Vas pocitac bol zablokovany, policia SR

Zpráva

Skaler.x. · #16 Příspěvek od **Skaler.x.** » 29 pro 2012 22:17

Sandbox bol vypnut ale zvysok nie :/...
V hjt, neviem ci nieco robim zle, ale co si kazal fixnut tam nevidim.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:13:41, on 29. 12. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
C:\Program Files\COMODO\COMODO Internet Security\crashrep.exe
C:\Program Files\trend micro\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1993962763-838170752-1801674531-1004\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-1993962763-838170752-1801674531-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1993962763-838170752-1801674531-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6568 bytes

Idem na ten navod

Skaler.x. · #17 Příspěvek od **Skaler.x.** » 29 pro 2012 22:23

Log Opened: 2012-12-29 @ 22:19:18
22:19:18 - -----------------
22:19:18 - | Begin Logging |
22:19:18 - -----------------
22:19:18 - Fix started on a WIN_XP X86 computer
22:19:18 - Prep in progress. Please Wait.
22:19:20 - Prep complete
22:19:20 - Repairing Services Now. Please wait...
22:19:20 - Services Repair Complete.
22:19:27 - Reboot Initiated

Skaler.x. · #18 Příspěvek od **Skaler.x.** » 29 pro 2012 22:25

========== OTL ==========
C:\Documents and Settings\All Users\Data aplikací\dsgsdgdsgdsgw.pad moved successfully.
C:\Documents and Settings\All Users\Data aplikací\dsgsdgdsgdsgw.js moved successfully.
C:\Documents and Settings\Jozifek\Nabídka Start\Programy\Po spuštění\runctf.lnk moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 12292012_213635

Skaler.x. · #19 Příspěvek od **Skaler.x.** » 29 pro 2012 22:33

Stale po starom.V sietovych pripojeniach sa neda nic robit, aktualizacia antiviru tiez nic.

Skaler.x. · #20 Příspěvek od **Skaler.x.** » 30 pro 2012 16:27

Zatial combofix, idem dalej.

ComboFix 12-12-30.01 - Jozifek . 12. 2012 16:01:07.3.1 - x86
Running from: c:\documents and settings\Jozifek\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))
.
.
2012-12-29 21:21 . 2012-12-29 21:21 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-12-29 19:52 . 2012-12-29 19:52 512 ----a-w- C:\PhysicalMBR.bin
2012-12-29 11:47 . 2012-12-29 20:57 -------- d-----w- c:\program files\trend micro
2012-12-29 11:46 . 2012-12-29 14:21 -------- d-----w- C:\rsit
2012-12-28 21:56 . 2012-12-28 21:56 7168 ----a-w- c:\windows\system32\drivers\utexnjq4.sys
2012-12-28 16:35 . 2012-12-28 18:04 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-12-23 15:07 . 2007-03-05 06:32 201216 ----a-w- c:\windows\system32\mediarcpt.dll
2012-12-23 15:07 . 2012-12-23 15:33 -------- d-----w- c:\program files\Recepty doma
2012-12-18 14:57 . 2012-12-23 10:47 -------- d-----w- c:\program files\Team17
2012-12-17 12:57 . 2012-12-17 12:57 -------- d-----w- c:\documents and settings\Jozifek\Data aplikací\Quake3
2012-12-17 12:49 . 2012-12-17 12:53 -------- d-----w- c:\program files\ioQuake3&TA
2012-12-17 06:56 . 2012-12-17 07:04 -------- d-----w- c:\program files\Outlook Attachment Sniffer
2012-12-17 06:31 . 2012-12-23 11:12 -------- d-----w- c:\documents and settings\Jozifek\Data aplikací\Atari
2012-12-17 06:20 . 2012-12-17 06:20 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2012-12-13 15:59 . 2012-12-13 15:59 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-26 09:03 . 2011-09-08 19:24 73728 ----a-w- c:\windows\ALCFDRTM.VER
2012-12-16 12:31 . 2011-01-25 08:09 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 16:00 . 2012-10-11 09:50 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 16:00 . 2011-07-30 19:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:56 . 2011-01-25 08:12 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 23:38 . 2010-04-08 23:25 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2010-04-08 23:25 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2010-04-08 23:25 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2010-04-08 23:25 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2011-12-24 19:18 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2010-04-08 23:26 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-02 02:03 . 2008-04-14 11:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:11 . 2011-01-25 08:12 920064 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:11 . 2011-01-25 08:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:11 . 2011-01-25 08:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-31 23:39 . 2011-01-25 08:10 385024 ----a-w- c:\windows\system32\html.iec
2012-10-23 13:20 . 2012-10-23 13:20 2 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-10-11 10:04 . 2012-10-11 10:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-11 10:04 . 2011-07-21 19:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-02 18:04 . 2008-04-14 11:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-12-01 19:17 . 2012-12-01 19:16 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-01-25 . 8F41FD1CC693054347C6FB7B0E618B07 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2011-07-27 434080]
"SoundMan"="SOUNDMAN.EXE" [2005-05-04 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-04 2805248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"KB976002-v5"="advpack.dll" [2011-01-25 128512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-01-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jozifek^Nabídka Start^Programy^Po spuštění^Logitech . Registrácia výrobku.lnk]
path=c:\documents and settings\Jozifek\Nabídka Start\Programy\Po spuštění\Logitech . Registrácia výrobku.lnk
backup=c:\windows\pss\Logitech . Registrácia výrobku.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-07-23 09:18 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Warcraft III\\gproxy.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R1 DumpDrv;Crash Dump Driver; [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 utexnjq4;AVZ Kernel Driver;c:\windows\system32\Drivers\utexnjq4.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [x]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 16:00]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 18:00]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 18:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.2 195.168.1.4 62.168.96.4
FF - ProfilePath - c:\documents and settings\Jozifek\Data aplikací\Mozilla\Firefox\Profiles\mm4b3bix.default\
FF - prefs.js: browser.search.selectedEngine - VyhledĂˇvĂˇnĂ videĂ ve sluĹľbÄ› YouTube
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - true
FF - ExtSQL: 2012-12-29 20:04; {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}; c:\documents and settings\Jozifek\Data aplikacĂÂ\Mozilla\Firefox\Profiles\mm4b3bix.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
FF - ExtSQL: 2012-12-29 20:04; FasterFox_Lite@BigRedBrent; c:\documents and settings\Jozifek\Data aplikacĂÂ\Mozilla\Firefox\Profiles\mm4b3bix.default\extensions\FasterFox_Lite@BigRedBrent
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-30 16:08
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="BEBCF59BB709084079D10696E33918D1882E3FAC4E1353F86FD8E7FD461ECA953E79F1ED5CE783022F8DDC1126C6BA418EB1E024C9AB77456EF5E696E277F13E3644DA2B317247FDF4D9C39897477DE98FC7B24CEE8D5801B211FEAFA5F07D6822485488B0D8E993CB5108DA4AA6B474B39D516C840BA63B2985BA4A295D1AAED333F3616A0C34088994702E611CE56DF3E0CE7463B8446A9036950B9BCFA68DEFB5C7330141A3015743B488179BCC44A2472E73F8ED49E87D85043D3EA33A6AEF064B232DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DA2D97226D213B5555D575E7D6A3B9808A63F1394DF80F890D56E1C669C431C023DC1DAF8840F87B2252547B7CC5254B43BDE986BEDBDA21FF4F411BA8B92ADB9F963E80A683F7A02A29DBA9D71CA12FD0CE70796CE94CAD42EF3CAB910DA2745925F1C0A5E9E38E50CEDE12B42499E32892990A1002D93EDF2388355F85303D6199ED9EEA21135A032BDEA7C0F7D09C86726CA6C02A8C3B8F7C059D11725E02FE4C06683796F888AABE566012B8E03D01E182EA9D895C215B6C4CEC6BF7182A60E9570E42A85EE11D575C6FAEE135FEA6AE898E20CFBA07C6BA94A234DCAD0A8F3A205057E1349B2CE306701B599984CCAB94B72AB550E77188E95269CB6D3B4B82217A9444B9806F80B037D5E22CABE845B6D89C40F62248242DFE31032BC5C428080EB4ED786317C31B8B04EA3B69E9FD8052BEE0D163532C9BC470DABDD493AE17BB9F454DFF1C3818FABEA8542DEE86A812F40A3487174DE9F0C7D052EB48F98A6D591CF92977E0E6ED5A1A475826F81B440571D3932DC6CE442CD96C6EEF4B0855503CE34879F9CA269E0537D248841D2DFD3B850E63D134BCFF0AA695B5FE580A12CCAFB385EA85BF61DD52BEFCA8076E05A279710B1A873EC5C8177700A2BE2F9722DC438B661ADDECD6473A9934C1BEB140E3B4514B4E52789CC78BA71A5DCEDC2D79026E52891DA6E2D6F2483E2A4FB2E880FB089F30C5D76B3965859AD7FE4891E02B6F01464F100D05B49FC38D560D7A4089074573347A3D022FCC65143983BC8E0B11EEF668604E41917A973DABDC6E440B7FD828FEA18358BEF05538395CD1399F478B8BAC983F1AC9EF4F0BF8BB23D758A144E37A6DDE16B0DA02801BFBBACBB6F4FA26AC10974BF050F40F516D9998984E8C7A3AA80CE7C42ED79DC4A833A7B26B593634BA5DD1F036C2352FCFBD682B56F2EB3FA92E61E9302259F412854B0B004267392EB943BE545930FB25DC70ABCE278A972AA09D119363CB501300657BA53A8519BF3EEA910943B498146B26FD23ECC2C3C6208C0FC2A846DBC26D00F86831E933ED93CA1F51CFA820384D0A2C1C488C5"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\guard32.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2488)
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(828)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-12-30 16:10:35
ComboFix-quarantined-files.txt 2012-12-30 15:10
ComboFix2.txt 2012-12-29 19:03
ComboFix3.txt 2012-12-29 17:38
.
Pre-Run: Volných bajtů: 60 395 741 184
Post-Run: Volných bajtů: 60 379 553 792
.
- - End Of File - - BFBD1944C896E8C508763FA24DABAD39

Skaler.x. · #21 Příspěvek od **Skaler.x.** » 30 pro 2012 16:34

Killer:

16:28:52.0265 1512 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:28:52.0500 1512 ============================================================
16:28:52.0500 1512 Current date / time: 2012/12/30 16:28:52.0500
16:28:52.0500 1512 SystemInfo:
16:28:52.0500 1512
16:28:52.0500 1512 OS Version: 5.1.2600 ServicePack: 3.0
16:28:52.0500 1512 Product type: Workstation
16:28:52.0500 1512 ComputerName: EMIL
16:28:52.0500 1512 UserName: Jozifek
16:28:52.0500 1512 Windows directory: C:\WINDOWS
16:28:52.0500 1512 System windows directory: C:\WINDOWS
16:28:52.0500 1512 Processor architecture: Intel x86
16:28:52.0500 1512 Number of processors: 1
16:28:52.0500 1512 Page size: 0x1000
16:28:52.0500 1512 Boot type: Normal boot
16:28:52.0500 1512 ============================================================
16:28:53.0968 1512 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:28:53.0984 1512 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x1E640, SectorsPerTrack: 0x3E, TracksPerCylinder: 0x51, Type 'K0', Flags 0x00000054
16:28:54.0156 1512 ============================================================
16:28:54.0156 1512 \Device\Harddisk0\DR0:
16:28:54.0156 1512 MBR partitions:
16:28:54.0156 1512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
16:28:54.0156 1512 \Device\Harddisk1\DR1:
16:28:54.0156 1512 MBR partitions:
16:28:54.0156 1512 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3E, BlocksNum 0x2542C7A4
16:28:54.0156 1512 ============================================================
16:28:54.0171 1512 C: <-> \Device\Harddisk0\DR0\Partition1
16:28:54.0203 1512 D: <-> \Device\Harddisk1\DR1\Partition1
16:28:54.0203 1512 ============================================================
16:28:54.0203 1512 Initialize success
16:28:54.0203 1512 ============================================================
16:29:38.0359 1376 ============================================================
16:29:38.0359 1376 Scan started
16:29:38.0359 1376 Mode: Manual; SigCheck; TDLFS;
16:29:38.0359 1376 ============================================================
16:29:38.0593 1376 ================ Scan system memory ========================
16:29:38.0593 1376 System memory - ok
16:29:38.0593 1376 ================ Scan services =============================
16:29:38.0703 1376 Abiosdsk - ok
16:29:38.0718 1376 abp480n5 - ok
16:29:38.0750 1376 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:29:39.0046 1376 ACPI - ok
16:29:39.0078 1376 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:29:39.0218 1376 ACPIEC - ok
16:29:39.0281 1376 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:29:39.0296 1376 AdobeFlashPlayerUpdateSvc - ok
16:29:39.0312 1376 adpu160m - ok
16:29:39.0343 1376 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:29:39.0484 1376 aec - ok
16:29:39.0515 1376 [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:29:39.0546 1376 AFD - ok
16:29:39.0562 1376 Aha154x - ok
16:29:39.0562 1376 aic78u2 - ok
16:29:39.0578 1376 aic78xx - ok
16:29:39.0609 1376 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:29:39.0750 1376 Alerter - ok
16:29:39.0765 1376 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
16:29:39.0828 1376 ALG - ok
16:29:39.0843 1376 AliIde - ok
16:29:39.0843 1376 amsint - ok
16:29:39.0859 1376 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:29:39.0953 1376 AppMgmt - ok
16:29:39.0953 1376 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:29:40.0093 1376 Arp1394 - ok
16:29:40.0093 1376 asc - ok
16:29:40.0109 1376 asc3350p - ok
16:29:40.0109 1376 asc3550 - ok
16:29:40.0218 1376 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:29:40.0234 1376 aspnet_state - ok
16:29:40.0265 1376 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:29:40.0421 1376 AsyncMac - ok
16:29:40.0453 1376 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:29:40.0609 1376 atapi - ok
16:29:40.0609 1376 Atdisk - ok
16:29:40.0656 1376 [ 72BC628AF75C4C3250F2A3BAC260265A ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
16:29:40.0750 1376 atksgt - ok
16:29:40.0781 1376 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:29:40.0921 1376 Atmarpc - ok
16:29:40.0953 1376 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:29:41.0093 1376 AudioSrv - ok
16:29:41.0125 1376 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:29:41.0265 1376 audstub - ok
16:29:41.0296 1376 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:29:41.0453 1376 Beep - ok
16:29:41.0500 1376 [ 3AEDE727580F0A7C3929DD6526145759 ] BITS C:\WINDOWS\system32\qmgr.dll
16:29:41.0531 1376 BITS - ok
16:29:41.0562 1376 [ 218B3BBB1FAD634A84FB1A1BB030D956 ] Browser C:\WINDOWS\System32\browser.dll
16:29:41.0609 1376 Browser - ok
16:29:41.0687 1376 catchme - ok
16:29:41.0703 1376 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:29:41.0843 1376 cbidf2k - ok
16:29:41.0859 1376 cd20xrnt - ok
16:29:41.0875 1376 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:29:42.0031 1376 Cdaudio - ok
16:29:42.0078 1376 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:29:42.0250 1376 Cdfs - ok
16:29:42.0281 1376 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:29:42.0312 1376 Cdrom - ok
16:29:42.0312 1376 Changer - ok
16:29:42.0343 1376 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:29:42.0500 1376 CiSvc - ok
16:29:42.0515 1376 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:29:42.0687 1376 ClipSrv - ok
16:29:42.0843 1376 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:29:42.0875 1376 clr_optimization_v2.0.50727_32 - ok
16:29:42.0921 1376 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:29:42.0937 1376 clr_optimization_v4.0.30319_32 - ok
16:29:43.0578 1376 [ 2A2D72271844C52F004901A60312B96A ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
16:29:43.0750 1376 cmdAgent - ok
16:29:43.0828 1376 [ 26F9E72754B2DBC53977E92B647A6ABA ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
16:29:43.0843 1376 cmderd - ok
16:29:43.0921 1376 [ 9181CC4D007ADBE21DB9A11BFECAFEF5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
16:29:43.0968 1376 cmdGuard - ok
16:29:44.0000 1376 [ C5A9FB50E8CA7FD99F256255FEE71580 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
16:29:44.0031 1376 cmdHlp - ok
16:29:44.0031 1376 CmdIde - ok
16:29:44.0046 1376 COMSysApp - ok
16:29:44.0062 1376 Cpqarray - ok
16:29:44.0062 1376 cpudrv - ok
16:29:44.0093 1376 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:29:44.0250 1376 CryptSvc - ok
16:29:44.0250 1376 dac2w2k - ok
16:29:44.0265 1376 dac960nt - ok
16:29:44.0312 1376 [ C0BD34A62508BA68F146E22CE45919F9 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:29:44.0375 1376 DcomLaunch - ok
16:29:44.0421 1376 [ EB737F46D7D494C7760A932C9B6491A4 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:29:44.0484 1376 Dhcp - ok
16:29:44.0500 1376 [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:29:44.0531 1376 Disk - ok
16:29:44.0546 1376 dmadmin - ok
16:29:44.0578 1376 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:29:44.0734 1376 dmboot - ok
16:29:44.0750 1376 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:29:44.0890 1376 dmio - ok
16:29:44.0906 1376 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:29:45.0062 1376 dmload - ok
16:29:45.0078 1376 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:29:45.0203 1376 dmserver - ok
16:29:45.0218 1376 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:29:45.0406 1376 DMusic - ok
16:29:45.0437 1376 [ 38AAD7E982198CB4F642BB60E59511F1 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:29:45.0484 1376 Dnscache - ok
16:29:45.0500 1376 [ AACFC38E9D085D58F9F933CFD6AF1D2B ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:29:45.0531 1376 Dot3svc - ok
16:29:45.0531 1376 dpti2o - ok
16:29:45.0562 1376 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:29:45.0687 1376 drmkaud - ok
16:29:45.0718 1376 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
16:29:45.0734 1376 dtsoftbus01 - ok
16:29:45.0765 1376 [ B327281012B48BD73F587799F9F29BE2 ] DumpDrv C:\WINDOWS\system32\drivers\DumpDrv.sys
16:29:45.0812 1376 DumpDrv - ok
16:29:45.0859 1376 [ 95974E66D3DE4951D29E28E8BC0B644C ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:29:45.0906 1376 E100B - ok
16:29:45.0953 1376 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:29:46.0093 1376 EapHost - ok
16:29:46.0109 1376 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:29:46.0265 1376 ERSvc - ok
16:29:46.0296 1376 [ 4F40D16B2D5ED9E48A193CE468912FED ] Eventlog C:\WINDOWS\system32\services.exe
16:29:46.0328 1376 Eventlog - ok
16:29:46.0328 1376 [ BE68EA4457E2E5717231CF91BE5448E0 ] EventSystem C:\WINDOWS\system32\es.dll
16:29:46.0375 1376 EventSystem - ok
16:29:46.0406 1376 [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat C:\WINDOWS\system32\drivers\exFat.sys
16:29:46.0437 1376 exFat - ok
16:29:46.0484 1376 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:29:46.0625 1376 Fastfat - ok
16:29:46.0656 1376 [ 54A6BF743E0517528A5064CEAEB40EA7 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:29:46.0687 1376 FastUserSwitchingCompatibility - ok
16:29:46.0718 1376 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:29:46.0875 1376 Fdc - ok
16:29:46.0875 1376 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:29:47.0015 1376 Fips - ok
16:29:47.0015 1376 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:29:47.0156 1376 Flpydisk - ok
16:29:47.0203 1376 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:29:47.0359 1376 FltMgr - ok
16:29:47.0406 1376 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:29:47.0421 1376 FontCache3.0.0.0 - ok
16:29:47.0453 1376 [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:29:47.0484 1376 Fs_Rec - ok
16:29:47.0515 1376 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:29:47.0656 1376 Ftdisk - ok
16:29:47.0671 1376 GGSAFERDriver - ok
16:29:47.0718 1376 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:29:47.0875 1376 Gpc - ok
16:29:47.0921 1376 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:29:47.0937 1376 gupdate - ok
16:29:47.0953 1376 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:29:47.0968 1376 gupdatem - ok
16:29:47.0984 1376 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
16:29:48.0000 1376 hamachi - ok
16:29:48.0093 1376 [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
16:29:48.0156 1376 Hamachi2Svc - ok
16:29:48.0187 1376 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:29:48.0328 1376 HDAudBus - ok
16:29:48.0390 1376 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:29:48.0531 1376 helpsvc - ok
16:29:48.0546 1376 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:29:48.0703 1376 HidServ - ok
16:29:48.0734 1376 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:29:48.0890 1376 hidusb - ok
16:29:48.0906 1376 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:29:49.0046 1376 hkmsvc - ok
16:29:49.0046 1376 hpn - ok
16:29:49.0093 1376 [ 937031C085718C1C04A9C0864625EC6B ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:29:49.0125 1376 HTTP - ok
16:29:49.0156 1376 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:29:49.0312 1376 HTTPFilter - ok
16:29:49.0312 1376 i2omgmt - ok
16:29:49.0328 1376 i2omp - ok
16:29:49.0359 1376 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:29:49.0500 1376 i8042prt - ok
16:29:49.0562 1376 [ 4007984827E19E6A5B6FAF8532EAEFBA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:29:49.0625 1376 ialm - ok
16:29:49.0718 1376 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:29:49.0765 1376 idsvc - ok
16:29:49.0812 1376 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:29:49.0968 1376 Imapi - ok
16:29:50.0000 1376 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:29:50.0140 1376 ImapiService - ok
16:29:50.0156 1376 ini910u - ok
16:29:50.0203 1376 [ E1DF634BEC066B3D4FFE437BCB78C282 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
16:29:50.0218 1376 Inspect - ok
16:29:50.0328 1376 [ D87FFA95D630EC8D1482CA25C454846A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:29:50.0453 1376 IntcAzAudAddService - ok
16:29:50.0484 1376 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:29:50.0640 1376 IntelIde - ok
16:29:50.0687 1376 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:29:50.0812 1376 intelppm - ok
16:29:50.0828 1376 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:29:50.0984 1376 Ip6Fw - ok
16:29:51.0015 1376 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:29:51.0171 1376 IpFilterDriver - ok
16:29:51.0171 1376 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:29:51.0312 1376 IpInIp - ok
16:29:51.0343 1376 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:29:51.0484 1376 IpNat - ok
16:29:51.0500 1376 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:29:51.0640 1376 IPSec - ok
16:29:51.0656 1376 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:29:51.0734 1376 IRENUM - ok
16:29:51.0781 1376 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:29:51.0921 1376 isapnp - ok
16:29:52.0015 1376 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:29:52.0031 1376 JavaQuickStarterService - ok
16:29:52.0078 1376 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:29:52.0203 1376 Kbdclass - ok
16:29:52.0218 1376 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:29:52.0343 1376 kbdhid - ok
16:29:52.0359 1376 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:29:52.0515 1376 kmixer - ok
16:29:52.0546 1376 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:29:52.0609 1376 KSecDD - ok
16:29:52.0640 1376 [ 111A41B749F0E8CD7566B4FFD613CFFE ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
16:29:52.0671 1376 LanmanServer - ok
16:29:52.0703 1376 [ 9A2E7EE3989AAC0079E9D23555545D52 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:29:52.0718 1376 lanmanworkstation - ok
16:29:52.0750 1376 [ BE2DC24D403643A2D1D98F33C7087B38 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
16:29:52.0765 1376 LBeepKE - ok
16:29:52.0781 1376 lbrtfdc - ok
16:29:52.0859 1376 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:29:52.0875 1376 LBTServ - ok
16:29:52.0906 1376 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
16:29:52.0921 1376 LHidFilt - ok
16:29:52.0953 1376 [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
16:29:52.0968 1376 lirsgt - ok
16:29:52.0984 1376 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:29:53.0109 1376 LmHosts - ok
16:29:53.0140 1376 [ DDFA88E36D5F8DB5FBDBDDDC4969DB0A ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
16:29:53.0156 1376 LUsbFilt - ok
16:29:53.0171 1376 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:29:53.0328 1376 Messenger - ok
16:29:53.0343 1376 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:29:53.0484 1376 mnmdd - ok
16:29:53.0515 1376 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:29:53.0640 1376 mnmsrvc - ok
16:29:53.0671 1376 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:29:53.0812 1376 Modem - ok
16:29:53.0859 1376 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:29:54.0000 1376 Mouclass - ok
16:29:54.0015 1376 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:29:54.0156 1376 mouhid - ok
16:29:54.0171 1376 [ 1A1FAA5102466F418494E94FF9B0B091 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:29:54.0203 1376 MountMgr - ok
16:29:54.0250 1376 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:29:54.0281 1376 MozillaMaintenance - ok
16:29:54.0281 1376 mraid35x - ok
16:29:54.0296 1376 [ 4FEFD389D71126EE581B9F9CB2918BE4 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:29:54.0328 1376 MRxDAV - ok
16:29:54.0375 1376 [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:29:54.0421 1376 MRxSmb - ok
16:29:54.0453 1376 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:29:54.0578 1376 MSDTC - ok
16:29:54.0609 1376 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:29:54.0750 1376 Msfs - ok
16:29:54.0750 1376 MSIServer - ok
16:29:54.0781 1376 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:29:54.0906 1376 MSKSSRV - ok
16:29:54.0937 1376 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:29:55.0093 1376 MSPCLOCK - ok
16:29:55.0093 1376 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:29:55.0234 1376 MSPQM - ok
16:29:55.0265 1376 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:29:55.0390 1376 mssmbios - ok
16:29:55.0421 1376 [ F7B1AD991491F02AF6DA70B00B8BF114 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:29:55.0453 1376 Mup - ok
16:29:55.0500 1376 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:29:55.0625 1376 napagent - ok
16:29:55.0656 1376 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:29:55.0718 1376 NDIS - ok
16:29:55.0750 1376 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:29:55.0781 1376 NdisTapi - ok
16:29:55.0812 1376 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:29:55.0953 1376 Ndisuio - ok
16:29:55.0953 1376 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:29:55.0984 1376 NdisWan - ok
16:29:56.0015 1376 [ 816460BD4B4ACD27937D1D0813E2E9E9 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:29:56.0046 1376 NDProxy - ok
16:29:56.0062 1376 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:29:56.0203 1376 NetBIOS - ok
16:29:56.0218 1376 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:29:56.0359 1376 NetBT - ok
16:29:56.0375 1376 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
16:29:56.0500 1376 NetDDE - ok
16:29:56.0515 1376 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:29:56.0640 1376 NetDDEdsdm - ok
16:29:56.0671 1376 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:29:56.0812 1376 Netlogon - ok
16:29:56.0828 1376 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
16:29:56.0968 1376 Netman - ok
16:29:57.0000 1376 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:29:57.0015 1376 NetTcpPortSharing - ok
16:29:57.0046 1376 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:29:57.0171 1376 NIC1394 - ok
16:29:57.0187 1376 [ 0D594D828829E1BC727B870899376B19 ] Nla C:\WINDOWS\System32\mswsock.dll
16:29:57.0218 1376 Nla - ok
16:29:57.0234 1376 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:29:57.0375 1376 Npfs - ok
16:29:57.0406 1376 [ AE8CAD8F28DB13B515A68510A539B0B8 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:29:57.0453 1376 Ntfs - ok
16:29:57.0515 1376 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:29:57.0640 1376 NtLmSsp - ok
16:29:57.0671 1376 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:29:57.0812 1376 NtmsSvc - ok
16:29:57.0828 1376 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:29:57.0984 1376 Null - ok
16:29:58.0375 1376 [ 8B2C874897EA498DA012284E12F9DB2B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:29:58.0828 1376 nv - ok
16:29:58.0859 1376 [ 32F7DEC3729B3BAE66EEBCAB7B03B18F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
16:29:58.0890 1376 NVSvc - ok
16:29:58.0984 1376 [ 2CC4E45B0EB4C48392CEC9C83B5B8E3B ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:29:59.0093 1376 nvUpdatusService - ok
16:29:59.0125 1376 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:29:59.0265 1376 NwlnkFlt - ok
16:29:59.0265 1376 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:29:59.0406 1376 NwlnkFwd - ok
16:29:59.0484 1376 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:29:59.0500 1376 odserv - ok
16:29:59.0531 1376 [ 2553F7C60B8D291B5A812245E6D4DA6E ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:29:59.0578 1376 ohci1394 - ok
16:29:59.0609 1376 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:29:59.0625 1376 ose - ok
16:29:59.0656 1376 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:29:59.0796 1376 Parport - ok
16:29:59.0812 1376 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:29:59.0937 1376 PartMgr - ok
16:29:59.0968 1376 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:30:00.0093 1376 ParVdm - ok
16:30:00.0093 1376 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:30:00.0234 1376 PCI - ok
16:30:00.0234 1376 PCIDump - ok
16:30:00.0250 1376 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
16:30:00.0390 1376 PCIIde - ok
16:30:00.0406 1376 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:30:00.0562 1376 Pcmcia - ok
16:30:00.0562 1376 PDCOMP - ok
16:30:00.0593 1376 PDFRAME - ok
16:30:00.0593 1376 PDRELI - ok
16:30:00.0609 1376 PDRFRAME - ok
16:30:00.0625 1376 perc2 - ok
16:30:00.0640 1376 perc2hib - ok
16:30:00.0687 1376 [ 4F40D16B2D5ED9E48A193CE468912FED ] PlugPlay C:\WINDOWS\system32\services.exe
16:30:00.0718 1376 PlugPlay - ok
16:30:00.0734 1376 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:30:00.0859 1376 PolicyAgent - ok
16:30:00.0890 1376 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:30:01.0015 1376 PptpMiniport - ok
16:30:01.0031 1376 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:30:01.0156 1376 ProtectedStorage - ok
16:30:01.0171 1376 [ D8E11D311785F89F1D70A28B0E879127 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:30:01.0203 1376 PSched - ok
16:30:01.0218 1376 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:30:01.0359 1376 Ptilink - ok
16:30:01.0359 1376 ql1080 - ok
16:30:01.0375 1376 Ql10wnt - ok
16:30:01.0390 1376 ql12160 - ok
16:30:01.0390 1376 ql1240 - ok
16:30:01.0406 1376 ql1280 - ok
16:30:01.0437 1376 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:30:01.0546 1376 RasAcd - ok
16:30:01.0578 1376 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:30:01.0718 1376 RasAuto - ok
16:30:01.0734 1376 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:30:01.0859 1376 Rasl2tp - ok
16:30:01.0875 1376 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:30:02.0031 1376 RasMan - ok
16:30:02.0046 1376 [ 2C9D4620A0FD35DE1828370B392F6E2D ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:30:02.0078 1376 RasPppoe - ok
16:30:02.0093 1376 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:30:02.0234 1376 Raspti - ok
16:30:02.0281 1376 [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:30:02.0328 1376 Rdbss - ok
16:30:02.0343 1376 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:30:02.0484 1376 RDPCDD - ok
16:30:02.0515 1376 [ 47EA20320E3D6FDC7B7BB22B2B881CA6 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:30:02.0562 1376 rdpdr - ok
16:30:02.0609 1376 [ C7D9BC54354B8C706ABF172D48313F1B ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:30:02.0640 1376 RDPWD - ok
16:30:02.0687 1376 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:30:02.0828 1376 RDSessMgr - ok
16:30:02.0843 1376 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:30:02.0968 1376 redbook - ok
16:30:03.0015 1376 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:30:03.0125 1376 RemoteAccess - ok
16:30:03.0171 1376 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:30:03.0296 1376 RemoteRegistry - ok
16:30:03.0312 1376 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
16:30:03.0453 1376 RpcLocator - ok
16:30:03.0484 1376 [ C0BD34A62508BA68F146E22CE45919F9 ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:30:03.0515 1376 RpcSs - ok
16:30:03.0546 1376 [ 743D7D59767073A617B1DCC6C546F234 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
16:30:03.0578 1376 rspndr - ok
16:30:03.0593 1376 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:30:03.0718 1376 RSVP - ok
16:30:03.0750 1376 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
16:30:03.0875 1376 SamSs - ok
16:30:03.0890 1376 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:30:04.0031 1376 SCardSvr - ok
16:30:04.0078 1376 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:30:04.0203 1376 Schedule - ok
16:30:04.0234 1376 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:30:04.0296 1376 Secdrv - ok
16:30:04.0312 1376 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:30:04.0453 1376 seclogon - ok
16:30:04.0453 1376 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
16:30:04.0593 1376 SENS - ok
16:30:04.0625 1376 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
16:30:04.0765 1376 Serial - ok
16:30:04.0812 1376 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:30:04.0937 1376 Sfloppy - ok
16:30:04.0968 1376 [ 65EACFE3182AFEE8D222D0B17FE05EDA ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:30:05.0000 1376 SharedAccess - ok
16:30:05.0015 1376 [ 54A6BF743E0517528A5064CEAEB40EA7 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:30:05.0046 1376 ShellHWDetection - ok
16:30:05.0046 1376 Simbad - ok
16:30:05.0062 1376 Sparrow - ok
16:30:05.0093 1376 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:30:05.0234 1376 splitter - ok
16:30:05.0281 1376 [ 258DD5D4283FD9F9A7166BE9AE45CE73 ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:30:05.0296 1376 Spooler - ok
16:30:05.0328 1376 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
16:30:05.0359 1376 sptd - ok
16:30:05.0375 1376 [ 94610C8653635E4459316A0050D55CE7 ] SR C:\WINDOWS\system32\DRIVERS\sr.sys
16:30:05.0453 1376 SR - ok
16:30:05.0484 1376 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
16:30:05.0562 1376 srservice - ok
16:30:05.0593 1376 [ 9B390283569EA58D43D2586032B892F5 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:30:05.0656 1376 Srv - ok
16:30:05.0687 1376 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:30:05.0781 1376 SSDPSRV - ok
16:30:05.0781 1376 Steam Client Service - ok
16:30:05.0828 1376 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:30:05.0968 1376 stisvc - ok
16:30:06.0000 1376 [ F05028B163B92C302A74409D683AC9B0 ] SVKP C:\WINDOWS\system32\SVKP.sys
16:30:06.0000 1376 SVKP ( UnsignedFile.Multi.Generic ) - warning
16:30:06.0000 1376 SVKP - detected UnsignedFile.Multi.Generic (1)
16:30:06.0031 1376 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:30:06.0156 1376 swenum - ok
16:30:06.0187 1376 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:30:06.0328 1376 swmidi - ok
16:30:06.0343 1376 SwPrv - ok
16:30:06.0343 1376 symc810 - ok
16:30:06.0359 1376 symc8xx - ok
16:30:06.0359 1376 sym_hi - ok
16:30:06.0375 1376 sym_u3 - ok
16:30:06.0406 1376 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:30:06.0531 1376 sysaudio - ok
16:30:06.0562 1376 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:30:06.0687 1376 SysmonLog - ok
16:30:06.0703 1376 [ AF2A883CC63318A8BDA168BDD7AC80D9 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:30:06.0734 1376 TapiSrv - ok
16:30:06.0750 1376 [ 51E41F16ACD80B8B39C0AE703A213F09 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:30:06.0812 1376 Tcpip - ok
16:30:06.0843 1376 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:30:06.0968 1376 TDPIPE - ok
16:30:06.0984 1376 [ C0578456F29E5F26285F81B7B71FE57D ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:30:07.0015 1376 TDTCP - ok
16:30:07.0046 1376 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:30:07.0187 1376 TermDD - ok
16:30:07.0218 1376 [ 0E43A7CF302D85273FC86F5FCA9A1909 ] TermService C:\WINDOWS\System32\termsrv.dll
16:30:07.0250 1376 TermService - ok
16:30:07.0265 1376 [ 54A6BF743E0517528A5064CEAEB40EA7 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:30:07.0296 1376 Themes - ok
16:30:07.0328 1376 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:30:07.0390 1376 TlntSvr - ok
16:30:07.0406 1376 TosIde - ok
16:30:07.0421 1376 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:30:07.0546 1376 TrkWks - ok
16:30:07.0562 1376 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:30:07.0687 1376 Udfs - ok
16:30:07.0703 1376 ultra - ok
16:30:07.0750 1376 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:30:07.0890 1376 Update - ok
16:30:07.0921 1376 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
16:30:08.0000 1376 upnphost - ok
16:30:08.0015 1376 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
16:30:08.0156 1376 UPS - ok
16:30:08.0171 1376 [ C18D6C74953621346DF6B0A11F80C1CC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:30:08.0218 1376 usbccgp - ok
16:30:08.0234 1376 [ 52674B5DBEE499342A599C7771ABECAA ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:30:08.0265 1376 usbehci - ok
16:30:08.0296 1376 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:30:08.0437 1376 usbhub - ok
16:30:08.0453 1376 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:30:08.0578 1376 usbstor - ok
16:30:08.0593 1376 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:30:08.0718 1376 usbuhci - ok
16:30:08.0750 1376 [ 524D8D450622DB4A7875B111C299A76B ] utexnjq4 C:\WINDOWS\system32\Drivers\utexnjq4.sys
16:30:08.0750 1376 utexnjq4 ( UnsignedFile.Multi.Generic ) - warning
16:30:08.0750 1376 utexnjq4 - detected UnsignedFile.Multi.Generic (1)
16:30:08.0781 1376 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:30:08.0906 1376 VgaSave - ok
16:30:08.0921 1376 ViaIde - ok
16:30:08.0953 1376 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:30:09.0093 1376 VolSnap - ok
16:30:09.0125 1376 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
16:30:09.0218 1376 VSS - ok
16:30:09.0250 1376 [ DF2E8EA96391126977DA1B8AB6FC39FC ] W32Time C:\WINDOWS\system32\w32time.dll
16:30:09.0281 1376 W32Time - ok
16:30:09.0312 1376 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:30:09.0437 1376 Wanarp - ok
16:30:09.0484 1376 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
16:30:09.0515 1376 Wdf01000 - ok
16:30:09.0515 1376 WDICA - ok
16:30:09.0546 1376 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:30:09.0687 1376 wdmaud - ok
16:30:09.0718 1376 [ B6F28B94A7CAC612A93A840299BD860B ] WebClient C:\WINDOWS\System32\webclnt.dll
16:30:09.0750 1376 WebClient - ok
16:30:09.0828 1376 [ 4D34CEDD74BDBF2B6A935EAE3BF80543 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
16:30:09.0906 1376 WinRM - ok
16:30:09.0921 1376 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:30:09.0984 1376 WmdmPmSN - ok
16:30:10.0031 1376 [ 4E68A735673CE17152329428524BA1C3 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:30:10.0093 1376 Wmi - ok
16:30:10.0156 1376 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:30:10.0296 1376 WmiApSrv - ok
16:30:10.0359 1376 [ 0DCC3A79329F0FDE9B1B5283CACD3F50 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:30:10.0406 1376 WMPNetworkSvc - ok
16:30:10.0484 1376 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:30:10.0515 1376 WPFFontCache_v0400 - ok
16:30:10.0562 1376 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:30:10.0687 1376 WS2IFSL - ok
16:30:10.0734 1376 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:30:10.0890 1376 wscsvc - ok
16:30:10.0906 1376 WSearch - ok
16:30:10.0937 1376 [ FC1E3B06AE8D160B686C5D04B5E85371 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:30:10.0968 1376 wuauserv - ok
16:30:10.0984 1376 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:30:11.0031 1376 WudfPf - ok
16:30:11.0031 1376 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:30:11.0062 1376 WudfRd - ok
16:30:11.0093 1376 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:30:11.0109 1376 WudfSvc - ok
16:30:11.0156 1376 [ F345FF726D92D58ABE5B0AEE08D29DF1 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:30:11.0203 1376 WZCSVC - ok
16:30:11.0218 1376 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:30:11.0343 1376 xmlprov - ok
16:30:11.0359 1376 ================ Scan global ===============================
16:30:11.0406 1376 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
16:30:11.0421 1376 [ 4FC123A5B7D8F5A9511CFF7B98F9596B ] C:\WINDOWS\system32\winsrv.dll
16:30:11.0437 1376 [ 4FC123A5B7D8F5A9511CFF7B98F9596B ] C:\WINDOWS\system32\winsrv.dll
16:30:11.0468 1376 [ 4F40D16B2D5ED9E48A193CE468912FED ] C:\WINDOWS\system32\services.exe
16:30:11.0468 1376 [Global] - ok
16:30:11.0468 1376 ================ Scan MBR ==================================
16:30:11.0484 1376 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
16:30:11.0687 1376 \Device\Harddisk0\DR0 - ok
16:30:11.0750 1376 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk1\DR1
16:30:11.0812 1376 \Device\Harddisk1\DR1 - ok
16:30:11.0812 1376 ================ Scan VBR ==================================
16:30:11.0828 1376 [ FA6C49852FAB9717918DAAD357E8339F ] \Device\Harddisk0\DR0\Partition1
16:30:11.0828 1376 \Device\Harddisk0\DR0\Partition1 - ok
16:30:11.0828 1376 [ 719F08B4D8883457393753A76A957B94 ] \Device\Harddisk1\DR1\Partition1
16:30:11.0828 1376 \Device\Harddisk1\DR1\Partition1 - ok
16:30:11.0828 1376 ============================================================
16:30:11.0828 1376 Scan finished
16:30:11.0828 1376 ============================================================
16:30:11.0953 0148 Detected object count: 2
16:30:11.0953 0148 Actual detected object count: 2
16:30:59.0359 0148 SVKP ( UnsignedFile.Multi.Generic ) - skipped by user
16:30:59.0359 0148 SVKP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:30:59.0359 0148 utexnjq4 ( UnsignedFile.Multi.Generic ) - skipped by user
16:30:59.0359 0148 utexnjq4 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:31:49.0484 2648 Deinitialize success

Skaler.x. · #22 Příspěvek od **Skaler.x.** » 30 pro 2012 16:36

Mbr Scan

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 15 Model 4 Stepping 1, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/12/30 (ISO 8601) at 16:35:29
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST3160023AS (3.43)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR1 __SAMSUNG HD321KJ (CP100-13)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	149.1 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : E1183A9F545BB1ABEDB6E966F1D0131A
MBR_SHA1  : 0DF8ADC565BFE4F445CDA702F983772BC0359D8F

Device\Harddisk0\Partition1	149.0 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

Device\Harddisk1\DR1	298.1 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : CCD012FA343ACB199977181C72889EB5
MBR_SHA1  : A0C8F362F116BDE9F34366646E101F2AD791618D

Device\Harddisk1\Partition1	298.1 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\DOCUME~1\Jozifek\LOCALS~1\Temp\catchme.sys => Invisible on the disk
ADDRESS : 0xB83A8000
SIZE    : 32.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A 32 F2 49 15 00 00 80 01   .....,Dj2òI.....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 C1 4B A1 12 00 00   ...þ..?...ÁK¡...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    33c0            XOR AX, AX   
0x0002    8ed0            MOV SS, AX   
0x0004    bc 007c         MOV SP, 0x7c00   
0x0007    fb              STI   
0x0008    50              PUSH AX   
0x0009    07              POP ES   
0x000A    50              PUSH AX   
0x000B    1f              POP DS   
0x000C    fc              CLD   
0x000D    be 1b7c         MOV SI, 0x7c1b   
0x0010    bf 1b06         MOV DI, 0x61b   
0x0013    50              PUSH AX   
0x0014    57              PUSH DI   
0x0015    b9 e501         MOV CX, 0x1e5   
0x0018    f3 a4           REP MOVSB   
0x001A    cb              RETF   
0x001B    bd be07         MOV BP, 0x7be   
0x001E    b1 04           MOV CL, 0x4   
0x0020    386e 00         CMP [BP+0x0], CH   
0x0023    7c 09           JL 0x2e   
0x0025    75 13           JNZ 0x3a   
0x0027    83c5 10         ADD BP, 0x10   
0x002A    e2 f4           LOOP 0x20   
0x002C    cd 18           INT 0x18   
0x002E    8bf5            MOV SI, BP   
0x0030    83c6 10         ADD SI, 0x10   
0x0033    49              DEC CX   
0x0034    74 19           JZ 0x4f   
0x0036    382c            CMP [SI], CH   
0x0038    74 f6           JZ 0x30   
0x003A    a0 b507         MOV AL, [0x7b5]   
0x003D    b4 07           MOV AH, 0x7   
0x003F    8bf0            MOV SI, AX   
0x0041    ac              LODSB   
0x0042    3c 00           CMP AL, 0x0   
0x0044    74 fc           JZ 0x42   
0x0046    bb 0700         MOV BX, 0x7   
0x0049    b4 0e           MOV AH, 0xe   
0x004B    cd 10           INT 0x10   
0x004D    eb f2           JMP 0x41   
0x004F    884e 10         MOV [BP+0x10], CL   
0x0052    e8 4600         CALL 0x9b   
0x0055    73 2a           JAE 0x81   
0x0057    fe46 10         INC BYTE [BP+0x10]   
0x005A    807e 04 0b      CMP BYTE [BP+0x4], 0xb   
0x005E    74 0b           JZ 0x6b   
0x0060    807e 04 0c      CMP BYTE [BP+0x4], 0xc   
0x0064    74 05           JZ 0x6b   
0x0066    a0 b607         MOV AL, [0x7b6]   
0x0069    75 d2           JNZ 0x3d   
0x006B    8046 02 06      ADD BYTE [BP+0x2], 0x6   
0x006F    8346 08 06      ADD WORD [BP+0x8], 0x6   
0x0073    8356 0a 00      ADC WORD [BP+0xa], 0x0   
0x0077    e8 2100         CALL 0x9b   
0x007A    73 05           JAE 0x81   
0x007C    a0 b607         MOV AL, [0x7b6]   
0x007F    eb bc           JMP 0x3d   
0x0081    813e fe7d 55aa  CMP WORD [0x7dfe], 0xaa55   
0x0087    74 0b           JZ 0x94   
0x0089    807e 10 00      CMP BYTE [BP+0x10], 0x0   
0x008D    74 c8           JZ 0x57   
0x008F    a0 b707         MOV AL, [0x7b7]   
0x0092    eb a9           JMP 0x3d   
0x0094    8bfc            MOV DI, SP   
0x0096    1e              PUSH DS   
0x0097    57              PUSH DI   
0x0098    8bf5            MOV SI, BP   
0x009A    cb              RETF   
0x009B    bf 0500         MOV DI, 0x5   
0x009E    8a56 00         MOV DL, [BP+0x0]   
0x00A1    b4 08           MOV AH, 0x8   
0x00A3    cd 13           INT 0x13   
0x00A5    72 23           JB 0xca   
0x00A7    8ac1            MOV AL, CL   
0x00A9    24 3f           AND AL, 0x3f   
0x00AB    98              CBW   
0x00AC    8ade            MOV BL, DH   
0x00AE    8afc            MOV BH, AH   
0x00B0    43              INC BX   
0x00B1    f7e3            MUL BX   
0x00B3    8bd1            MOV DX, CX   
0x00B5    86d6            XCHG DH, DL   
0x00B7    b1 06           MOV CL, 0x6   
0x00B9    d2ee            SHR DH, CL   
0x00BB    42              INC DX   
0x00BC    f7e2            MUL DX   
0x00BE    3956 0a         CMP [BP+0xa], DX   
0x00C1    77 23           JA 0xe6   
0x00C3    72 05           JB 0xca   
0x00C5    3946 08         CMP [BP+0x8], AX   
0x00C8    73 1c           JAE 0xe6   
0x00CA    b8 0102         MOV AX, 0x201   
0x00CD    bb 007c         MOV BX, 0x7c00   
0x00D0    8b4e 02         MOV CX, [BP+0x2]   
0x00D3    8b56 00         MOV DX, [BP+0x0]   
0x00D6    cd 13           INT 0x13   
0x00D8    73 51           JAE 0x12b   
0x00DA    4f              DEC DI   
0x00DB    74 4e           JZ 0x12b   
0x00DD    32e4            XOR AH, AH   
0x00DF    8a56 00         MOV DL, [BP+0x0]   
0x00E2    cd 13           INT 0x13   
0x00E4    eb e4           JMP 0xca   
0x00E6    8a56 00         MOV DL, [BP+0x0]   
0x00E9    60              PUSHA   
0x00EA    bb aa55         MOV BX, 0x55aa   
0x00ED    b4 41           MOV AH, 0x41   
0x00EF    cd 13           INT 0x13   
0x00F1    72 36           JB 0x129   
0x00F3    81fb 55aa       CMP BX, 0xaa55   
0x00F7    75 30           JNZ 0x129   
0x00F9    f6c1 01         TEST CL, 0x1   
0x00FC    74 2b           JZ 0x129   
0x00FE    61              POPA   
0x00FF    60              PUSHA   
0x0100    6a 00           PUSH 0x0   
0x0102    6a 00           PUSH 0x0   
0x0104    ff76 0a         PUSH WORD [BP+0xa]   
0x0107    ff76 08         PUSH WORD [BP+0x8]   
0x010A    6a 00           PUSH 0x0   
0x010C    68 007c         PUSH 0x7c00   
0x010F    6a 01           PUSH 0x1   
0x0111    6a 10           PUSH 0x10   
0x0113    b4 42           MOV AH, 0x42   
0x0115    8bf4            MOV SI, SP   
0x0117    cd 13           INT 0x13   
0x0119    61              POPA   
0x011A    61              POPA   
0x011B    73 0e           JAE 0x12b   
0x011D    4f              DEC DI   
0x011E    74 0b           JZ 0x12b   
0x0120    32e4            XOR AH, AH   
0x0122    8a56 00         MOV DL, [BP+0x0]   
0x0125    cd 13           INT 0x13   
0x0127    eb d6           JMP 0xff   
0x0129    61              POPA   
0x012A    f9              STC   
0x012B    c3              RET   
0x012C    4e              DEC SI   
0x012D    65              DB 0x65   
0x012D    65 70 6c        JO 0x19c   
0x0130    61              POPA   
0x0131    74 6e           JZ 0x1a1   
0x0133    a0 2074         MOV AL, [0x7420]   
0x0136    61              POPA   
0x0137    6275 6c         BOUND SI, [DI+0x6c]   
0x013A    6b61 20 6f      IMUL SP, [BX+DI+0x20], 0x6f   
0x013E    64              DB 0x64   
0x013F    64 a1 6c85      MOV AX, FS:[0x856c]   
0x0143    0043 68         ADD [BP+DI+0x68], AL   
0x0146    79 62           JNS 0x1aa   
0x0148    61              POPA   
0x0149    2070 fd         AND [BX+SI-0x3], DH   
0x014C    6920 6e61       IMUL SP, [BX+SI], 0x616e   
0x0150    9f              LAHF   
0x0151    a1 74a0         MOV AX, [0xa074]   
0x0154    6e              OUTSB   
0x0155    a1 206f         MOV AX, [0x6f20]   
0x0158    70 65           JO 0x1bf   
0x015A    72 61           JB 0x1bd   
0x015C    9f              LAHF   
0x015D    6e              OUTSB   
0x015E    a1 686f         MOV AX, [0x6f68]   
0x0161    2073 79         AND [BP+DI+0x79], DH   
0x0164    73 74           JAE 0x1da   
0x0166    826d 75 00      SUB BYTE [DI+0x75], 0x0   
0x016A    4f              DEC DI   
0x016B    70 65           JO 0x1d2   
0x016D    72 61           JB 0x1d0   
0x016F    9f              LAHF   
0x0170    6e              OUTSB   
0x0171    a1 2073         MOV AX, [0x7320]   
0x0174    79 73           JNS 0x1e9   
0x0176    74 82           JZ 0xfa   
0x0178    6d              INSW   
0x0179    206e 65         AND [BP+0x65], CH   
0x017C    6e              OUTSB   
0x017D    61              POPA   
0x017E    6c              INSB   
0x017F    65              DB 0x65   
0x017F    65 7a 65        JP 0x1e7   
0x0182    6e              OUTSB   
0x0183    0000            ADD [BX+SI], AL   
0x0185    0000            ADD [BX+SI], AL   
0x0187    0000            ADD [BX+SI], AL   
0x0189    0000            ADD [BX+SI], AL   
0x018B    0000            ADD [BX+SI], AL   
0x018D    0000            ADD [BX+SI], AL   
0x018F    0000            ADD [BX+SI], AL   
0x0191    0000            ADD [BX+SI], AL   
0x0193    0000            ADD [BX+SI], AL   
0x0195    0000            ADD [BX+SI], AL   
0x0197    0000            ADD [BX+SI], AL   
0x0199    0000            ADD [BX+SI], AL   
0x019B    0000            ADD [BX+SI], AL   
0x019D    0000            ADD [BX+SI], AL   
0x019F    0000            ADD [BX+SI], AL   
0x01A1    0000            ADD [BX+SI], AL   
0x01A3    0000            ADD [BX+SI], AL   
0x01A5    0000            ADD [BX+SI], AL   
0x01A7    0000            ADD [BX+SI], AL   
0x01A9    0000            ADD [BX+SI], AL   
0x01AB    0000            ADD [BX+SI], AL   
0x01AD    0000            ADD [BX+SI], AL   
0x01AF    0000            ADD [BX+SI], AL   
0x01B1    0000            ADD [BX+SI], AL   
0x01B3    0000            ADD [BX+SI], AL   
0x01B5    2c 44           SUB AL, 0x44   
0x01B7    6a 32           PUSH 0x32   
0x01B9    f2              DB 0xf2   
0x01B9    f2 49           DEC CX   
0x01BB    15 0000         ADC AX, 0x0   
0x01BE    8001 01         ADD BYTE [BX+DI], 0x1   
0x01C1    0007            ADD [BX], AL   
0x01C3    fe              DB 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff              DB 0xff   
0x01C6    3f              AAS   
0x01C7    0000            ADD [BX+SI], AL   
0x01C9    00c1            ADD CL, AL   
0x01CB    4b              DEC BX   
0x01CC    a1 1200         MOV AX, [0x12]   
0x01CF    0000            ADD [BX+SI], AL   
0x01D1    0000            ADD [BX+SI], AL   
0x01D3    0000            ADD [BX+SI], AL   
0x01D5    0000            ADD [BX+SI], AL   
0x01D7    0000            ADD [BX+SI], AL   
0x01D9    0000            ADD [BX+SI], AL   
0x01DB    0000            ADD [BX+SI], AL   
0x01DD    0000            ADD [BX+SI], AL   
0x01DF    0000            ADD [BX+SI], AL   
0x01E1    0000            ADD [BX+SI], AL   
0x01E3    0000            ADD [BX+SI], AL   
0x01E5    0000            ADD [BX+SI], AL   
0x01E7    0000            ADD [BX+SI], AL   
0x01E9    0000            ADD [BX+SI], AL   
0x01EB    0000            ADD [BX+SI], AL   
0x01ED    0000            ADD [BX+SI], AL   
0x01EF    0000            ADD [BX+SI], AL   
0x01F1    0000            ADD [BX+SI], AL   
0x01F3    0000            ADD [BX+SI], AL   
0x01F5    0000            ADD [BX+SI], AL   
0x01F7    0000            ADD [BX+SI], AL   
0x01F9    0000            ADD [BX+SI], AL   
0x01FB    0000            ADD [BX+SI], AL   
0x01FD    0055 aa         ADD [DI-0x56], DL   


_______MBR   \Device\Harddisk1\DR1  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A 00 0B 58 A9 00 00 00 01   .....,Dj..X©....
0x000001C0   01 00 07 50 FE FF 3E 00 00 00 A4 C7 42 25 00 00   ...Pþ.>...¤ÇB%..
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    33c0            XOR AX, AX   
0x0002    8ed0            MOV SS, AX   
0x0004    bc 007c         MOV SP, 0x7c00   
0x0007    fb              STI   
0x0008    50              PUSH AX   
0x0009    07              POP ES   
0x000A    50              PUSH AX   
0x000B    1f              POP DS   
0x000C    fc              CLD   
0x000D    be 1b7c         MOV SI, 0x7c1b   
0x0010    bf 1b06         MOV DI, 0x61b   
0x0013    50              PUSH AX   
0x0014    57              PUSH DI   
0x0015    b9 e501         MOV CX, 0x1e5   
0x0018    f3 a4           REP MOVSB   
0x001A    cb              RETF   
0x001B    bd be07         MOV BP, 0x7be   
0x001E    b1 04           MOV CL, 0x4   
0x0020    386e 00         CMP [BP+0x0], CH   
0x0023    7c 09           JL 0x2e   
0x0025    75 13           JNZ 0x3a   
0x0027    83c5 10         ADD BP, 0x10   
0x002A    e2 f4           LOOP 0x20   
0x002C    cd 18           INT 0x18   
0x002E    8bf5            MOV SI, BP   
0x0030    83c6 10         ADD SI, 0x10   
0x0033    49              DEC CX   
0x0034    74 19           JZ 0x4f   
0x0036    382c            CMP [SI], CH   
0x0038    74 f6           JZ 0x30   
0x003A    a0 b507         MOV AL, [0x7b5]   
0x003D    b4 07           MOV AH, 0x7   
0x003F    8bf0            MOV SI, AX   
0x0041    ac              LODSB   
0x0042    3c 00           CMP AL, 0x0   
0x0044    74 fc           JZ 0x42   
0x0046    bb 0700         MOV BX, 0x7   
0x0049    b4 0e           MOV AH, 0xe   
0x004B    cd 10           INT 0x10   
0x004D    eb f2           JMP 0x41   
0x004F    884e 10         MOV [BP+0x10], CL   
0x0052    e8 4600         CALL 0x9b   
0x0055    73 2a           JAE 0x81   
0x0057    fe46 10         INC BYTE [BP+0x10]   
0x005A    807e 04 0b      CMP BYTE [BP+0x4], 0xb   
0x005E    74 0b           JZ 0x6b   
0x0060    807e 04 0c      CMP BYTE [BP+0x4], 0xc   
0x0064    74 05           JZ 0x6b   
0x0066    a0 b607         MOV AL, [0x7b6]   
0x0069    75 d2           JNZ 0x3d   
0x006B    8046 02 06      ADD BYTE [BP+0x2], 0x6   
0x006F    8346 08 06      ADD WORD [BP+0x8], 0x6   
0x0073    8356 0a 00      ADC WORD [BP+0xa], 0x0   
0x0077    e8 2100         CALL 0x9b   
0x007A    73 05           JAE 0x81   
0x007C    a0 b607         MOV AL, [0x7b6]   
0x007F    eb bc           JMP 0x3d   
0x0081    813e fe7d 55aa  CMP WORD [0x7dfe], 0xaa55   
0x0087    74 0b           JZ 0x94   
0x0089    807e 10 00      CMP BYTE [BP+0x10], 0x0   
0x008D    74 c8           JZ 0x57   
0x008F    a0 b707         MOV AL, [0x7b7]   
0x0092    eb a9           JMP 0x3d   
0x0094    8bfc            MOV DI, SP   
0x0096    1e              PUSH DS   
0x0097    57              PUSH DI   
0x0098    8bf5            MOV SI, BP   
0x009A    cb              RETF   
0x009B    bf 0500         MOV DI, 0x5   
0x009E    8a56 00         MOV DL, [BP+0x0]   
0x00A1    b4 08           MOV AH, 0x8   
0x00A3    cd 13           INT 0x13   
0x00A5    72 23           JB 0xca   
0x00A7    8ac1            MOV AL, CL   
0x00A9    24 3f           AND AL, 0x3f   
0x00AB    98              CBW   
0x00AC    8ade            MOV BL, DH   
0x00AE    8afc            MOV BH, AH   
0x00B0    43              INC BX   
0x00B1    f7e3            MUL BX   
0x00B3    8bd1            MOV DX, CX   
0x00B5    86d6            XCHG DH, DL   
0x00B7    b1 06           MOV CL, 0x6   
0x00B9    d2ee            SHR DH, CL   
0x00BB    42              INC DX   
0x00BC    f7e2            MUL DX   
0x00BE    3956 0a         CMP [BP+0xa], DX   
0x00C1    77 23           JA 0xe6   
0x00C3    72 05           JB 0xca   
0x00C5    3946 08         CMP [BP+0x8], AX   
0x00C8    73 1c           JAE 0xe6   
0x00CA    b8 0102         MOV AX, 0x201   
0x00CD    bb 007c         MOV BX, 0x7c00   
0x00D0    8b4e 02         MOV CX, [BP+0x2]   
0x00D3    8b56 00         MOV DX, [BP+0x0]   
0x00D6    cd 13           INT 0x13   
0x00D8    73 51           JAE 0x12b   
0x00DA    4f              DEC DI   
0x00DB    74 4e           JZ 0x12b   
0x00DD    32e4            XOR AH, AH   
0x00DF    8a56 00         MOV DL, [BP+0x0]   
0x00E2    cd 13           INT 0x13   
0x00E4    eb e4           JMP 0xca   
0x00E6    8a56 00         MOV DL, [BP+0x0]   
0x00E9    60              PUSHA   
0x00EA    bb aa55         MOV BX, 0x55aa   
0x00ED    b4 41           MOV AH, 0x41   
0x00EF    cd 13           INT 0x13   
0x00F1    72 36           JB 0x129   
0x00F3    81fb 55aa       CMP BX, 0xaa55   
0x00F7    75 30           JNZ 0x129   
0x00F9    f6c1 01         TEST CL, 0x1   
0x00FC    74 2b           JZ 0x129   
0x00FE    61              POPA   
0x00FF    60              PUSHA   
0x0100    6a 00           PUSH 0x0   
0x0102    6a 00           PUSH 0x0   
0x0104    ff76 0a         PUSH WORD [BP+0xa]   
0x0107    ff76 08         PUSH WORD [BP+0x8]   
0x010A    6a 00           PUSH 0x0   
0x010C    68 007c         PUSH 0x7c00   
0x010F    6a 01           PUSH 0x1   
0x0111    6a 10           PUSH 0x10   
0x0113    b4 42           MOV AH, 0x42   
0x0115    8bf4            MOV SI, SP   
0x0117    cd 13           INT 0x13   
0x0119    61              POPA   
0x011A    61              POPA   
0x011B    73 0e           JAE 0x12b   
0x011D    4f              DEC DI   
0x011E    74 0b           JZ 0x12b   
0x0120    32e4            XOR AH, AH   
0x0122    8a56 00         MOV DL, [BP+0x0]   
0x0125    cd 13           INT 0x13   
0x0127    eb d6           JMP 0xff   
0x0129    61              POPA   
0x012A    f9              STC   
0x012B    c3              RET   
0x012C    4e              DEC SI   
0x012D    65              DB 0x65   
0x012D    65 70 6c        JO 0x19c   
0x0130    61              POPA   
0x0131    74 6e           JZ 0x1a1   
0x0133    a0 2074         MOV AL, [0x7420]   
0x0136    61              POPA   
0x0137    6275 6c         BOUND SI, [DI+0x6c]   
0x013A    6b61 20 6f      IMUL SP, [BX+DI+0x20], 0x6f   
0x013E    64              DB 0x64   
0x013F    64 a1 6c85      MOV AX, FS:[0x856c]   
0x0143    0043 68         ADD [BP+DI+0x68], AL   
0x0146    79 62           JNS 0x1aa   
0x0148    61              POPA   
0x0149    2070 fd         AND [BX+SI-0x3], DH   
0x014C    6920 6e61       IMUL SP, [BX+SI], 0x616e   
0x0150    9f              LAHF   
0x0151    a1 74a0         MOV AX, [0xa074]   
0x0154    6e              OUTSB   
0x0155    a1 206f         MOV AX, [0x6f20]   
0x0158    70 65           JO 0x1bf   
0x015A    72 61           JB 0x1bd   
0x015C    9f              LAHF   
0x015D    6e              OUTSB   
0x015E    a1 686f         MOV AX, [0x6f68]   
0x0161    2073 79         AND [BP+DI+0x79], DH   
0x0164    73 74           JAE 0x1da   
0x0166    826d 75 00      SUB BYTE [DI+0x75], 0x0   
0x016A    4f              DEC DI   
0x016B    70 65           JO 0x1d2   
0x016D    72 61           JB 0x1d0   
0x016F    9f              LAHF   
0x0170    6e              OUTSB   
0x0171    a1 2073         MOV AX, [0x7320]   
0x0174    79 73           JNS 0x1e9   
0x0176    74 82           JZ 0xfa   
0x0178    6d              INSW   
0x0179    206e 65         AND [BP+0x65], CH   
0x017C    6e              OUTSB   
0x017D    61              POPA   
0x017E    6c              INSB   
0x017F    65              DB 0x65   
0x017F    65 7a 65        JP 0x1e7   
0x0182    6e              OUTSB   
0x0183    0000            ADD [BX+SI], AL   
0x0185    0000            ADD [BX+SI], AL   
0x0187    0000            ADD [BX+SI], AL   
0x0189    0000            ADD [BX+SI], AL   
0x018B    0000            ADD [BX+SI], AL   
0x018D    0000            ADD [BX+SI], AL   
0x018F    0000            ADD [BX+SI], AL   
0x0191    0000            ADD [BX+SI], AL   
0x0193    0000            ADD [BX+SI], AL   
0x0195    0000            ADD [BX+SI], AL   
0x0197    0000            ADD [BX+SI], AL   
0x0199    0000            ADD [BX+SI], AL   
0x019B    0000            ADD [BX+SI], AL   
0x019D    0000            ADD [BX+SI], AL   
0x019F    0000            ADD [BX+SI], AL   
0x01A1    0000            ADD [BX+SI], AL   
0x01A3    0000            ADD [BX+SI], AL   
0x01A5    0000            ADD [BX+SI], AL   
0x01A7    0000            ADD [BX+SI], AL   
0x01A9    0000            ADD [BX+SI], AL   
0x01AB    0000            ADD [BX+SI], AL   
0x01AD    0000            ADD [BX+SI], AL   
0x01AF    0000            ADD [BX+SI], AL   
0x01B1    0000            ADD [BX+SI], AL   
0x01B3    0000            ADD [BX+SI], AL   
0x01B5    2c 44           SUB AL, 0x44   
0x01B7    6a 00           PUSH 0x0   
0x01B9    0b58 a9         OR BX, [BX+SI-0x57]   
0x01BC    0000            ADD [BX+SI], AL   
0x01BE    0001            ADD [BX+DI], AL   
0x01C0    0100            ADD [BX+SI], AX   
0x01C2    07              POP ES   
0x01C3    50              PUSH AX   
0x01C4    fe              DB 0xfe   
0x01C5    ff              DB 0xff   
0x01C6    3e 0000         ADD DS:[BX+SI], AL   
0x01C9    00a4 c742       ADD [SI+0x42c7], AH   
0x01CD    25 0000         AND AX, 0x0   
0x01D0    0000            ADD [BX+SI], AL   
0x01D2    0000            ADD [BX+SI], AL   
0x01D4    0000            ADD [BX+SI], AL   
0x01D6    0000            ADD [BX+SI], AL   
0x01D8    0000            ADD [BX+SI], AL   
0x01DA    0000            ADD [BX+SI], AL   
0x01DC    0000            ADD [BX+SI], AL   
0x01DE    0000            ADD [BX+SI], AL   
0x01E0    0000            ADD [BX+SI], AL   
0x01E2    0000            ADD [BX+SI], AL   
0x01E4    0000            ADD [BX+SI], AL   
0x01E6    0000            ADD [BX+SI], AL   
0x01E8    0000            ADD [BX+SI], AL   
0x01EA    0000            ADD [BX+SI], AL   
0x01EC    0000            ADD [BX+SI], AL   
0x01EE    0000            ADD [BX+SI], AL   
0x01F0    0000            ADD [BX+SI], AL   
0x01F2    0000            ADD [BX+SI], AL   
0x01F4    0000            ADD [BX+SI], AL   
0x01F6    0000            ADD [BX+SI], AL   
0x01F8    0000            ADD [BX+SI], AL   
0x01FA    0000            ADD [BX+SI], AL   
0x01FC    0000            ADD [BX+SI], AL   
0x01FE    55              PUSH BP   
0x01FF    aa              STOSB

Skaler.x. · #23 Příspěvek od **Skaler.x.** » 30 pro 2012 16:52

Dump 0,1 bez nalezu, subory taktiez.

SHA256: f2b920be8a3939ec04ba3674c7dcc830113ace2cde3e6542ecc96f6d661f235f
SHA1: 4d62674d4d154129d7e43a9f6280b5bb0deb2552
MD5: 8f41fd1cc693054347c6fb7b0e618b07
File size: 1.5 MB ( 1571840 bytes )
File name: sfcfiles.dll
File type: Win32 DLL
Detection ratio: 0 / 46
Analysis date: 2012-12-30 15:47:00 UTC ( 0 minút ago )

SHA256: 50992333a9d31cf69c13573c24455422791199bd7c63c3fc7c3f0e4cc1bc6fa4
SHA1: ed3a478772bddf65d413479f61812d981fefb655
MD5: 7778bdfa3f6f6fba0e75b9594098f737
File size: 429.5 KB ( 439808 bytes )
File name: SearchIndexer.exe
File type: Win32 EXE
Detection ratio: 0 / 46
Analysis date: 2012-12-30 15:49:31 UTC ( 0 minút ago )

Skaler.x. · #24 Příspěvek od **Skaler.x.** » 30 pro 2012 17:39

mediarcpt.dll je cisty.
S tym searchom som to spravil a subor ostal nezmeneny aj po restarte a znova sa nevytvoril.Taktiez ho nevidno v procesoch.

Skaler.x. · #25 Příspěvek od **Skaler.x.** » 30 pro 2012 18:49

Po dial fixe ziadna zmena aj ked par krat vyhodilo error pri ponuke ie/oe/shell...

Obrázek

Skaler.x. · #26 Příspěvek od **Skaler.x.** » 30 pro 2012 19:01

Bral som to ako poslednu moznost, ale ako vidim nastala.Kazdopadne velke diky za snahu a cas to sa dnes len tak nevidi.Ste tu fakt machri.

VIRY.CZ

Vas pocitac bol zablokovany, policia SR

Re: Vas pocitac bol zablokovany, policia SR

Re: Vas pocitac bol zablokovany, policia SR

Re: Vas pocitac bol zablokovany, policia SR

Re: Vas pocitac bol zablokovany, policia SR

Re: Vas pocitac bol zablokovany, policia SR

Re: Vas pocitac bol zablokovany, policia SR

Re: Vas pocitac bol zablokovany, policia SR

Re: Vas pocitac bol zablokovany, policia SR

Re: Vas pocitac bol zablokovany, policia SR

Re: Vas pocitac bol zablokovany, policia SR

Re: Vas pocitac bol zablokovany, policia SR