"C:\Program Files (x86)\Easy Website Photo Gallery\unins000.exe"
EVEREST Ultimate Edition v5.50-->"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
GamePlayLabs Plugin-->"C:\Users\Well\AppData\Local\GamePlayLabs Plugin\Uninstall.exe"
GIMP 2.6.11-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe"
Google Earth Plug-in-->MsiExec.exe /X{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HASP Emulator Professiaonal Edition V2.33 for Windows NT/W2K/XP-->C:\PROGRA~2\HaspEmulPE.XP\UNWISE.EXE C:\PROGRA~2\HaspEmulPE.XP\INSTALL.LOG
Heroes of Newerth-->D:\Hry\Heroes of Newerth\uninstall.exe
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B6E073B9-F238-379A-AA45-D323CD308DAE} /parameterfolder Client
Inbox Toolbar-->"C:\Program Files (x86)\Inbox Toolbar\unins000.exe"
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
LogMeIn Hamachi-->C:\Windows\SysWOW64\\msiexec.exe /i {E2494AD8-314D-44F8-B39C-4358A60DC184} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{E2494AD8-314D-44F8-B39C-4358A60DC184}
Macromedia HomeSite 5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{74307C3F-EBD4-11D4-A4D9-0010A4C3AFF0}\Setup.exe" AnyText
Macromedia HomeSite+-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}\Setup.exe"
MetaTrader FIX -->"C:\Program Files (x86)\MetaTrader FIX\Uninstall.exe" "C:\Program Files (x86)\MetaTrader FIX\install.log"
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{790E02A1-145A-3843-8C13-A4F41C9B48B7}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended CSY Language Pack-->MsiExec.exe /X{A324DC11-FF02-3CE8-9D6F-67EBC006D970}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B0-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft XNA Framework Redistributable 4.0-->MsiExec.exe /I{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}
Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mumble and Murmur-->C:\Program Files (x86)\Mumble\Uninstall.exe
n2n Gui 0.49-->"C:\Program Files\n2n Gui\unins000.exe"
Nero 8-->MsiExec.exe /X{6D45EF03-E8EE-4355-81C3-F918CBCF1029}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA 3D Vision Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly
NVIDIA Ovladač řídící jednotky 3D Vision 285.62-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.3\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA Ovladače grafiky 285.62-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.3\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}
NVIDIA Systémový software PhysX 9.11.0621-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.2\NVI2.DLL",UninstallPackage Display.PhysX
OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U
Opera 11.61-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Pixie 1.4.1-->"C:\Program Files (x86)\Pixie\unins000.exe"
Plus500-->C:\Program Files (x86)\Plus500\Plus500.exe /uninstall
PoiZone-->C:\Program Files (x86)\Image-Line\PoiZone\uninstall.exe
Print2PDF-->C:\Program Files (x86)\InstallShield Installation Information\{32C74893-0243-4235-A6F3-201F0E5D2C03}\setup.exe -runfromtemp -l0x0005 REMOVE
PSPad editor-->"C:\Program Files (x86)\PSPad editor\Uninst\unins000.exe"
PunkBuster Services-->C:\Program Files (x86)\EA Games\Battlefield Play4Free\pbsvc_p4f.exe -u
Quake III Arena-->C:\Windows\IsUninst.exe -f"D:\Hry\Quake III Arena\QIII.isu"
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Rapture3D 2.4.8 Game-->"C:\Program Files (x86)\BRS\unins000.exe"
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->c:\program files (x86)\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|12.0
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
Registrace uživatele zařízení Canon MP540 series-->C:\Program Files (x86)\Canon\IJEREG\MP540 series\UNINST.EXE
Samsung Auto Backup-->"C:\Program Files (x86)\InstallShield Installation Information\{821D6F49-1B20-4809-8C73-286CFC52B1B1}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung Kies-->"C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Samsung Kies-->MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A}
Samsung Mobile phone USB driver Drive Software-->C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Samsung SecretZone-->"C:\Program Files (x86)\InstallShield Installation Information\{66491E5A-7899-4863-A2E9-057E10BCB578}\setup.exe" -runfromtemp -l0x0009 -removeonly
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe
Sawer-->C:\Program Files (x86)\Image-Line\Sawer\uninstall.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Seznam Pošťák 2 (Všichni uživatelé tohoto počítače.)-->"C:\Program Files (x86)\Seznam.cz\postak-uninstall.exe" /AllUsers
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.8-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
soft Xpansion PDF Quick Master 5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\Professional\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D980202C-4681-4D9A-848C-875ABAA1870A}\setup.exe" -l0x9
softxpansion Toolbar-->C:\PROGRA~2\softxpansion\UNWISE.EXE C:\PROGRA~2\softxpansion\INSTALL.LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"D:\Hry\SteamClient\steam.exe" steam://uninstall/440
TeamViewer 6-->C:\Program Files (x86)\TeamViewer\Version6\uninstall.exe
The KMPlayer (remove only)-->"C:\Program Files (x86)\The KMPlayer\uninstall.exe"
TopStyle Lite (Version 3.0)-->C:\Windows\unlite3.exe "C:\Program Files (x86)\Bradbury\TopStyle3\"
Total Commander (Remove or Repair)-->C:\Program Files (x86)\totalcmd\tcuninst.exe
TuneUp Utilities 2011-->C:\Program Files (x86)\TuneUp Utilities 2011\TUInstallHelper.exe --Trigger-Uninstall
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Vienna Miranda Pack 1.1.0-->C:\Program Files (x86)\Miranda IMM\Uninstall.exe
VLC media player 1.1.11-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Vypínač na dobrou noc verze 2.0-->"C:\Program Files (x86)\Vypínač na dobrou noc\unins000.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
Word to PDF Converter 3.0-->"C:\Program Files (x86)\PDF-Convert\doc2pdf\unins000.exe"
WordToPDF v.2.1-->"C:\Program Files (x86)\WordToPDF\unins000.exe"
wx-devcpp 6.10.2 (4.9.9.2)-->"C:\Program Files (x86)\Dev-Cpp\uninstall.exe"

======Hosts File======

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com

======System event log======

Computer Name: Well-PC
Event Code: 7036
Message: Stav služby Šifrování byl změněn na: Zastaveno
Record Number: 128691
Source Name: Service Control Manager
Time Written: 20110822204607.162133-000
Event Type: Informace
User:

Computer Name: Well-PC
Event Code: 7036
Message: Stav služby Mezipaměť písem Windows byl změněn na: Zastaveno
Record Number: 128690
Source Name: Service Control Manager
Time Written: 20110822204607.052933-000
Event Type: Informace
User:

Computer Name: Well-PC
Event Code: 7036
Message: Stav služby Hostitel zařízení UPnP byl změněn na: Zastaveno
Record Number: 128689
Source Name: Service Control Manager
Time Written: 20110822204607.037333-000
Event Type: Informace
User:

Computer Name: Well-PC
Event Code: 7036
Message: Stav služby Protokol událostí systému Windows byl změněn na: Zastaveno
Record Number: 128688
Source Name: Service Control Manager
Time Written: 20110822204606.928133-000
Event Type: Informace
User:

Computer Name: Well-PC
Event Code: 7036
Message: Stav služby Služba WMI byl změněn na: Zastaveno
Record Number: 128687
Source Name: Service Control Manager
Time Written: 20110822204606.522532-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPDriverNotFound
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x64
P2: ACPI\ATK0110
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Připojené soubory:
C:\Windows\Temp\DMICEC3.tmp.log.xml

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_7b90e53f6497da36d01d2c8167badd7549330a6_cab_037dcf01

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: c5d338df-4a66-11df-b9a5-843e72a1a19d
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20100417211832.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100417211729.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100417211726.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100417211723.111283-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100417211723.000000-000
Event Type: Informace
User:
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen troj

#4 Příspěvek od vyosek »

:arrow: Nechapu, jelikoz tez studuji a mam koupenou verzi Home, ktera naprosto staci

:arrow: Ad ESET

Cituji licencni podminky ESETu
6. Omezení práv Koncového uživatele.
g) Nesmíte používat Software získaný jako zkušební verze nebo Not-For-Resale (dále jen „NFR“) v rozporu s dobrými mravy za účelem vyhnutí se zaplacení Licenčního poplatku dle článku 17.
18. NFR a zkušební verze.
Software dodaný jako NFR nebo zkušební verze můžete použít výhradně na ověření a testování vlastností Software.
Tudiz tam mate ESS nelegalne - opakove pouzivani trial licence - dle pravidel fora se vsak nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava Obrázek, pachate trestny cin a ten jako takovy nebude nasim forem podporovan. Uvedomte si, ze jste na bezpecnostnim foru - podpora warezu (zvlaste bezpecnostnich programu) by byla zcela proti logice fora :!:

:arrow: Odinstalujte nelegalni ESET

:arrow: Nainstalujte free reseni (Avast, Avira ci MSE)

:arrow: Dejte novy log z RSIT a pak budem pokracovat. Tentokrat polecime i kdyz tam mate nelegalni W7, jelikoz tu jste poprve, priste ale bude pomoc odmitnuta :!:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Well
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 25 bře 2012 00:09

Re: MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen troj

#5 Příspěvek od Well »

Děkuji za vstřícnost,

- Nod odinstalován nainstalovaný free Avast - který taky zahlásil stejný vir
- Nainstalovaný všechny aktuliazace W7 krom SP1 , jehož instalace je z důvodu výše nemožná

INFO : http://leteckaposta.cz/657281047
LOG : http://leteckaposta.cz/508357056
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen troj

#6 Příspěvek od vyosek »

Log.txt mi sem vlozte prosim - lepe se to lusti
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Well
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 25 bře 2012 00:09

Re: MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen troj

#7 Příspěvek od Well »

Ok , oba se mi tu nevešly..

Logfile of random's system information tool 1.09 (written by random/random)
Run by Well at 2012-03-25 11:14:30
Microsoft Windows 7 Ultimate
System drive C: has 14 GB (14%) free of 100 GB
Total RAM: 4095 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:14:33, on 25.3.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Seznam.cz\bin\postak.exe
D:\Hry\SteamClient\Steam.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Well.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_1.dll
R3 - URLSearchHook: softxpansion Toolbar - {09941640-d3fa-4943-8e5c-8f838e4b058b} - C:\Program Files (x86)\softxpansion\tbsoft.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: softxpansion Toolbar - {09941640-d3fa-4943-8e5c-8f838e4b058b} - C:\Program Files (x86)\softxpansion\tbsoft.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\Inbox Toolbar\Inbox.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_1.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: softxpansion Toolbar - {09941640-d3fa-4943-8e5c-8f838e4b058b} - C:\Program Files (x86)\softxpansion\tbsoft.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\Inbox Toolbar\Inbox.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Samsung_AppInst] H:\SamsungSoftware\AppInst.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files (x86)\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [Steam] "D:\Hry\SteamClient\steam.exe" -silent
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1552637797-538921506-3541309676-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1552637797-538921506-3541309676-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files (x86)\Software602\Print2PDF\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files (x86)\Software602\Print2PDF\Print602.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} (MediaLoader Class) - http://www.bravearms.com/razor/plugins/ ... Player.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/stati ... 0.53.2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\Inbox Toolbar\Inbox.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13540 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5cc6b137-9f78-45f1-990a-415b6ab60e1d -SystemEventPortName:HostProcess-aa53191d-2445-4d32-8c8b-fcd82c308dcc -IoCancelEventPortName:HostProcess-e3802c99-0566-4aad-bb05-a68fa68ab6f2 -NonStateChangingEventPortName:HostProcess-24b18655-a578-4864-8b83-ef2025533a2b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:0f9c876e-74f8-4f98-82f0-e55dcf7fa151
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
taskeng.exe {BD6038B0-CD4B-4084-A083-EDE15E6A39BF}
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe" /TUStart /pid:1760
"C:\Windows\system32\Dwm.exe"
taskeng.exe {F6E532E2-953D-4B0D-BAAC-A616C26AB519}
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
"C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Seznam.cz\bin\postak.exe" -s
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe"
"D:\Hry\SteamClient\Steam.exe" -silent
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -UseCLSID {51A54658-5745-4AF0-8F33-0D58EFFC5640} -Comment "NGen Worker Process"
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Well\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-07 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09941640-d3fa-4943-8e5c-8f838e4b058b}]
softxpansion Toolbar - C:\Program Files (x86)\softxpansion\tbsoft.dll [2007-08-28 1440792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-08-22 414416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~2\Inbox Toolbar\Inbox.dll [2011-09-20 874664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-05-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_1.dll [2010-10-17 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2010-03-25 1548096]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-07 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_1.dll [2010-10-17 2735200]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{09941640-d3fa-4943-8e5c-8f838e4b058b} - softxpansion Toolbar - C:\Program Files (x86)\softxpansion\tbsoft.dll [2007-08-28 1440792]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~2\Inbox Toolbar\Inbox.dll [2011-09-20 874664]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 2114376]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-03-04 740216]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"Samsung_AppInst"=H:\SamsungSoftware\AppInst.exe []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"Seznam Postak"=C:\Program Files (x86)\Seznam.cz\bin\postak.exe [2012-01-10 491040]
"Steam"=D:\Hry\SteamClient\steam.exe [2011-08-11 1242448]
"KiesHelper"=C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2011-12-28 937360]
"KiesPDLR"=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-12-28 21392]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-02-29 17148552]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"Print2PDF Print Monitor"=C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe [2009-02-25 77824]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2011-12-28 3508624]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2012-02-28 1987976]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]

C:\Users\Well\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Samsung Auto Backup Guage.lnk - C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe
Samsung Auto Backup Real-Time Daemon.lnk - C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
Samsung Auto Backup Scheduler.lnk - C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"bin\CodeMeter.exe"="C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
"C:\Users\Well\Desktop\P17535732.JPG.exe"="C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"bin\CodeMeter.exe"="C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isfguage.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isfmgr.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isfrealtimed.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isftimerd.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\print2pdf.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\print2pdfadmin.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\szmgr.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninst.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-25 10:53:06 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-03-25 10:53:05 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-03-25 10:52:59 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2012-03-25 10:52:58 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-03-25 10:52:57 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-03-25 10:52:57 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-03-25 10:52:57 ----A---- C:\Windows\system32\aswBoot.exe
2012-03-25 10:52:39 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2012-03-25 10:52:39 ----A---- C:\Windows\avastSS.scr
2012-03-25 10:52:32 ----D---- C:\ProgramData\AVAST Software
2012-03-25 10:52:32 ----D---- C:\Program Files\AVAST Software
2012-03-25 10:50:35 ----SHD---- C:\Config.Msi
2012-03-25 10:45:39 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-03-25 10:45:39 ----A---- C:\Windows\system32\mshtmled.dll
2012-03-25 10:45:39 ----A---- C:\Windows\system32\iertutil.dll
2012-03-25 10:45:38 ----A---- C:\Windows\SYSWOW64\url.dll
2012-03-25 10:45:38 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-03-25 10:45:38 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-03-25 10:45:38 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-03-25 10:45:38 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-03-25 10:45:38 ----A---- C:\Windows\system32\url.dll
2012-03-25 10:45:38 ----A---- C:\Windows\system32\jscript9.dll
2012-03-25 10:45:38 ----A---- C:\Windows\system32\jscript.dll
2012-03-25 10:45:38 ----A---- C:\Windows\system32\ieui.dll
2012-03-25 10:45:37 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-03-25 10:45:37 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-03-25 10:45:37 ----A---- C:\Windows\system32\wininet.dll
2012-03-25 10:45:37 ----A---- C:\Windows\system32\urlmon.dll
2012-03-25 10:45:37 ----A---- C:\Windows\system32\jsproxy.dll
2012-03-25 10:45:36 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-03-25 10:45:36 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-03-25 10:45:35 ----A---- C:\Windows\system32\mshtml.dll
2012-03-25 10:45:34 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-03-25 10:45:34 ----A---- C:\Windows\system32\ieframe.dll
2012-03-25 10:44:56 ----A---- C:\Windows\system32\csrsrv.dll
2012-03-25 10:44:39 ----A---- C:\Windows\system32\drivers\dfsc.sys
2012-03-25 10:44:33 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-03-25 10:44:33 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-03-25 10:44:33 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-03-25 10:44:33 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-03-25 10:44:33 ----A---- C:\Windows\system32\wow64win.dll
2012-03-25 10:44:33 ----A---- C:\Windows\system32\wow64.dll
2012-03-25 10:44:33 ----A---- C:\Windows\system32\winsrv.dll
2012-03-25 10:44:33 ----A---- C:\Windows\system32\ntvdm64.dll
2012-03-25 10:44:33 ----A---- C:\Windows\system32\KernelBase.dll
2012-03-25 10:44:33 ----A---- C:\Windows\system32\kernel32.dll
2012-03-25 10:44:33 ----A---- C:\Windows\system32\conhost.exe
2012-03-25 10:44:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-03-25 10:44:32 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-03-25 10:44:32 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-03-25 10:44:32 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-03-25 10:44:32 ----A---- C:\Windows\system32\wow64cpu.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-03-25 10:44:31 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-03-25 10:44:30 ----A---- C:\Windows\SYSWOW64\user.exe
2012-03-25 10:44:29 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-03-25 10:44:28 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-25 10:44:27 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-03-25 10:44:27 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-25 10:44:27 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-25 10:44:26 ----A---- C:\Windows\system32\schannel.dll
2012-03-25 10:44:26 ----A---- C:\Windows\system32\lsasrv.dll
2012-03-25 10:44:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-03-25 10:44:25 ----A---- C:\Windows\SYSWOW64\webio.dll
2012-03-25 10:44:25 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-03-25 10:44:25 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-03-25 10:44:25 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-03-25 10:44:25 ----A---- C:\Windows\system32\webio.dll
2012-03-25 10:44:25 ----A---- C:\Windows\system32\sspisrv.dll
2012-03-25 10:44:25 ----A---- C:\Windows\system32\sspicli.dll
2012-03-25 10:44:25 ----A---- C:\Windows\system32\secur32.dll
2012-03-25 10:44:25 ----A---- C:\Windows\system32\lsass.exe
2012-03-25 10:44:25 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-03-25 10:44:25 ----A---- C:\Windows\system32\drivers\cng.sys
2012-03-25 10:44:24 ----A---- C:\Windows\system32\ntdll.dll
2012-03-25 10:44:23 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2012-03-25 10:44:23 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2012-03-25 10:44:23 ----A---- C:\Windows\system32\DWrite.dll
2012-03-25 10:44:22 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-03-25 10:44:22 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2012-03-25 10:44:22 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2012-03-25 10:44:22 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2012-03-25 10:44:22 ----A---- C:\Windows\system32\d3d10warp.dll
2012-03-25 10:44:22 ----A---- C:\Windows\system32\d3d10_1core.dll
2012-03-25 10:44:22 ----A---- C:\Windows\system32\d3d10_1.dll
2012-03-25 10:44:22 ----A---- C:\Windows\system32\d2d1.dll
2012-03-25 10:44:21 ----A---- C:\Windows\system32\EncDec.dll
2012-03-25 10:44:20 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2012-03-25 10:44:20 ----A---- C:\Windows\system32\drivers\srv2.sys
2012-03-25 10:44:19 ----A---- C:\Windows\system32\drivers\srvnet.sys
2012-03-25 10:44:19 ----A---- C:\Windows\system32\drivers\srv.sys
2012-03-25 10:44:18 ----A---- C:\Windows\system32\psisdecd.dll
2012-03-25 10:44:17 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2012-03-25 10:44:14 ----A---- C:\Windows\system32\win32k.sys
2012-03-25 10:44:13 ----A---- C:\Windows\SYSWOW64\quartz.dll
2012-03-25 10:44:13 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2012-03-25 10:44:13 ----A---- C:\Windows\system32\quartz.dll
2012-03-25 10:44:13 ----A---- C:\Windows\system32\qdvd.dll
2012-03-25 10:44:12 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2012-03-25 10:44:12 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2012-03-25 10:44:12 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2012-03-25 10:44:11 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2012-03-25 10:44:11 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2012-03-25 10:44:11 ----A---- C:\Windows\system32\oleaut32.dll
2012-03-25 10:44:11 ----A---- C:\Windows\system32\oleacc.dll
2012-03-25 10:44:08 ----A---- C:\Windows\system32\odbctrac.dll
2012-03-25 10:44:08 ----A---- C:\Windows\system32\odbccu32.dll
2012-03-25 10:44:08 ----A---- C:\Windows\system32\odbccr32.dll
2012-03-25 10:44:08 ----A---- C:\Windows\system32\odbccp32.dll
2012-03-25 10:44:07 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2012-03-25 10:44:07 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2012-03-25 10:44:07 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2012-03-25 10:44:07 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2012-03-25 10:44:07 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2012-03-25 10:44:06 ----A---- C:\Windows\system32\drivers\afd.sys
2012-03-25 10:44:04 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2012-03-25 10:44:04 ----A---- C:\Windows\system32\inetcomm.dll
2012-03-25 10:44:03 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-25 10:44:03 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-25 10:44:03 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-25 10:43:57 ----A---- C:\Windows\system32\msvcrt.dll
2012-03-25 10:43:56 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2012-03-25 10:43:53 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-03-25 10:43:53 ----A---- C:\Windows\system32\tzres.dll
2012-03-25 10:43:48 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2012-03-25 10:43:48 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2012-03-25 10:43:48 ----A---- C:\Windows\system32\umpnpmgr.dll
2012-03-25 10:43:47 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2012-03-25 10:43:47 ----A---- C:\Windows\SYSWOW64\devobj.dll
2012-03-25 10:41:35 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-03-25 10:41:33 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-03-25 10:41:32 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-03-25 10:40:23 ----A---- C:\Windows\SYSWOW64\packager.dll
2012-03-25 10:40:23 ----A---- C:\Windows\system32\packager.dll
2012-03-25 01:07:10 ----D---- C:\Program Files\trend micro
2012-03-25 01:07:09 ----D---- C:\rsit
2012-03-25 00:11:06 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2012-03-25 00:10:27 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2012-03-24 23:59:59 ----D---- C:\VB
2012-03-24 22:39:28 ----D---- C:\VBI
2012-03-24 20:24:16 ----DC---- C:\Windows\system32\DRVSTORE
2012-03-11 15:29:26 ----D---- C:\Program Files\n2n Gui
2012-03-11 15:29:26 ----A---- C:\Windows\system32\drivers\tap0901.sys
2012-03-11 15:18:37 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2012-03-11 15:01:04 ----D---- C:\Program Files (x86)\Mplayer
2012-03-11 14:44:16 ----A---- C:\Windows\Q3version.ini
2012-03-11 14:42:12 ----A---- C:\Windows\Qiii.INI
2012-03-08 13:35:15 ----D---- C:\Windows\Minidump
2012-02-29 01:52:36 ----D---- C:\Program Files (x86)\MSECache
2012-02-29 01:15:07 ----D---- C:\Output
2012-02-29 01:13:33 ----D---- C:\Program Files (x86)\Free Power Word to Pdf Converter
2012-02-29 01:03:09 ----D---- C:\Program Files (x86)\WordToPDF

======List of files/folders modified in the last 1 month======

2012-03-25 11:14:22 ----RSD---- C:\Windows\assembly
2012-03-25 11:13:43 ----D---- C:\Users\Well\AppData\Roaming\Skype
2012-03-25 11:12:30 ----D---- C:\Users\Well\AppData\Roaming\uTorrent
2012-03-25 11:12:00 ----D---- C:\Windows\Temp
2012-03-25 11:11:57 ----D---- C:\Windows\Microsoft.NET
2012-03-25 11:11:49 ----D---- C:\Windows\winsxs
2012-03-25 11:11:17 ----D---- C:\Windows\system32\config
2012-03-25 11:09:19 ----D---- C:\Windows\SysWOW64
2012-03-25 11:09:19 ----D---- C:\Windows\system32\drivers
2012-03-25 11:09:19 ----D---- C:\Windows\System32
2012-03-25 11:09:19 ----D---- C:\Windows\ehome
2012-03-25 11:09:19 ----D---- C:\Program Files\Common Files\System
2012-03-25 11:09:18 ----D---- C:\Windows\AppPatch
2012-03-25 11:09:17 ----D---- C:\Windows\SYSWOW64\migration
2012-03-25 11:09:17 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-03-25 11:09:17 ----D---- C:\Windows\system32\migration
2012-03-25 11:09:17 ----D---- C:\Windows\system32\cs-CZ
2012-03-25 11:09:17 ----D---- C:\Program Files\Internet Explorer
2012-03-25 11:09:17 ----D---- C:\Program Files (x86)\Internet Explorer
2012-03-25 11:07:16 ----D---- C:\Windows\system32\catroot
2012-03-25 11:06:36 ----SHD---- C:\Windows\Installer
2012-03-25 11:05:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-25 11:05:19 ----D---- C:\Windows\inf
2012-03-25 10:58:38 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-03-25 10:52:39 ----D---- C:\Windows
2012-03-25 10:52:32 ----RD---- C:\Program Files
2012-03-25 10:52:32 ----HD---- C:\ProgramData
2012-03-25 10:49:42 ----D---- C:\Windows\system32\catroot2
2012-03-25 10:45:11 ----SHD---- C:\System Volume Information
2012-03-25 01:07:21 ----D---- C:\Windows\Prefetch
2012-03-25 00:34:58 ----D---- C:\Windows\system32\DriverStore
2012-03-24 13:14:23 ----RD---- C:\Program Files (x86)\Skype
2012-03-24 13:14:23 ----D---- C:\Program Files (x86)\Common Files
2012-03-24 13:14:22 ----D---- C:\ProgramData\Skype
2012-03-11 15:18:37 ----RD---- C:\Program Files (x86)
2012-03-11 14:50:27 ----D---- C:\Windows\system32\Tasks
2012-03-11 14:49:15 ----D---- C:\Temp
2012-03-09 15:19:22 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-03-09 15:17:20 ----D---- C:\ProgramData\NVIDIA
2012-03-04 17:19:46 ----A---- C:\Windows\system32\MRT.exe
2012-02-29 01:08:13 ----D---- C:\Windows\SYSWOW64\lib
2012-02-29 01:08:11 ----D---- C:\Windows\SYSWOW64\fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-18 871408]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-03-07 53080]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-07 819032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-07 337240]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-07 59224]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R2 aksdf;aksdf; C:\Windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-07 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2006-12-04 314368]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-08-23 56320]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-04-26 31232]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
S3 atsebfzg;atsebfzg; C:\Windows\system32\drivers\atsebfzg.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena\safedrv.sys []
S3 mdf15;mdf15; \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mdf15.sys [2010-03-18 12288]
S3 mvd21;mvd21; \??\C:\Program Files (x86)\Clarus\Samsung SecretZone\mvd21.sys [2010-06-14 64512]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 144656]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-10-27 1974080]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-03-22 489256]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-02 1030600]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 136176]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SZASSIST;SecretZone Assist Service; C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-07-30 90112]
S4 WPEServ;soft Xpansion Print2Document; C:\Program Files (x86)\Common Files\WPE\wpeserv.exe [2008-03-17 339968]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen troj

#8 Příspěvek od vyosek »

:arrow: Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

:arrow: Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe
  • Ulozte nejlepe na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
  • Kliknete na Report
  • Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Well
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 25 bře 2012 00:09

Re: MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen troj

#9 Příspěvek od Well »

Vymazány toolbary : Softxpansion, Pandora, Inbox, Daemon

LOG :

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows 7  (64 bit)
PROCESSOR      : Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/03/25 (ISO 8601) at 11:40:37
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __WDC WD5001AALS-00L3B2 (01.03B01)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk2\DR2 __Samsung S2 Portable
BUS_TYPE       : (0x07)  USB
USE_PIO        : NO
MAX_TRANSFER   : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

Device\Harddisk0\DR0	465.8 Go  [Fixed] ==> Possible Whistler MBR Code

MBR_MD5   : C90E4F04F6348130298981C66F7432DC
MBR_SHA1  : 5C4ECB9A92115BD4CD3F6056B1C2671E6BED07F5

Device\Harddisk0\Partition1	97.66 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	368.1 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk2\DR2	298.1 Go  [Fixed] ==> Unknown MBR Code ....

MBR_MD5   : 1C6CE0BB6C1B966EFB9C7DCD995AF503
MBR_SHA1  : 888BA717150BCA0D53101CBC19CDE1B9DE8612B3

Device\Harddisk2\Partition1	298.1 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x031FB000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00B9C000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C12000
SIZE    : 272.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00C6A000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00CC8000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E50000
SIZE    : 656.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00EF4000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spel.sys => Invisible on the disk
ADDRESS : 0x010A2000
SIZE    : 1.20 Mo

DRIVER  : C:\Windows\System32\Drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x011D6000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\SCSIPORT.SYS => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ACPI.sys => Invisible on the disk
ADDRESS : 0x0102F000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\msisadrv.sys => Invisible on the disk
ADDRESS : 0x01086000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x01090000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pci.sys => Invisible on the disk
ADDRESS : 0x00F03000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x011DF000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\volmgr.sys => Invisible on the disk
ADDRESS : 0x00F36000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00F4B000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pciide.sys => Invisible on the disk
ADDRESS : 0x011F4000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x00FA7000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00FB7000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\atapi.sys => Invisible on the disk
ADDRESS : 0x00FD1000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ataport.SYS => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\amdxata.sys => Invisible on the disk
ADDRESS : 0x00E2A000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x00D88000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x00E35000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01242000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x014C4000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01522000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x0153C000
SIZE    : 460.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x015AF000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x015C0000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01672000
SIZE    : 968.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01764000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x017C4000
SIZE    : 172.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 1.99 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x0164A000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\volsnap.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x0165A000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x0144C000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01486000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01662000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x01498000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x015CA000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x00DD4000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswSnx.SYS => Invisible on the disk
ADDRESS : 0x02C0C000
SIZE    : 820.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x02CD9000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x02CE2000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x02CE9000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x02CF7000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x02D1C000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x02D2C000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x02D35000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x02D3E000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x02D47000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x02D52000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x02D63000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x02D81000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswTdi.SYS => Invisible on the disk
ADDRESS : 0x02D8E000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x03A27000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswrdr2.sys => Invisible on the disk
ADDRESS : 0x03AB0000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x03AC0000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x03B05000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x03B0E000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x03B34000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk
ADDRESS : 0x03B43000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x03B60000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x03B7B000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x03B8F000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x03BE0000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x03BEC000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x03A00000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x03C2B000
SIZE    : 524.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x03CAE000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x03CCC000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswSP.SYS => Invisible on the disk
ADDRESS : 0x03CDD000
SIZE    : 352.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x03D35000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x03D5B000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nvlddmkm.sys => Invisible on the disk
ADDRESS : 0x0FEA4000
SIZE    : 12.46 Mo

DRIVER  : C:\Windows\System32\Drivers\nvBridge.kmd => Invisible on the disk
ADDRESS : 0x10B1B000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x03E22000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x03F16000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbuhci.sys => Invisible on the disk
ADDRESS : 0x03F5C000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x03F69000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x03FBF000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x03FD0000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\L1E62x64.sys => Invisible on the disk
ADDRESS : 0x03E00000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\1394ohci.sys => Invisible on the disk
ADDRESS : 0x10B1D000
SIZE    : 248.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\fdc.sys => Invisible on the disk
ADDRESS : 0x03E12000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ASACPI.sys => Invisible on the disk
ADDRESS : 0x03FF4000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk
ADDRESS : 0x10B5B000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x10B67000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x10B85000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\System32\Drivers\atsebfzg.SYS => Invisible on the disk
ADDRESS : 0x10B94000
SIZE    : 272.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x10BD8000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x10BE8000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x0FE00000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x0FE24000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x0FE30000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x0FE5F000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x0FE7A000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x03D71000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tap0901.sys => Invisible on the disk
ADDRESS : 0x03D8B000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hamachi.sys => Invisible on the disk
ADDRESS : 0x03D98000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x03DA3000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x03DAE000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the disk
ADDRESS : 0x03FFC000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x03DBD000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x03C00000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x02DA0000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\flpydisk.sys => Invisible on the disk
ADDRESS : 0x03C12000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x03A0F000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\HdAudio.sys => Invisible on the disk
ADDRESS : 0x0520C000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x05268000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x052A5000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x052C7000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00030000
SIZE    : 3.08 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x052CD000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x052D9000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x052E7000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0x052F3000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x052FC000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x0530F000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x0532C000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbscan.sys => Invisible on the disk
ADDRESS : 0x0532E000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbprint.sys => Invisible on the disk
ADDRESS : 0x0533F000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk
ADDRESS : 0x0534B000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x05366000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x05374000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x05382000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x0539B000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x053A4000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbdhid.sys => Invisible on the disk
ADDRESS : 0x053B1000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00520000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00640000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x053BF000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\drivers\aswMonFlt.sys => Invisible on the disk
ADDRESS : 0x034BA000
SIZE    : 220.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswFsBlk.SYS => Invisible on the disk
ADDRESS : 0x034F1000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x034FA000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x0351B000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x03530000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x05C7D000
SIZE    : 800.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x05D45000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x05D63000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x05D7B000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x05DA8000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x05C00000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\aksdf.sys => Invisible on the disk
ADDRESS : 0x05C23000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x05C33000
SIZE    : 216.0 Ko

DRIVER  : C:\Windows\system32\drivers\hardlock.sys => Invisible on the disk
ADDRESS : 0x03548000
SIZE    : 308.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x03400000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x05C69000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x03595000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x035C2000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x0645C000
SIZE    : 412.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x064C3000
SIZE    : 596.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x06560000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47680000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   31 C0 8E D8 8E C0 8E D0 BC 00 7C BE 00 7C BF 00   1À.Ø.À.м.|¾.|¿.
0x00000010   06 B9 80 00 66 52 66 BA 37 03 00 00 66 5A FC F3   .¹..fRfº7...fZüó
0x00000020   66 A5 90 EA 28 06 00 00 66 31 C0 BE BE 07 B1 04   f¥.ê(...f1À¾¾.±.
0x00000030   66 57 66 5F 66 39 44 08 72 08 66 8B 44 08 66 03   fWf_f9D.r.f.D.f.
0x00000040   44 0C 83 C6 10 83 2E 92 06 04 E2 E8 66 09 C0 74   D..Æ......âèf.Àt
0x00000050   4E 66 83 C0 02 B9 40 00 BB 00 7C BF 1E 07 83 2E   Nf.À.¹@.».|¿....
0x00000060   92 06 04 E8 84 00 72 37 66 68 83 C4 14 90 66 91   ...è..r7fh.Ä..f.
0x00000070   66 51 66 50 66 59 66 58 66 68 04 46 E2 F9 66 68   fQfPfYfXfh.Fâùfh
0x00000080   80 FF D7 30 66 68 89 C3 B9 00 66 68 BE 00 7C 66   ..×0fh.ù.fh¾.|f
0x00000090   0F 83 6C 75 66 52 66 BA 37 03 00 00 66 5A E8 BE   ..lufRfº7...fZè¾
0x000000A0   BE 07 B1 04 80 3C 80 74 17 38 2C 0F 85 A7 00 83   ¾.±..<.t.8,..§..
0x000000B0   C6 10 E2 F0 66 91 66 51 66 50 66 59 66 58 CD 18   Æ.âðf.fQfPfYfXÍ.
0x000000C0   66 8B 44 08 89 E3 B9 01 00 E8 1E 00 73 0D 8B 4C   f.D..ã¹..è..s..L
0x000000D0   02 B8 01 02 CD 13 90 0F 82 96 00 81 3E FE 7D 55   .¸..Í.......>þ}U
0x000000E0   AA 0F 85 AE 00 EA 00 7C 00 00 66 60 BB AA 55 B4   ª..®.ê.|..f`»ªU´
0x000000F0   41 CD 13 73 04 F9 66 61 C3 81 FB 55 AA 75 F6 F6   AÍ.s.ùfaÃ.ûUªuöö
0x00000100   C1 01 74 F1 66 61 66 60 90 6A 00 6A 00 66 50 06   Á.tñfaf`.j.j.fP.
0x00000110   53 51 6A 10 B4 42 89 E6 CD 13 61 66 61 C3 66 69   SQj.´B.æÍ.afaÃfi
0x00000120   DB FD 43 03 00 66 81 C3 C3 9E 26 00 66 89 D8 66   ÛýC..f.ÃÃ.&.f.Øf
0x00000130   C1 E8 10 66 25 FF 00 00 00 C3 66 52 66 BA 37 03   Áè.f%....ÃfRfº7.
0x00000140   00 00 66 5A 5E AC 08 C0 74 FC 56 1E BB 07 00 B4   ..fZ^¬.ÀtüV.»..´
0x00000150   0E CD 10 1F EB E4 E8 E1 FF 49 6E 76 61 6C 69 64   .Í..ëäèá.Invalid
0x00000160   20 70 61 72 74 69 74 69 6F 6E 20 74 61 62 6C 65    partition table
0x00000170   00 E8 C6 FF 45 72 72 6F 72 20 6C 6F 61 64 69 6E   .èÆ.Error loadin
0x00000180   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000190   65 6D 00 E8 A4 FF 4D 69 73 73 69 6E 67 20 6F 70   em.è¤.Missing op
0x000001A0   65 72 61 74 69 6E 67 20 73 79 73 74 65 6D 00 00   erating system..
0x000001B0   00 00 00 00 00 00 00 00 3A 26 3B 26 00 00 80 20   ........:&;&... 
0x000001C0   21 00 07 FE FF FF 00 08 00 00 00 00 35 0C 00 FE   !..þ........5..þ
0x000001D0   FF FF 07 FE FF FF 00 08 35 0C 00 50 03 2E 00 00   ...þ....5..P....
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

_______MBR   \Device\Harddisk2\DR2  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.м.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C EB 1A 90 BB 00 7C   .w#r.9F.s.ë..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 46 69 11 C2 00 00 80 01   .....,DcFi.Â....
0x000001C0   02 00 07 FE FF FF 40 00 00 00 81 D6 42 25 00 00   ...þ..@....ÖB%..
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen troj

#10 Příspěvek od vyosek »

:arrow: Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
  • Kliknete na volbu Change parametrs
  • V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
  • Kliknete na OK
  • Utilite prikazte, at skenuje - klik na Start Scan
  • Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
  • Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
  • Pokud mate vsude Skip, kliknete na Continue
  • Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Well
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 25 bře 2012 00:09

Re: MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen troj

#11 Příspěvek od Well »

11:54:14.0160 6068 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
11:54:14.0230 6068 ============================================================
11:54:14.0230 6068 Current date / time: 2012/03/25 11:54:14.0230
11:54:14.0230 6068 SystemInfo:
11:54:14.0230 6068
11:54:14.0230 6068 OS Version: 6.1.7600 ServicePack: 0.0
11:54:14.0230 6068 Product type: Workstation
11:54:14.0230 6068 ComputerName: WELL-PC
11:54:14.0230 6068 UserName: Well
11:54:14.0230 6068 Windows directory: C:\Windows
11:54:14.0230 6068 System windows directory: C:\Windows
11:54:14.0230 6068 Running under WOW64
11:54:14.0230 6068 Processor architecture: Intel x64
11:54:14.0230 6068 Number of processors: 2
11:54:14.0230 6068 Page size: 0x1000
11:54:14.0230 6068 Boot type: Normal boot
11:54:14.0230 6068 ============================================================
11:54:15.0112 6068 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:54:15.0142 6068 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:54:17.0015 6068 \Device\Harddisk0\DR0:
11:54:17.0015 6068 MBR used
11:54:17.0015 6068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000
11:54:17.0015 6068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E035000
11:54:17.0015 6068 \Device\Harddisk2\DR2:
11:54:17.0015 6068 MBR used
11:54:17.0015 6068 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x2542D681
11:54:17.0090 6068 Initialize success
11:54:17.0090 6068 ============================================================
11:54:41.0142 3700 ============================================================
11:54:41.0142 3700 Scan started
11:54:41.0142 3700 Mode: Manual; SigCheck; TDLFS;
11:54:41.0142 3700 ============================================================
11:54:42.0314 3700 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:54:42.0377 3700 1394ohci - ok
11:54:42.0394 3700 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:54:42.0409 3700 ACPI - ok
11:54:42.0422 3700 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:54:42.0439 3700 AcpiPmi - ok
11:54:42.0477 3700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:54:42.0494 3700 adp94xx - ok
11:54:42.0509 3700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:54:42.0524 3700 adpahci - ok
11:54:42.0542 3700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:54:42.0554 3700 adpu320 - ok
11:54:42.0579 3700 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:54:42.0614 3700 AeLookupSvc - ok
11:54:42.0657 3700 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
11:54:42.0694 3700 AFD - ok
11:54:42.0707 3700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:54:42.0717 3700 agp440 - ok
11:54:42.0762 3700 aksdf (bc569a6c209d94f6643ee35710aec1f6) C:\Windows\system32\DRIVERS\aksdf.sys
11:54:42.0782 3700 aksdf - ok
11:54:42.0799 3700 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:54:42.0822 3700 ALG - ok
11:54:42.0837 3700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:54:42.0847 3700 aliide - ok
11:54:42.0864 3700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:54:42.0874 3700 amdide - ok
11:54:42.0899 3700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:54:42.0914 3700 AmdK8 - ok
11:54:42.0927 3700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:54:42.0949 3700 AmdPPM - ok
11:54:42.0967 3700 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
11:54:42.0979 3700 amdsata - ok
11:54:42.0997 3700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:54:43.0009 3700 amdsbs - ok
11:54:43.0024 3700 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
11:54:43.0034 3700 amdxata - ok
11:54:43.0052 3700 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:54:43.0069 3700 AppID - ok
11:54:43.0082 3700 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:54:43.0122 3700 AppIDSvc - ok
11:54:43.0147 3700 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
11:54:43.0167 3700 Appinfo - ok
11:54:43.0207 3700 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:54:43.0232 3700 AppMgmt - ok
11:54:43.0247 3700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:54:43.0259 3700 arc - ok
11:54:43.0272 3700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:54:43.0282 3700 arcsas - ok
11:54:43.0359 3700 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:54:43.0367 3700 aspnet_state - ok
11:54:43.0414 3700 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
11:54:43.0434 3700 aswFsBlk - ok
11:54:43.0479 3700 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
11:54:43.0487 3700 aswMonFlt - ok
11:54:43.0532 3700 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
11:54:43.0539 3700 aswRdr - ok
11:54:43.0582 3700 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
11:54:43.0604 3700 aswSnx - ok
11:54:43.0627 3700 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
11:54:43.0642 3700 aswSP - ok
11:54:43.0664 3700 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
11:54:43.0672 3700 aswTdi - ok
11:54:43.0689 3700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:54:43.0719 3700 AsyncMac - ok
11:54:43.0734 3700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:54:43.0744 3700 atapi - ok
11:54:43.0782 3700 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:54:43.0822 3700 AudioEndpointBuilder - ok
11:54:43.0829 3700 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:54:43.0862 3700 AudioSrv - ok
11:54:43.0919 3700 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:54:43.0927 3700 avast! Antivirus - ok
11:54:43.0959 3700 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
11:54:43.0977 3700 AxInstSV - ok
11:54:44.0009 3700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:54:44.0039 3700 b06bdrv - ok
11:54:44.0069 3700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:54:44.0097 3700 b57nd60a - ok
11:54:44.0114 3700 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:54:44.0132 3700 BDESVC - ok
11:54:44.0152 3700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:54:44.0187 3700 Beep - ok
11:54:44.0229 3700 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
11:54:44.0272 3700 BFE - ok
11:54:44.0312 3700 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
11:54:44.0352 3700 BITS - ok
11:54:44.0374 3700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:54:44.0389 3700 blbdrive - ok
11:54:44.0424 3700 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:54:44.0454 3700 bowser - ok
11:54:44.0477 3700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:54:44.0499 3700 BrFiltLo - ok
11:54:44.0509 3700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:54:44.0524 3700 BrFiltUp - ok
11:54:44.0539 3700 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
11:54:44.0577 3700 Browser - ok
11:54:44.0597 3700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:54:44.0617 3700 Brserid - ok
11:54:44.0632 3700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:54:44.0655 3700 BrSerWdm - ok
11:54:44.0670 3700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:54:44.0685 3700 BrUsbMdm - ok
11:54:44.0697 3700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:54:44.0715 3700 BrUsbSer - ok
11:54:44.0727 3700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:54:44.0742 3700 BTHMODEM - ok
11:54:44.0770 3700 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:54:44.0807 3700 bthserv - ok
11:54:44.0830 3700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:54:44.0867 3700 cdfs - ok
11:54:44.0887 3700 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:54:44.0915 3700 cdrom - ok
11:54:44.0940 3700 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:54:44.0972 3700 CertPropSvc - ok
11:54:45.0000 3700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:54:45.0022 3700 circlass - ok
11:54:45.0037 3700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:54:45.0055 3700 CLFS - ok
11:54:45.0100 3700 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:54:45.0110 3700 clr_optimization_v2.0.50727_32 - ok
11:54:45.0172 3700 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:54:45.0205 3700 clr_optimization_v2.0.50727_64 - ok
11:54:45.0312 3700 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:54:45.0337 3700 clr_optimization_v4.0.30319_32 - ok
11:54:45.0387 3700 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:54:45.0397 3700 clr_optimization_v4.0.30319_64 - ok
11:54:45.0422 3700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:54:45.0435 3700 CmBatt - ok
11:54:45.0450 3700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:54:45.0462 3700 cmdide - ok
11:54:45.0500 3700 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
11:54:45.0542 3700 CNG - ok
11:54:45.0555 3700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:54:45.0565 3700 Compbatt - ok
11:54:45.0585 3700 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:54:45.0605 3700 CompositeBus - ok
11:54:45.0615 3700 COMSysApp - ok
11:54:45.0635 3700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:54:45.0645 3700 crcdisk - ok
11:54:45.0677 3700 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
11:54:45.0715 3700 CryptSvc - ok
11:54:45.0750 3700 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
11:54:45.0775 3700 CSC - ok
11:54:45.0797 3700 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
11:54:45.0825 3700 CscService - ok
11:54:45.0855 3700 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:54:45.0895 3700 DcomLaunch - ok
11:54:45.0910 3700 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:54:45.0947 3700 defragsvc - ok
11:54:45.0972 3700 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:54:45.0985 3700 DfsC - ok
11:54:46.0012 3700 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
11:54:46.0030 3700 Dhcp - ok
11:54:46.0052 3700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:54:46.0090 3700 discache - ok
11:54:46.0110 3700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:54:46.0122 3700 Disk - ok
11:54:46.0152 3700 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
11:54:46.0182 3700 Dnscache - ok
11:54:46.0200 3700 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
11:54:46.0230 3700 dot3svc - ok
11:54:46.0247 3700 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
11:54:46.0280 3700 DPS - ok
11:54:46.0307 3700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:54:46.0322 3700 drmkaud - ok
11:54:46.0365 3700 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:54:46.0390 3700 DXGKrnl - ok
11:54:46.0395 3700 eamonm - ok
11:54:46.0417 3700 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:54:46.0455 3700 EapHost - ok
11:54:46.0517 3700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:54:46.0597 3700 ebdrv - ok
11:54:46.0622 3700 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
11:54:46.0655 3700 EFS - ok
11:54:46.0695 3700 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
11:54:46.0727 3700 ehRecvr - ok
11:54:46.0737 3700 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:54:46.0752 3700 ehSched - ok
11:54:46.0782 3700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:54:46.0800 3700 elxstor - ok
11:54:46.0815 3700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:54:46.0832 3700 ErrDev - ok
11:54:46.0862 3700 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:54:46.0907 3700 EventSystem - ok
11:54:46.0925 3700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:54:46.0955 3700 exfat - ok
11:54:46.0970 3700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:54:47.0010 3700 fastfat - ok
11:54:47.0032 3700 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
11:54:47.0060 3700 Fax - ok
11:54:47.0077 3700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:54:47.0090 3700 fdc - ok
11:54:47.0102 3700 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:54:47.0137 3700 fdPHost - ok
11:54:47.0147 3700 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:54:47.0175 3700 FDResPub - ok
11:54:47.0182 3700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:54:47.0195 3700 FileInfo - ok
11:54:47.0210 3700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:54:47.0237 3700 Filetrace - ok
11:54:47.0315 3700 FLEXnet Licensing Service 64 (259dc094e2d3f08654c8fb73d8ecc0f5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
11:54:47.0337 3700 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - warning
11:54:47.0337 3700 FLEXnet Licensing Service 64 - detected UnsignedFile.Multi.Generic (1)
11:54:47.0350 3700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:54:47.0360 3700 flpydisk - ok
11:54:47.0385 3700 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:54:47.0400 3700 FltMgr - ok
11:54:47.0445 3700 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
11:54:47.0487 3700 FontCache - ok
11:54:47.0535 3700 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:54:47.0545 3700 FontCache3.0.0.0 - ok
11:54:47.0557 3700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:54:47.0567 3700 FsDepends - ok
11:54:47.0582 3700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:54:47.0592 3700 Fs_Rec - ok
11:54:47.0630 3700 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:54:47.0645 3700 fvevol - ok
11:54:47.0667 3700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:54:47.0680 3700 gagp30kx - ok
11:54:47.0722 3700 GGSAFERDriver - ok
11:54:47.0752 3700 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
11:54:47.0787 3700 gpsvc - ok
11:54:47.0830 3700 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:54:47.0840 3700 gupdate - ok
11:54:47.0862 3700 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:54:47.0872 3700 gupdatem - ok
11:54:47.0897 3700 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:54:47.0907 3700 hamachi - ok
11:54:47.0970 3700 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
11:54:48.0027 3700 Hamachi2Svc - ok
11:54:48.0080 3700 Hardlock (d8bf3c594bd17a37960362e6c6739b90) C:\Windows\system32\drivers\hardlock.sys
11:54:48.0095 3700 Hardlock - ok
11:54:48.0110 3700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:54:48.0137 3700 hcw85cir - ok
11:54:48.0167 3700 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:54:48.0195 3700 HdAudAddService - ok
11:54:48.0212 3700 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:54:48.0240 3700 HDAudBus - ok
11:54:48.0255 3700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:54:48.0272 3700 HidBatt - ok
11:54:48.0287 3700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:54:48.0307 3700 HidBth - ok
11:54:48.0320 3700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:54:48.0345 3700 HidIr - ok
11:54:48.0372 3700 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:54:48.0410 3700 hidserv - ok
11:54:48.0435 3700 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:54:48.0450 3700 HidUsb - ok
11:54:48.0465 3700 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
11:54:48.0500 3700 hkmsvc - ok
11:54:48.0525 3700 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
11:54:48.0547 3700 HomeGroupListener - ok
11:54:48.0570 3700 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
11:54:48.0587 3700 HomeGroupProvider - ok
11:54:48.0602 3700 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:54:48.0612 3700 HpSAMD - ok
11:54:48.0645 3700 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:54:48.0682 3700 HTTP - ok
11:54:48.0695 3700 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:54:48.0705 3700 hwpolicy - ok
11:54:48.0717 3700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:54:48.0730 3700 i8042prt - ok
11:54:48.0750 3700 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
11:54:48.0765 3700 iaStorV - ok
11:54:48.0835 3700 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:54:48.0857 3700 idsvc - ok
11:54:48.0875 3700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:54:48.0885 3700 iirsp - ok
11:54:48.0917 3700 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
11:54:48.0962 3700 IKEEXT - ok
11:54:48.0980 3700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:54:48.0990 3700 intelide - ok
11:54:49.0015 3700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:54:49.0037 3700 intelppm - ok
11:54:49.0055 3700 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:54:49.0092 3700 IPBusEnum - ok
11:54:49.0110 3700 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:54:49.0137 3700 IpFilterDriver - ok
11:54:49.0160 3700 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
11:54:49.0195 3700 iphlpsvc - ok
11:54:49.0212 3700 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:54:49.0227 3700 IPMIDRV - ok
11:54:49.0242 3700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:54:49.0285 3700 IPNAT - ok
11:54:49.0332 3700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:54:49.0350 3700 IRENUM - ok
11:54:49.0365 3700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:54:49.0377 3700 isapnp - ok
11:54:49.0400 3700 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:54:49.0412 3700 iScsiPrt - ok
11:54:49.0435 3700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:54:49.0445 3700 kbdclass - ok
11:54:49.0465 3700 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:54:49.0480 3700 kbdhid - ok
11:54:49.0505 3700 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:54:49.0517 3700 KeyIso - ok
11:54:49.0535 3700 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
11:54:49.0547 3700 KSecDD - ok
11:54:49.0565 3700 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
11:54:49.0577 3700 KSecPkg - ok
11:54:49.0592 3700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:54:49.0625 3700 ksthunk - ok
11:54:49.0655 3700 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:54:49.0700 3700 KtmRm - ok
11:54:49.0727 3700 L1E (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys
11:54:49.0750 3700 L1E - ok
11:54:49.0790 3700 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
11:54:49.0810 3700 LanmanServer - ok
11:54:49.0832 3700 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
11:54:49.0875 3700 LanmanWorkstation - ok
11:54:49.0892 3700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:54:49.0920 3700 lltdio - ok
11:54:49.0942 3700 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:54:49.0972 3700 lltdsvc - ok
11:54:49.0987 3700 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:54:50.0015 3700 lmhosts - ok
11:54:50.0042 3700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:54:50.0055 3700 LSI_FC - ok
11:54:50.0070 3700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:54:50.0080 3700 LSI_SAS - ok
11:54:50.0092 3700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:54:50.0105 3700 LSI_SAS2 - ok
11:54:50.0125 3700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:54:50.0137 3700 LSI_SCSI - ok
11:54:50.0160 3700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:54:50.0195 3700 luafv - ok
11:54:50.0222 3700 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
11:54:50.0242 3700 Mcx2Svc - ok
11:54:50.0345 3700 mdf15 (5264306c82ed8b51cc8273f377976e3c) C:\Program Files (x86)\Clarus\Samsung SecretZone\mdf15.sys
11:54:50.0350 3700 mdf15 ( UnsignedFile.Multi.Generic ) - warning
11:54:50.0350 3700 mdf15 - detected UnsignedFile.Multi.Generic (1)
11:54:50.0365 3700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:54:50.0375 3700 megasas - ok
11:54:50.0392 3700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:54:50.0410 3700 MegaSR - ok
11:54:50.0437 3700 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:54:50.0447 3700 Microsoft Office Groove Audit Service - ok
11:54:50.0462 3700 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:54:50.0497 3700 MMCSS - ok
11:54:50.0515 3700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:54:50.0545 3700 Modem - ok
11:54:50.0565 3700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:54:50.0580 3700 monitor - ok
11:54:50.0600 3700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:54:50.0610 3700 mouclass - ok
11:54:50.0632 3700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:54:50.0645 3700 mouhid - ok
11:54:50.0660 3700 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:54:50.0695 3700 mountmgr - ok
11:54:50.0732 3700 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:54:50.0742 3700 mpio - ok
11:54:50.0757 3700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:54:50.0785 3700 mpsdrv - ok
11:54:50.0825 3700 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
11:54:50.0862 3700 MpsSvc - ok
11:54:50.0880 3700 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:54:50.0907 3700 MRxDAV - ok
11:54:50.0935 3700 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:54:50.0947 3700 mrxsmb - ok
11:54:50.0972 3700 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:54:50.0987 3700 mrxsmb10 - ok
11:54:51.0002 3700 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:54:51.0030 3700 mrxsmb20 - ok
11:54:51.0047 3700 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:54:51.0057 3700 msahci - ok
11:54:51.0075 3700 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:54:51.0087 3700 msdsm - ok
11:54:51.0100 3700 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:54:51.0125 3700 MSDTC - ok
11:54:51.0152 3700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:54:51.0182 3700 Msfs - ok
11:54:51.0192 3700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:54:51.0227 3700 mshidkmdf - ok
11:54:51.0240 3700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:54:51.0250 3700 msisadrv - ok
11:54:51.0275 3700 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:54:51.0307 3700 MSiSCSI - ok
11:54:51.0312 3700 msiserver - ok
11:54:51.0340 3700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:54:51.0377 3700 MSKSSRV - ok
11:54:51.0392 3700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:54:51.0422 3700 MSPCLOCK - ok
11:54:51.0435 3700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:54:51.0470 3700 MSPQM - ok
11:54:51.0485 3700 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:54:51.0502 3700 MsRPC - ok
11:54:51.0520 3700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:54:51.0532 3700 mssmbios - ok
11:54:51.0547 3700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:54:51.0582 3700 MSTEE - ok
11:54:51.0595 3700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:54:51.0620 3700 MTConfig - ok
11:54:51.0660 3700 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
11:54:51.0670 3700 MTsensor - ok
11:54:51.0685 3700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:54:51.0695 3700 Mup - ok
11:54:51.0747 3700 mvd21 (2ffe3b3bebc8570b111aaaa5befeabcc) C:\Program Files (x86)\Clarus\Samsung SecretZone\mvd21.sys
11:54:51.0757 3700 mvd21 ( UnsignedFile.Multi.Generic ) - warning
11:54:51.0757 3700 mvd21 - detected UnsignedFile.Multi.Generic (1)
11:54:51.0790 3700 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
11:54:51.0822 3700 napagent - ok
11:54:51.0850 3700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:54:51.0877 3700 NativeWifiP - ok
11:54:51.0907 3700 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:54:51.0930 3700 NDIS - ok
11:54:51.0942 3700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:54:51.0972 3700 NdisCap - ok
11:54:51.0992 3700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:54:52.0030 3700 NdisTapi - ok
11:54:52.0042 3700 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:54:52.0085 3700 Ndisuio - ok
11:54:52.0102 3700 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:54:52.0132 3700 NdisWan - ok
11:54:52.0142 3700 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:54:52.0172 3700 NDProxy - ok
11:54:52.0285 3700 Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
11:54:52.0307 3700 Nero BackItUp Scheduler 3 - ok
11:54:52.0320 3700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:54:52.0355 3700 NetBIOS - ok
11:54:52.0372 3700 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:54:52.0415 3700 NetBT - ok
11:54:52.0437 3700 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:54:52.0452 3700 Netlogon - ok
11:54:52.0485 3700 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:54:52.0517 3700 Netman - ok
11:54:52.0567 3700 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:54:52.0577 3700 NetMsmqActivator - ok
11:54:52.0582 3700 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:54:52.0592 3700 NetPipeActivator - ok
11:54:52.0610 3700 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:54:52.0652 3700 netprofm - ok
11:54:52.0660 3700 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:54:52.0670 3700 NetTcpActivator - ok
11:54:52.0672 3700 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:54:52.0682 3700 NetTcpPortSharing - ok
11:54:52.0705 3700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:54:52.0715 3700 nfrd960 - ok
11:54:52.0735 3700 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
11:54:52.0777 3700 NlaSvc - ok
11:54:52.0865 3700 NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
11:54:52.0880 3700 NMIndexingService - ok
11:54:52.0895 3700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:54:52.0922 3700 Npfs - ok
11:54:52.0932 3700 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:54:52.0960 3700 nsi - ok
11:54:52.0967 3700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:54:53.0005 3700 nsiproxy - ok
11:54:53.0050 3700 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
11:54:53.0085 3700 Ntfs - ok
11:54:53.0100 3700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:54:53.0135 3700 Null - ok
11:54:53.0357 3700 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:54:53.0635 3700 nvlddmkm - ok
11:54:53.0667 3700 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
11:54:53.0680 3700 nvraid - ok
11:54:53.0697 3700 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
11:54:53.0707 3700 nvstor - ok
11:54:53.0772 3700 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
11:54:53.0805 3700 nvsvc - ok
11:54:53.0875 3700 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:54:53.0920 3700 nvUpdatusService - ok
11:54:53.0945 3700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:54:53.0955 3700 nv_agp - ok
11:54:54.0022 3700 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:54:54.0037 3700 odserv - ok
11:54:54.0052 3700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:54:54.0070 3700 ohci1394 - ok
11:54:54.0092 3700 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:54:54.0102 3700 ose - ok
11:54:54.0130 3700 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:54:54.0152 3700 p2pimsvc - ok
11:54:54.0185 3700 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:54:54.0202 3700 p2psvc - ok
11:54:54.0217 3700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:54:54.0232 3700 Parport - ok
11:54:54.0245 3700 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:54:54.0255 3700 partmgr - ok
11:54:54.0275 3700 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:54:54.0302 3700 PcaSvc - ok
11:54:54.0312 3700 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:54:54.0325 3700 pci - ok
11:54:54.0337 3700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:54:54.0347 3700 pciide - ok
11:54:54.0362 3700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:54:54.0377 3700 pcmcia - ok
11:54:54.0397 3700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:54:54.0407 3700 pcw - ok
11:54:54.0430 3700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:54:54.0472 3700 PEAUTH - ok
11:54:54.0520 3700 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:54:54.0570 3700 PeerDistSvc - ok
11:54:54.0605 3700 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:54:54.0632 3700 PerfHost - ok
11:54:54.0680 3700 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
11:54:54.0737 3700 pla - ok
11:54:54.0772 3700 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\SysWOW64\IoctlSvc.exe
11:54:54.0777 3700 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
11:54:54.0777 3700 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
11:54:54.0807 3700 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
11:54:54.0825 3700 PlugPlay - ok
11:54:54.0840 3700 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:54:54.0860 3700 PNRPAutoReg - ok
11:54:54.0880 3700 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:54:54.0895 3700 PNRPsvc - ok
11:54:54.0925 3700 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
11:54:54.0960 3700 PolicyAgent - ok
11:54:55.0005 3700 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:54:55.0035 3700 Power - ok
11:54:55.0070 3700 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:54:55.0100 3700 PptpMiniport - ok
11:54:55.0112 3700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:54:55.0132 3700 Processor - ok
11:54:55.0150 3700 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
11:54:55.0182 3700 ProfSvc - ok
11:54:55.0205 3700 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:54:55.0227 3700 ProtectedStorage - ok
11:54:55.0247 3700 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:54:55.0277 3700 Psched - ok
11:54:55.0315 3700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:54:55.0347 3700 ql2300 - ok
11:54:55.0420 3700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:54:55.0460 3700 ql40xx - ok
11:54:55.0480 3700 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:54:55.0497 3700 QWAVE - ok
11:54:55.0512 3700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:54:55.0535 3700 QWAVEdrv - ok
11:54:55.0552 3700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:54:55.0580 3700 RasAcd - ok
11:54:55.0595 3700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:54:55.0625 3700 RasAgileVpn - ok
11:54:55.0642 3700 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:54:55.0675 3700 RasAuto - ok
11:54:55.0692 3700 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:54:55.0735 3700 Rasl2tp - ok
11:54:55.0755 3700 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
11:54:55.0797 3700 RasMan - ok
11:54:55.0807 3700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:54:55.0835 3700 RasPppoe - ok
11:54:55.0852 3700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:54:55.0892 3700 RasSstp - ok
11:54:55.0907 3700 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:54:55.0945 3700 rdbss - ok
11:54:55.0960 3700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:54:55.0987 3700 rdpbus - ok
11:54:56.0002 3700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:54:56.0030 3700 RDPCDD - ok
11:54:56.0057 3700 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
11:54:56.0082 3700 RDPDR - ok
11:54:56.0092 3700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:54:56.0122 3700 RDPENCDD - ok
11:54:56.0137 3700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:54:56.0165 3700 RDPREFMP - ok
11:54:56.0192 3700 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
11:54:56.0215 3700 RDPWD - ok
11:54:56.0232 3700 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:54:56.0247 3700 rdyboost - ok
11:54:56.0272 3700 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:54:56.0315 3700 RemoteAccess - ok
11:54:56.0340 3700 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:54:56.0382 3700 RemoteRegistry - ok
11:54:56.0400 3700 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:54:56.0432 3700 RpcEptMapper - ok
11:54:56.0457 3700 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:54:56.0470 3700 RpcLocator - ok
11:54:56.0495 3700 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:54:56.0527 3700 RpcSs - ok
11:54:56.0545 3700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:54:56.0585 3700 rspndr - ok
11:54:56.0677 3700 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
11:54:56.0695 3700 s3cap - ok
11:54:56.0722 3700 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:54:56.0735 3700 SamSs - ok
11:54:56.0752 3700 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:54:56.0762 3700 sbp2port - ok
11:54:56.0772 3700 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:54:56.0805 3700 SCardSvr - ok
11:54:56.0820 3700 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:54:56.0857 3700 scfilter - ok
11:54:56.0897 3700 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
11:54:56.0942 3700 Schedule - ok
11:54:56.0965 3700 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:54:56.0992 3700 SCPolicySvc - ok
11:54:57.0015 3700 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
11:54:57.0042 3700 SDRSVC - ok
11:54:57.0060 3700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:54:57.0087 3700 secdrv - ok
11:54:57.0100 3700 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
11:54:57.0130 3700 seclogon - ok
11:54:57.0152 3700 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:54:57.0185 3700 SENS - ok
11:54:57.0202 3700 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:54:57.0217 3700 SensrSvc - ok
11:54:57.0237 3700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:54:57.0257 3700 Serenum - ok
11:54:57.0272 3700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:54:57.0287 3700 Serial - ok
11:54:57.0305 3700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:54:57.0330 3700 sermouse - ok
11:54:57.0350 3700 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
11:54:57.0380 3700 SessionEnv - ok
11:54:57.0397 3700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:54:57.0420 3700 sffdisk - ok
11:54:57.0432 3700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:54:57.0447 3700 sffp_mmc - ok
11:54:57.0462 3700 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:54:57.0477 3700 sffp_sd - ok
11:54:57.0490 3700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:54:57.0502 3700 sfloppy - ok
11:54:57.0537 3700 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:54:57.0580 3700 SharedAccess - ok
11:54:57.0595 3700 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
11:54:57.0635 3700 ShellHWDetection - ok
11:54:57.0662 3700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:54:57.0672 3700 SiSRaid2 - ok
11:54:57.0692 3700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:54:57.0702 3700 SiSRaid4 - ok
11:54:57.0750 3700 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:54:57.0760 3700 SkypeUpdate - ok
11:54:57.0782 3700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:54:57.0810 3700 Smb - ok
11:54:57.0832 3700 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:54:57.0845 3700 SNMPTRAP - ok
11:54:57.0865 3700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:54:57.0875 3700 spldr - ok
11:54:57.0915 3700 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
11:54:57.0947 3700 Spooler - ok
11:54:58.0012 3700 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
11:54:58.0092 3700 sppsvc - ok
11:54:58.0112 3700 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:54:58.0142 3700 sppuinotify - ok
11:54:58.0187 3700 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
11:54:58.0187 3700 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
11:54:58.0187 3700 sptd ( LockedFile.Multi.Generic ) - warning
11:54:58.0190 3700 sptd - detected LockedFile.Multi.Generic (1)
11:54:58.0220 3700 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:54:58.0247 3700 srv - ok
11:54:58.0272 3700 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:54:58.0297 3700 srv2 - ok
11:54:58.0320 3700 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:54:58.0347 3700 srvnet - ok
11:54:58.0387 3700 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
11:54:58.0397 3700 ssadbus - ok
11:54:58.0420 3700 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:54:58.0427 3700 ssadmdfl - ok
11:54:58.0447 3700 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
11:54:58.0457 3700 ssadmdm - ok
11:54:58.0477 3700 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:54:58.0517 3700 SSDPSRV - ok
11:54:58.0532 3700 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:54:58.0562 3700 SstpSvc - ok
11:54:58.0590 3700 StarOpen - ok
11:54:58.0637 3700 Steam Client Service - ok
11:54:58.0662 3700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:54:58.0672 3700 stexstor - ok
11:54:58.0707 3700 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
11:54:58.0730 3700 stisvc - ok
11:54:58.0752 3700 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
11:54:58.0762 3700 storflt - ok
11:54:58.0782 3700 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
11:54:58.0792 3700 storvsc - ok
11:54:58.0805 3700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:54:58.0815 3700 swenum - ok
11:54:58.0877 3700 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:54:58.0895 3700 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
11:54:58.0895 3700 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
11:54:58.0917 3700 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:54:58.0960 3700 swprv - ok
11:54:59.0000 3700 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
11:54:59.0050 3700 SysMain - ok
11:54:59.0105 3700 SZASSIST (be4ee0c8be3fc077cc0536702517e140) C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe
11:54:59.0107 3700 SZASSIST ( UnsignedFile.Multi.Generic ) - warning
11:54:59.0107 3700 SZASSIST - detected UnsignedFile.Multi.Generic (1)
11:54:59.0120 3700 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
11:54:59.0140 3700 TabletInputService - ok
11:54:59.0177 3700 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
11:54:59.0197 3700 tap0901 - ok
11:54:59.0222 3700 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
11:54:59.0265 3700 TapiSrv - ok
11:54:59.0280 3700 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:54:59.0312 3700 TBS - ok
11:54:59.0367 3700 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
11:54:59.0412 3700 Tcpip - ok
11:54:59.0447 3700 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
11:54:59.0477 3700 TCPIP6 - ok
11:54:59.0500 3700 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:54:59.0527 3700 tcpipreg - ok
11:54:59.0542 3700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:54:59.0572 3700 TDPIPE - ok
11:54:59.0600 3700 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
11:54:59.0620 3700 TDTCP - ok
11:54:59.0637 3700 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:54:59.0677 3700 tdx - ok
11:54:59.0792 3700 TeamViewer6 (1c46c27e9f1938b9589859c70450d275) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
11:54:59.0850 3700 TeamViewer6 - ok
11:54:59.0870 3700 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:54:59.0882 3700 TermDD - ok
11:54:59.0912 3700 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
11:54:59.0950 3700 TermService - ok
11:54:59.0967 3700 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:54:59.0987 3700 Themes - ok
11:55:00.0012 3700 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:55:00.0042 3700 THREADORDER - ok
11:55:00.0057 3700 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:55:00.0092 3700 TrkWks - ok
11:55:00.0125 3700 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
11:55:00.0140 3700 TrustedInstaller - ok
11:55:00.0157 3700 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:55:00.0195 3700 tssecsrv - ok
11:55:00.0282 3700 TuneUp.UtilitiesSvc (967e6bb91c215f621bc6d83589929f9e) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
11:55:00.0327 3700 TuneUp.UtilitiesSvc - ok
11:55:00.0355 3700 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
11:55:00.0365 3700 TuneUpUtilitiesDrv - ok
11:55:00.0400 3700 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:55:00.0445 3700 tunnel - ok
11:55:00.0460 3700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:55:00.0497 3700 uagp35 - ok
11:55:00.0520 3700 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:55:00.0562 3700 udfs - ok
11:55:00.0595 3700 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:55:00.0610 3700 UI0Detect - ok
11:55:00.0645 3700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:55:00.0657 3700 uliagpkx - ok
11:55:00.0680 3700 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:55:00.0697 3700 umbus - ok
11:55:00.0717 3700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:55:00.0730 3700 UmPass - ok
11:55:00.0762 3700 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
11:55:00.0780 3700 UmRdpService - ok
11:55:00.0797 3700 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:55:00.0832 3700 upnphost - ok
11:55:00.0850 3700 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
11:55:00.0870 3700 usbccgp - ok
11:55:00.0895 3700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:55:00.0910 3700 usbcir - ok
11:55:00.0927 3700 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
11:55:00.0952 3700 usbehci - ok
11:55:00.0972 3700 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
11:55:00.0997 3700 usbhub - ok
11:55:01.0015 3700 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:55:01.0027 3700 usbohci - ok
11:55:01.0045 3700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:55:01.0067 3700 usbprint - ok
11:55:01.0095 3700 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:55:01.0110 3700 usbscan - ok
11:55:01.0142 3700 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:55:01.0157 3700 USBSTOR - ok
11:55:01.0167 3700 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:55:01.0182 3700 usbuhci - ok
11:55:01.0202 3700 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:55:01.0235 3700 UxSms - ok
11:55:01.0267 3700 UxTuneUp (f94738e8b16588081e3c3d10a62b25d3) C:\Windows\System32\uxtuneup.dll
11:55:01.0280 3700 UxTuneUp - ok
11:55:01.0305 3700 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:55:01.0317 3700 VaultSvc - ok
11:55:01.0367 3700 VBoxNetAdp (82a6cb9c68e42c1088318eb8824d6f89) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
11:55:01.0377 3700 VBoxNetAdp - ok
11:55:01.0392 3700 VBoxNetFlt - ok
11:55:01.0412 3700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:55:01.0422 3700 vdrvroot - ok
11:55:01.0457 3700 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
11:55:01.0477 3700 vds - ok
11:55:01.0492 3700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:55:01.0505 3700 vga - ok
11:55:01.0517 3700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:55:01.0552 3700 VgaSave - ok
11:55:01.0575 3700 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:55:01.0587 3700 vhdmp - ok
11:55:01.0602 3700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:55:01.0612 3700 viaide - ok
11:55:01.0632 3700 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
11:55:01.0645 3700 vmbus - ok
11:55:01.0662 3700 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
11:55:01.0685 3700 VMBusHID - ok
11:55:01.0702 3700 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:55:01.0712 3700 volmgr - ok
11:55:01.0725 3700 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:55:01.0740 3700 volmgrx - ok
11:55:01.0750 3700 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:55:01.0765 3700 volsnap - ok
11:55:01.0787 3700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:55:01.0800 3700 vsmraid - ok
11:55:01.0837 3700 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
11:55:01.0880 3700 VSS - ok
11:55:01.0892 3700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:55:01.0905 3700 vwifibus - ok
11:55:01.0925 3700 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:55:01.0960 3700 W32Time - ok
11:55:01.0982 3700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:55:02.0005 3700 WacomPen - ok
11:55:02.0032 3700 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:55:02.0070 3700 WANARP - ok
11:55:02.0072 3700 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:55:02.0100 3700 Wanarpv6 - ok
11:55:02.0142 3700 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
11:55:02.0190 3700 wbengine - ok
11:55:02.0212 3700 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:55:02.0232 3700 WbioSrvc - ok
11:55:02.0252 3700 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
11:55:02.0277 3700 wcncsvc - ok
11:55:02.0292 3700 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:55:02.0317 3700 WcsPlugInService - ok
11:55:02.0332 3700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:55:02.0342 3700 Wd - ok
11:55:02.0367 3700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:55:02.0387 3700 Wdf01000 - ok
11:55:02.0405 3700 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:55:02.0430 3700 WdiServiceHost - ok
11:55:02.0432 3700 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:55:02.0450 3700 WdiSystemHost - ok
11:55:02.0470 3700 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
11:55:02.0492 3700 WebClient - ok
11:55:02.0500 3700 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:55:02.0545 3700 Wecsvc - ok
11:55:02.0560 3700 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:55:02.0595 3700 wercplsupport - ok
11:55:02.0610 3700 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:55:02.0640 3700 WerSvc - ok
11:55:02.0662 3700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:55:02.0690 3700 WfpLwf - ok
11:55:02.0710 3700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:55:02.0720 3700 WIMMount - ok
11:55:02.0740 3700 WinDefend - ok
11:55:02.0747 3700 WinHttpAutoProxySvc - ok
11:55:02.0782 3700 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:55:02.0815 3700 Winmgmt - ok
11:55:02.0867 3700 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
11:55:02.0942 3700 WinRM - ok
11:55:02.0977 3700 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
11:55:02.0990 3700 WinUsb - ok
11:55:03.0027 3700 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:55:03.0055 3700 Wlansvc - ok
11:55:03.0070 3700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:55:03.0085 3700 WmiAcpi - ok
11:55:03.0102 3700 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:55:03.0127 3700 wmiApSrv - ok
11:55:03.0140 3700 WMPNetworkSvc - ok
11:55:03.0155 3700 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:55:03.0167 3700 WPCSvc - ok
11:55:03.0187 3700 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
11:55:03.0207 3700 WPDBusEnum - ok
11:55:03.0252 3700 WPEServ (6fa1afa74c65f18c61d37aebb52ce486) C:\Program Files (x86)\Common Files\WPE\wpeserv.exe
11:55:03.0260 3700 WPEServ ( UnsignedFile.Multi.Generic ) - warning
11:55:03.0262 3700 WPEServ - detected UnsignedFile.Multi.Generic (1)
11:55:03.0277 3700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:55:03.0312 3700 ws2ifsl - ok
11:55:03.0327 3700 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:55:03.0350 3700 wscsvc - ok
11:55:03.0357 3700 WSearch - ok
11:55:03.0405 3700 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
11:55:03.0480 3700 wuauserv - ok
11:55:03.0492 3700 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:55:03.0522 3700 WudfPf - ok
11:55:03.0542 3700 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:55:03.0577 3700 WUDFRd - ok
11:55:03.0592 3700 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
11:55:03.0622 3700 wudfsvc - ok
11:55:03.0645 3700 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:55:03.0665 3700 WwanSvc - ok
11:55:03.0687 3700 MBR (0x1B8) (e24810ee950b6f5f27cb02111df934e3) \Device\Harddisk0\DR0
11:55:03.0712 3700 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
11:55:03.0712 3700 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
11:55:03.0755 3700 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk2\DR2
11:55:04.0337 3700 \Device\Harddisk2\DR2 - ok
11:55:04.0355 3700 Boot (0x1200) (9dca5fac5998323ab0200698a0a24d0c) \Device\Harddisk0\DR0\Partition0
11:55:04.0355 3700 \Device\Harddisk0\DR0\Partition0 - ok
11:55:04.0370 3700 Boot (0x1200) (ccb9779837e922b4141dc32b318fc410) \Device\Harddisk0\DR0\Partition1
11:55:04.0370 3700 \Device\Harddisk0\DR0\Partition1 - ok
11:55:04.0375 3700 Boot (0x1200) (8a2a0ca178bd6faffae19b9719ec6d6a) \Device\Harddisk2\DR2\Partition0
11:55:04.0375 3700 \Device\Harddisk2\DR2\Partition0 - ok
11:55:04.0375 3700 ============================================================
11:55:04.0375 3700 Scan finished
11:55:04.0375 3700 ============================================================
11:55:04.0385 5400 Detected object count: 9
11:55:04.0385 5400 Actual detected object count: 9
11:57:36.0112 5400 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:36.0112 5400 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:57:36.0115 5400 mdf15 ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:36.0115 5400 mdf15 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:57:36.0115 5400 mvd21 ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:36.0115 5400 mvd21 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:57:36.0117 5400 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:36.0117 5400 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:57:36.0120 5400 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:57:36.0120 5400 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:57:36.0120 5400 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:36.0120 5400 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:57:36.0122 5400 SZASSIST ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:36.0122 5400 SZASSIST ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:57:36.0122 5400 WPEServ ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:36.0122 5400 WPEServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:57:36.0125 5400 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user
11:57:36.0125 5400 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen troj

#12 Příspěvek od vyosek »

Znovu spustte TDSSKiller a udelejte sken
  • U polozky Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) zvolte moznost Cure
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Well
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 25 bře 2012 00:09

Re: MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen troj

#13 Příspěvek od Well »

Provedeno.. hotovo ? Mám to ještě projet avastem ?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen troj

#14 Příspěvek od vyosek »

:arrow: Ne zadnej Avast zatim

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Well
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 25 bře 2012 00:09

Re: MBR sektor 0. fyzického disku - Win32/Agent.SDG.Gen troj

#15 Příspěvek od Well »

Tss to trvalo ten scan :D

ComboFix 12-03-22.01 - Well 25.03.2012 12:23:44.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.2277 [GMT 2:00]
Spuštěný z: c:\users\Well\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Well\AppData\Local\.#
c:\users\Well\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\tmpED4B.tmp
c:\windows\SysWow64\tmpED4C.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-25 do 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 10:40 . 2012-03-25 10:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-25 10:40 . 2012-03-25 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-25 10:05 . 2012-03-25 10:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-25 08:59 . 2012-03-20 01:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3C76EF3-C229-4618-B625-5AEFB6622248}\mpengine.dll
2012-03-25 08:53 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-25 08:53 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-25 08:52 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-25 08:52 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-25 08:52 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-25 08:52 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-25 08:52 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-25 08:52 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-25 08:52 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-25 08:52 . 2012-03-25 08:52 -------- d-----w- c:\programdata\AVAST Software
2012-03-25 08:52 . 2012-03-25 08:52 -------- d-----w- c:\program files\AVAST Software
2012-03-25 08:44 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-25 08:43 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-25 08:43 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-25 08:43 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-25 08:43 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-03-25 08:43 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-03-25 08:43 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-03-25 08:43 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-03-25 08:43 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-03-25 08:43 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-03-25 08:41 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-25 08:41 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-25 08:41 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-25 08:40 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-25 08:40 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-24 23:07 . 2012-03-25 09:14 -------- d-----w- c:\program files\trend micro
2012-03-24 23:07 . 2012-03-25 09:14 -------- d-----w- C:\rsit
2012-03-24 22:11 . 2010-06-25 14:32 202704 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-03-24 22:10 . 2010-06-25 14:32 53968 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-03-24 21:59 . 2012-03-24 22:37 -------- d-----w- C:\VB
2012-03-24 18:26 . 2012-03-24 22:34 -------- d-----w- c:\users\Well\.VirtualBox
2012-03-24 18:24 . 2012-03-24 22:34 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-24 11:14 . 2012-03-24 11:14 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-11 13:29 . 2012-03-13 12:49 -------- d-----w- c:\program files\n2n Gui
2012-03-11 13:29 . 2011-04-26 10:21 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-03-11 13:18 . 2012-03-11 13:18 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-03-11 13:01 . 2012-03-11 13:01 -------- d-----w- c:\program files (x86)\Mplayer
2012-02-28 23:52 . 2012-02-28 23:52 -------- d-----w- c:\program files (x86)\MSECache
2012-02-28 23:15 . 2012-02-28 23:15 -------- d-----w- C:\Output
2012-02-28 23:13 . 2012-03-11 11:17 -------- d-----w- c:\program files (x86)\Free Power Word to Pdf Converter
2012-02-28 23:03 . 2012-02-28 23:03 -------- d-----w- c:\program files (x86)\WordToPDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 07:18 . 2010-04-17 21:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-12 19:08 . 2012-02-12 19:59 3567 ----a-w- c:\windows\system32\porttalk.sys
2012-02-12 19:08 . 2012-02-12 19:10 3567 ----a-w- c:\windows\system32\drivers\porttalk.sys
2012-02-12 19:00 . 2012-02-12 19:01 3567 ----a-w- c:\windows\SysWow64\drivers\porttalk.sys
2012-02-12 19:00 . 2012-02-12 19:00 3567 ----a-w- c:\windows\SysWow64\porttalk.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_1.dll" [2010-10-17 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-10-17 13:34 2735200 ----a-w- c:\program files (x86)\BS_Player\tbBS_1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_1.dll" [2010-10-17 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-04 740216]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Seznam Postak"="c:\program files (x86)\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
"Steam"="d:\hry\SteamClient\steam.exe" [2011-08-11 1242448]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Print2PDF Print Monitor"="c:\program files (x86)\Software602\Print2PDF\Print2PDF.exe" [2009-02-25 77824]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Well\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Auto Backup Guage.lnk - c:\program files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe [2010-12-25 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2010-12-25 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe [2010-12-25 102400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-02 1030600]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 136176]
R3 mdf15;mdf15;c:\program files (x86)\Clarus\Samsung SecretZone\mdf15.sys [2010-03-18 12288]
R3 mvd21;mvd21;c:\program files (x86)\Clarus\Samsung SecretZone\mvd21.sys [2010-06-14 64512]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R4 SZASSIST;SecretZone Assist Service;c:\program files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-07-30 90112]
R4 WPEServ;soft Xpansion Print2Document;c:\program files (x86)\Common Files\WPE\wpeserv.exe [2008-03-17 339968]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-10-27 1974080]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 18:52]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 18:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://fullarticles.net
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {9BD3C5C6-BCBA-47BF-9CC0-0D5D3E117DE1} - hxxp://www.bravearms.com/razor/plugins/WebMediaPlayer.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Samsung_AppInst - h:\samsungsoftware\AppInst.exe
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Celkový čas: 2012-03-25 12:57:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-25 10:57
.
Před spuštěním: Volných bajtů: 15 082 475 520
Po spuštění: Volných bajtů: 14 896 148 480
.
- - End Of File - - EB966733A9F34C2D50EFE4B15BFA5BF1
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“