abnow.com - problém s internetem

Zpráva

koubelka · #1 Příspěvek od **koubelka** » 14 kvě 2012 23:55

ahoj

mám nepříjemný problém a chtěl bych poprosit o pomoc, neboť já sám si už nevím rady.

Projistotu jsem vytvořil rovnou tři logy ze tří programů - v prvním postu (v tomto postu) je log z programu TDSSKiller, v druhém postu je log z programu RSITx64.exe a ve třetím postu je log z programu MbrScan.

Vir se proje tak že mi na počítači stále objevuje stránka abnow.com - náhodně při serfofání a občas se pomalu nemohu dostat na žádnou jinou stránku než právě na tuhle... Byť mám na počítači nainstalovaný Eset Smart Security 5.0.95.0 s poslední možnou databázi na viry, nicméně i přes to, tak bohužel žádné viry které by s tímhle měli něco společného nenašel a přiznám se že si nevím z tímto už rady... (Zajímavé pro mě je i to že co chvíli mi Eset hlásí že jeho rezidentní ochrana objevila vir Win64/Sirefef.W který okamžitě smazal, ale po samotném zdroji onoho viru, není v počítači tak říkají ani vidu ani slechu...
po krátkém nahlédnutí do vláken lidí kteří měli podobný problém sem přikládám log z programu

TDSSKiller (jako ho ovládat a nastavit jsem si přečetl zde) a zde je samotný log z něj:

TDSSKiller.2.7.34.0_14.05.2012_00.42.42_log.txt

00:42:42.0062 3124 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
00:42:42.0280 3124 ============================================================
00:42:42.0280 3124 Current date / time: 2012/05/14 00:42:42.0280
00:42:42.0280 3124 SystemInfo:
00:42:42.0280 3124
00:42:42.0280 3124 OS Version: 6.1.7601 ServicePack: 1.0
00:42:42.0280 3124 Product type: Workstation
00:42:42.0280 3124 ComputerName: USER-PC
00:42:42.0280 3124 UserName: user
00:42:42.0280 3124 Windows directory: C:\Windows
00:42:42.0280 3124 System windows directory: C:\Windows
00:42:42.0280 3124 Running under WOW64
00:42:42.0280 3124 Processor architecture: Intel x64
00:42:42.0280 3124 Number of processors: 4
00:42:42.0280 3124 Page size: 0x1000
00:42:42.0280 3124 Boot type: Normal boot
00:42:42.0280 3124 ============================================================
00:42:43.0481 3124 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:42:43.0512 3124 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:42:43.0512 3124 Drive \Device\Harddisk2\DR2 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:42:43.0528 3124 ============================================================
00:42:43.0528 3124 \Device\Harddisk0\DR0:
00:42:43.0528 3124 MBR partitions:
00:42:43.0528 3124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:42:43.0528 3124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
00:42:43.0528 3124 \Device\Harddisk1\DR1:
00:42:43.0528 3124 MBR partitions:
00:42:43.0528 3124 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
00:42:43.0528 3124 \Device\Harddisk2\DR2:
00:42:43.0528 3124 GPT partitions:
00:42:43.0528 3124 Can't read gpt partition array
00:42:43.0528 3124 MBR partitions:
00:42:43.0528 3124 ============================================================
00:42:43.0544 3124 C: <-> \Device\Harddisk0\DR0\Partition1
00:42:43.0575 3124 D: <-> \Device\Harddisk1\DR1\Partition0
00:42:43.0575 3124 ============================================================
00:42:43.0575 3124 Initialize success
00:42:43.0575 3124 ============================================================
00:43:09.0783 4220 ============================================================
00:43:09.0783 4220 Scan started
00:43:09.0783 4220 Mode: Manual; SigCheck; TDLFS;
00:43:09.0783 4220 ============================================================
00:43:10.0251 4220 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
00:43:10.0313 4220 1394ohci - ok
00:43:10.0344 4220 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:43:10.0360 4220 ACPI - ok
00:43:10.0376 4220 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:43:10.0454 4220 AcpiPmi - ok
00:43:10.0500 4220 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:43:10.0563 4220 adp94xx - ok
00:43:10.0578 4220 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:43:10.0641 4220 adpahci - ok
00:43:10.0656 4220 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:43:10.0688 4220 adpu320 - ok
00:43:10.0703 4220 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:43:10.0812 4220 AeLookupSvc - ok
00:43:10.0875 4220 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:43:10.0937 4220 AFD - ok
00:43:10.0953 4220 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:43:10.0984 4220 agp440 - ok
00:43:11.0031 4220 aksdf (94c0972b06c75456ed574dd46417b1d8) C:\Windows\system32\drivers\aksdf.sys
00:43:11.0062 4220 aksdf - ok
00:43:11.0109 4220 aksfridge (7b0bc062ca6abab23f88ea483b5a538e) C:\Windows\system32\drivers\aksfridge.sys
00:43:11.0156 4220 aksfridge - ok
00:43:11.0187 4220 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:43:11.0234 4220 ALG - ok
00:43:11.0265 4220 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:43:11.0280 4220 aliide - ok
00:43:11.0296 4220 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:43:11.0312 4220 amdide - ok
00:43:11.0343 4220 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:43:11.0390 4220 AmdK8 - ok
00:43:11.0405 4220 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:43:11.0436 4220 AmdPPM - ok
00:43:11.0468 4220 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:43:11.0499 4220 amdsata - ok
00:43:11.0530 4220 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:43:11.0561 4220 amdsbs - ok
00:43:11.0577 4220 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:43:11.0592 4220 amdxata - ok
00:43:11.0624 4220 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:43:11.0764 4220 AppID - ok
00:43:11.0780 4220 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:43:11.0811 4220 AppIDSvc - ok
00:43:11.0858 4220 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:43:11.0904 4220 Appinfo - ok
00:43:11.0951 4220 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
00:43:12.0014 4220 AppMgmt - ok
00:43:12.0029 4220 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:43:12.0076 4220 arc - ok
00:43:12.0092 4220 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:43:12.0107 4220 arcsas - ok
00:43:12.0123 4220 Aspi32 - ok
00:43:12.0170 4220 aspnet_state - ok
00:43:12.0201 4220 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:43:12.0248 4220 AsyncMac - ok
00:43:12.0279 4220 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:43:12.0310 4220 atapi - ok
00:43:12.0357 4220 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:43:12.0435 4220 AudioEndpointBuilder - ok
00:43:12.0435 4220 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:43:12.0482 4220 AudioSrv - ok
00:43:12.0513 4220 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:43:12.0606 4220 AxInstSV - ok
00:43:12.0653 4220 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:43:12.0700 4220 b06bdrv - ok
00:43:12.0716 4220 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:43:12.0747 4220 b57nd60a - ok
00:43:12.0934 4220 BCM43XX (14b3d44414a353e85664be7c4db9747d) C:\Windows\system32\DRIVERS\bcmwl664.sys
00:43:13.0028 4220 BCM43XX - ok
00:43:13.0106 4220 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:43:13.0152 4220 BDESVC - ok
00:43:13.0199 4220 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:43:13.0262 4220 Beep - ok
00:43:13.0324 4220 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:43:13.0386 4220 BITS - ok
00:43:13.0418 4220 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:43:13.0464 4220 blbdrive - ok
00:43:13.0527 4220 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
00:43:13.0558 4220 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
00:43:13.0558 4220 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
00:43:13.0589 4220 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:43:13.0652 4220 bowser - ok
00:43:13.0683 4220 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:43:13.0698 4220 BrFiltLo - ok
00:43:13.0730 4220 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:43:13.0745 4220 BrFiltUp - ok
00:43:13.0776 4220 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:43:13.0808 4220 BridgeMP - ok
00:43:13.0839 4220 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:43:13.0901 4220 Browser - ok
00:43:13.0932 4220 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:43:14.0026 4220 Brserid - ok
00:43:14.0026 4220 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:43:14.0073 4220 BrSerWdm - ok
00:43:14.0088 4220 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:43:14.0135 4220 BrUsbMdm - ok
00:43:14.0151 4220 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:43:14.0166 4220 BrUsbSer - ok
00:43:14.0182 4220 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:43:14.0229 4220 BTHMODEM - ok
00:43:14.0260 4220 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:43:14.0307 4220 bthserv - ok
00:43:14.0338 4220 CBDisk (b99d91e4cd9017f213645aa2e80eb425) C:\Windows\system32\drivers\CBDisk.sys
00:43:14.0354 4220 CBDisk - ok
00:43:14.0369 4220 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:43:14.0416 4220 cdfs - ok
00:43:14.0478 4220 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:43:14.0525 4220 cdrom - ok
00:43:14.0556 4220 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:43:14.0619 4220 CertPropSvc - ok
00:43:14.0634 4220 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:43:14.0666 4220 circlass - ok
00:43:14.0697 4220 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:43:14.0712 4220 CLFS - ok
00:43:14.0775 4220 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:43:14.0790 4220 clr_optimization_v2.0.50727_32 - ok
00:43:14.0837 4220 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:43:14.0853 4220 clr_optimization_v2.0.50727_64 - ok
00:43:14.0900 4220 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:43:14.0915 4220 clr_optimization_v4.0.30319_32 - ok
00:43:14.0946 4220 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:43:14.0962 4220 clr_optimization_v4.0.30319_64 - ok
00:43:14.0993 4220 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:43:15.0024 4220 CmBatt - ok
00:43:15.0056 4220 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:43:15.0087 4220 cmdide - ok
00:43:15.0118 4220 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:43:15.0165 4220 CNG - ok
00:43:15.0180 4220 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:43:15.0212 4220 Compbatt - ok
00:43:15.0243 4220 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:43:15.0274 4220 CompositeBus - ok
00:43:15.0290 4220 COMSysApp - ok
00:43:15.0305 4220 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:43:15.0305 4220 crcdisk - ok
00:43:15.0368 4220 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
00:43:15.0399 4220 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
00:43:15.0399 4220 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
00:43:15.0430 4220 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:43:15.0492 4220 CryptSvc - ok
00:43:15.0539 4220 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:43:15.0586 4220 CSC - ok
00:43:15.0648 4220 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
00:43:15.0695 4220 CscService - ok
00:43:15.0726 4220 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS
00:43:15.0726 4220 CT20XUT - ok
00:43:15.0742 4220 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS
00:43:15.0758 4220 CT20XUT.SYS - ok
00:43:15.0804 4220 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys
00:43:15.0836 4220 ctac32k - ok
00:43:15.0898 4220 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys
00:43:15.0976 4220 ctaud2k - ok
00:43:16.0038 4220 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
00:43:16.0070 4220 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
00:43:16.0070 4220 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
00:43:16.0163 4220 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS
00:43:16.0210 4220 CTEXFIFX - ok
00:43:16.0350 4220 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS
00:43:16.0382 4220 CTEXFIFX.SYS - ok
00:43:16.0428 4220 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS
00:43:16.0444 4220 CTHWIUT - ok
00:43:16.0444 4220 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS
00:43:16.0444 4220 CTHWIUT.SYS - ok
00:43:16.0475 4220 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys
00:43:16.0491 4220 ctprxy2k - ok
00:43:16.0522 4220 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys
00:43:16.0553 4220 ctsfm2k - ok
00:43:16.0600 4220 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:43:16.0662 4220 DcomLaunch - ok
00:43:16.0709 4220 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:43:16.0772 4220 defragsvc - ok
00:43:16.0803 4220 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:43:16.0834 4220 DfsC - ok
00:43:16.0881 4220 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:43:16.0943 4220 Dhcp - ok
00:43:16.0990 4220 DigiRefresh - ok
00:43:17.0021 4220 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:43:17.0052 4220 discache - ok
00:43:17.0099 4220 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:43:17.0115 4220 Disk - ok
00:43:17.0162 4220 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:43:17.0208 4220 Dnscache - ok
00:43:17.0240 4220 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:43:17.0302 4220 dot3svc - ok
00:43:17.0333 4220 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:43:17.0380 4220 DPS - ok
00:43:17.0411 4220 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:43:17.0458 4220 drmkaud - ok
00:43:17.0520 4220 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:43:17.0552 4220 DXGKrnl - ok
00:43:17.0598 4220 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
00:43:17.0614 4220 eamonm - ok
00:43:17.0645 4220 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:43:17.0708 4220 EapHost - ok
00:43:17.0895 4220 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:43:18.0020 4220 ebdrv - ok
00:43:18.0113 4220 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:43:18.0160 4220 EFS - ok
00:43:18.0222 4220 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
00:43:18.0254 4220 ehdrv - ok
00:43:18.0347 4220 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:43:18.0394 4220 ehRecvr - ok
00:43:18.0410 4220 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:43:18.0441 4220 ehSched - ok
00:43:18.0675 4220 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
00:43:18.0690 4220 ekrn - ok
00:43:18.0815 4220 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:43:18.0862 4220 elxstor - ok
00:43:18.0893 4220 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys
00:43:18.0924 4220 emupia - ok
00:43:18.0971 4220 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys
00:43:18.0987 4220 epfw - ok
00:43:19.0018 4220 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys
00:43:19.0049 4220 EpfwLWF - ok
00:43:19.0096 4220 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys
00:43:19.0127 4220 epfwwfp - ok
00:43:19.0143 4220 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:43:19.0174 4220 ErrDev - ok
00:43:19.0221 4220 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:43:19.0283 4220 EventSystem - ok
00:43:19.0299 4220 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:43:19.0361 4220 exfat - ok
00:43:19.0377 4220 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:43:19.0424 4220 fastfat - ok
00:43:19.0486 4220 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:43:19.0533 4220 Fax - ok
00:43:19.0548 4220 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:43:19.0595 4220 fdc - ok
00:43:19.0611 4220 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:43:19.0658 4220 fdPHost - ok
00:43:19.0658 4220 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:43:19.0704 4220 FDResPub - ok
00:43:19.0720 4220 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:43:19.0736 4220 FileInfo - ok
00:43:19.0751 4220 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:43:19.0798 4220 Filetrace - ok
00:43:19.0876 4220 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:43:19.0907 4220 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
00:43:19.0907 4220 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
00:43:19.0907 4220 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:43:19.0923 4220 flpydisk - ok
00:43:19.0954 4220 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:43:19.0985 4220 FltMgr - ok
00:43:20.0063 4220 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:43:20.0157 4220 FontCache - ok
00:43:20.0204 4220 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:43:20.0219 4220 FontCache3.0.0.0 - ok
00:43:20.0250 4220 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:43:20.0250 4220 FsDepends - ok
00:43:20.0282 4220 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:43:20.0297 4220 Fs_Rec - ok
00:43:20.0328 4220 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:43:20.0344 4220 fvevol - ok
00:43:20.0375 4220 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:43:20.0422 4220 gagp30kx - ok
00:43:20.0484 4220 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:43:20.0547 4220 gpsvc - ok
00:43:20.0687 4220 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys
00:43:20.0734 4220 ha20x22k - ok
00:43:21.0124 4220 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys
00:43:21.0186 4220 ha20x2k - ok
00:43:21.0280 4220 hardlock (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\hardlock.sys
00:43:21.0358 4220 hardlock - ok
00:43:21.0358 4220 hasplms - ok
00:43:21.0389 4220 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:43:21.0420 4220 hcw85cir - ok
00:43:21.0483 4220 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:43:21.0530 4220 HdAudAddService - ok
00:43:21.0561 4220 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:43:21.0608 4220 HDAudBus - ok
00:43:21.0608 4220 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:43:21.0654 4220 HidBatt - ok
00:43:21.0670 4220 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:43:21.0717 4220 HidBth - ok
00:43:21.0717 4220 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:43:21.0779 4220 HidIr - ok
00:43:21.0795 4220 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:43:21.0842 4220 hidserv - ok
00:43:21.0873 4220 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:43:21.0904 4220 HidUsb - ok
00:43:21.0920 4220 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:43:21.0982 4220 hkmsvc - ok
00:43:22.0013 4220 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:43:22.0060 4220 HomeGroupListener - ok
00:43:22.0091 4220 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:43:22.0122 4220 HomeGroupProvider - ok
00:43:22.0216 4220 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:43:24.0618 4220 hpqcxs08 - ok
00:43:24.0634 4220 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:43:24.0650 4220 hpqddsvc - ok
00:43:24.0696 4220 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:43:24.0712 4220 HpSAMD - ok
00:43:24.0790 4220 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
00:43:24.0821 4220 HPSLPSVC - ok
00:43:24.0884 4220 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:43:24.0946 4220 HTTP - ok
00:43:24.0962 4220 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:43:24.0977 4220 hwpolicy - ok
00:43:25.0008 4220 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:43:25.0024 4220 i8042prt - ok
00:43:25.0071 4220 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:43:25.0086 4220 iaStorV - ok
00:43:25.0196 4220 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:43:25.0211 4220 idsvc - ok
00:43:25.0242 4220 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:43:25.0258 4220 iirsp - ok
00:43:25.0320 4220 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:43:25.0383 4220 IKEEXT - ok
00:43:25.0492 4220 IntcAzAudAddService (3e1a5370d0c630a9309d6fa38d53b1b8) C:\Windows\system32\drivers\RTKVHD64.sys
00:43:25.0554 4220 IntcAzAudAddService - ok
00:43:25.0554 4220 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:43:25.0570 4220 intelide - ok
00:43:25.0601 4220 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:43:25.0617 4220 intelppm - ok
00:43:25.0648 4220 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:43:25.0695 4220 IPBusEnum - ok
00:43:25.0726 4220 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:43:25.0773 4220 IpFilterDriver - ok
00:43:25.0820 4220 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:43:25.0882 4220 iphlpsvc - ok
00:43:25.0913 4220 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:43:25.0929 4220 IPMIDRV - ok
00:43:25.0960 4220 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:43:26.0007 4220 IPNAT - ok
00:43:26.0054 4220 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:43:26.0085 4220 IRENUM - ok
00:43:26.0116 4220 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:43:26.0132 4220 isapnp - ok
00:43:26.0178 4220 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:43:26.0225 4220 iScsiPrt - ok
00:43:26.0241 4220 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:43:26.0256 4220 kbdclass - ok
00:43:26.0272 4220 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:43:26.0303 4220 kbdhid - ok
00:43:26.0334 4220 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:43:26.0350 4220 KeyIso - ok
00:43:26.0366 4220 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:43:26.0381 4220 KSecDD - ok
00:43:26.0397 4220 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:43:26.0412 4220 KSecPkg - ok
00:43:26.0428 4220 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:43:26.0475 4220 ksthunk - ok
00:43:26.0506 4220 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:43:26.0568 4220 KtmRm - ok
00:43:26.0600 4220 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
00:43:26.0662 4220 LanmanServer - ok
00:43:26.0693 4220 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:43:26.0740 4220 LanmanWorkstation - ok
00:43:26.0771 4220 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:43:26.0802 4220 lltdio - ok
00:43:26.0834 4220 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:43:26.0912 4220 lltdsvc - ok
00:43:26.0912 4220 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:43:26.0958 4220 lmhosts - ok
00:43:26.0974 4220 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:43:27.0021 4220 LSI_FC - ok
00:43:27.0036 4220 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:43:27.0068 4220 LSI_SAS - ok
00:43:27.0083 4220 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:43:27.0114 4220 LSI_SAS2 - ok
00:43:27.0130 4220 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:43:27.0161 4220 LSI_SCSI - ok
00:43:27.0177 4220 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:43:27.0239 4220 luafv - ok
00:43:27.0302 4220 M4LIC (543080d7653128b1fa7cd8f7db22badb) C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
00:43:27.0317 4220 M4LIC ( UnsignedFile.Multi.Generic ) - warning
00:43:27.0317 4220 M4LIC - detected UnsignedFile.Multi.Generic (1)
00:43:27.0380 4220 MacDrive8Service (82162d1310f648a297ba565f6186501f) C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
00:43:27.0411 4220 MacDrive8Service ( UnsignedFile.Multi.Generic ) - warning
00:43:27.0411 4220 MacDrive8Service - detected UnsignedFile.Multi.Generic (1)
00:43:27.0426 4220 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:43:27.0458 4220 Mcx2Svc - ok
00:43:27.0489 4220 MDFSYSNT (72040607e6e4115c154d730219bafab3) C:\Windows\system32\drivers\MDFSYSNT.sys
00:43:27.0520 4220 MDFSYSNT - ok
00:43:27.0551 4220 MDPMGRNT (f2ef49c3e47bd3fb6ee71371e7eee0af) C:\Windows\system32\DRIVERS\MDPMGRNT.SYS
00:43:27.0567 4220 MDPMGRNT - ok
00:43:27.0582 4220 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:43:27.0614 4220 megasas - ok
00:43:27.0645 4220 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:43:27.0676 4220 MegaSR - ok
00:43:27.0707 4220 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:43:27.0754 4220 MMCSS - ok
00:43:27.0770 4220 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:43:27.0816 4220 Modem - ok
00:43:27.0848 4220 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:43:27.0879 4220 monitor - ok
00:43:27.0910 4220 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:43:27.0910 4220 mouclass - ok
00:43:27.0957 4220 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:43:27.0988 4220 mouhid - ok
00:43:28.0004 4220 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:43:28.0019 4220 mountmgr - ok
00:43:28.0050 4220 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:43:28.0082 4220 mpio - ok
00:43:28.0097 4220 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:43:28.0128 4220 mpsdrv - ok
00:43:28.0160 4220 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:43:28.0222 4220 MRxDAV - ok
00:43:28.0238 4220 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:43:28.0284 4220 mrxsmb - ok
00:43:28.0316 4220 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:43:28.0378 4220 mrxsmb10 - ok
00:43:28.0409 4220 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:43:28.0440 4220 mrxsmb20 - ok
00:43:28.0472 4220 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:43:28.0503 4220 msahci - ok
00:43:28.0518 4220 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:43:28.0550 4220 msdsm - ok
00:43:28.0581 4220 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:43:28.0612 4220 MSDTC - ok
00:43:28.0628 4220 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:43:28.0659 4220 Msfs - ok
00:43:28.0674 4220 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:43:28.0721 4220 mshidkmdf - ok
00:43:28.0752 4220 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:43:28.0768 4220 msisadrv - ok
00:43:28.0815 4220 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:43:28.0862 4220 MSiSCSI - ok
00:43:28.0877 4220 msiserver - ok
00:43:28.0893 4220 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:43:28.0940 4220 MSKSSRV - ok
00:43:28.0955 4220 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:43:29.0002 4220 MSPCLOCK - ok
00:43:29.0018 4220 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:43:29.0064 4220 MSPQM - ok
00:43:29.0096 4220 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:43:29.0127 4220 MsRPC - ok
00:43:29.0142 4220 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:43:29.0142 4220 mssmbios - ok
00:43:29.0158 4220 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:43:29.0205 4220 MSTEE - ok
00:43:29.0252 4220 msvsmon90 (a9e7a3fe06d451dd5dd1d3dcb060e467) C:\Windows\system32\HSFHWICH.dll
00:43:29.0252 4220 Suspicious file (NoAccess): C:\Windows\system32\HSFHWICH.dll. md5: a9e7a3fe06d451dd5dd1d3dcb060e467
00:43:29.0252 4220 msvsmon90 ( Backdoor.Multi.ZAccess.gen ) - infected
00:43:29.0252 4220 msvsmon90 - detected Backdoor.Multi.ZAccess.gen (0)
00:43:29.0267 4220 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:43:29.0298 4220 MTConfig - ok
00:43:29.0330 4220 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:43:29.0345 4220 Mup - ok
00:43:29.0392 4220 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:43:29.0454 4220 napagent - ok
00:43:29.0501 4220 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:43:29.0548 4220 NativeWifiP - ok
00:43:29.0626 4220 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:43:29.0657 4220 NDIS - ok
00:43:29.0673 4220 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:43:29.0720 4220 NdisCap - ok
00:43:29.0813 4220 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:43:29.0860 4220 NdisTapi - ok
00:43:29.0891 4220 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:43:29.0938 4220 Ndisuio - ok
00:43:29.0969 4220 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:43:30.0016 4220 NdisWan - ok
00:43:30.0047 4220 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:43:30.0094 4220 NDProxy - ok
00:43:30.0125 4220 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
00:43:30.0172 4220 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:43:30.0172 4220 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:43:30.0188 4220 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:43:30.0234 4220 NetBIOS - ok
00:43:30.0266 4220 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:43:30.0312 4220 NetBT - ok
00:43:30.0344 4220 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:43:30.0344 4220 Netlogon - ok
00:43:30.0390 4220 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:43:30.0453 4220 Netman - ok
00:43:30.0484 4220 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:43:30.0531 4220 netprofm - ok
00:43:30.0593 4220 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
00:43:30.0640 4220 netr7364 - ok
00:43:30.0718 4220 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:43:30.0718 4220 NetTcpPortSharing - ok
00:43:30.0843 4220 Nexus Server (be2ba1a9f59189ad60300a0a54abe50e) C:\Program Files (x86)\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe
00:43:30.0858 4220 Nexus Server ( UnsignedFile.Multi.Generic ) - warning
00:43:30.0858 4220 Nexus Server - detected UnsignedFile.Multi.Generic (1)
00:43:30.0936 4220 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:43:30.0983 4220 nfrd960 - ok
00:43:31.0030 4220 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:43:31.0077 4220 NlaSvc - ok
00:43:31.0170 4220 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:43:31.0202 4220 Npfs - ok
00:43:31.0280 4220 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:43:31.0326 4220 nsiproxy - ok
00:43:31.0436 4220 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:43:31.0498 4220 Ntfs - ok
00:43:31.0560 4220 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:43:31.0607 4220 Null - ok
00:43:32.0013 4220 NVIDIA Performance Driver Service (74f76af4695e7b183ea43ab41d620f82) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
00:43:32.0153 4220 NVIDIA Performance Driver Service - ok
00:43:32.0964 4220 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:43:33.0214 4220 nvlddmkm - ok
00:43:33.0308 4220 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:43:33.0339 4220 nvraid - ok
00:43:33.0370 4220 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:43:33.0432 4220 nvstor - ok
00:43:33.0464 4220 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
00:43:33.0479 4220 nvsvc - ok
00:43:33.0495 4220 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:43:33.0542 4220 nv_agp - ok
00:43:33.0651 4220 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:43:33.0666 4220 odserv - ok
00:43:33.0698 4220 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:43:33.0744 4220 ohci1394 - ok
00:43:33.0776 4220 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:43:33.0791 4220 ose - ok
00:43:33.0838 4220 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys
00:43:33.0854 4220 ossrv - ok
00:43:33.0885 4220 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:43:33.0916 4220 p2pimsvc - ok
00:43:33.0963 4220 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:43:33.0994 4220 p2psvc - ok
00:43:34.0025 4220 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:43:34.0056 4220 Parport - ok
00:43:34.0088 4220 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:43:34.0103 4220 partmgr - ok
00:43:34.0119 4220 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:43:34.0166 4220 PcaSvc - ok
00:43:34.0181 4220 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:43:34.0228 4220 pci - ok
00:43:34.0228 4220 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:43:34.0259 4220 pciide - ok
00:43:34.0290 4220 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:43:34.0337 4220 pcmcia - ok
00:43:34.0337 4220 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:43:34.0353 4220 pcw - ok
00:43:34.0400 4220 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:43:34.0462 4220 PEAUTH - ok
00:43:34.0556 4220 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
00:43:34.0634 4220 PeerDistSvc - ok
00:43:34.0696 4220 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:43:34.0727 4220 PerfHost - ok
00:43:34.0883 4220 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:43:34.0977 4220 pla - ok
00:43:35.0024 4220 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:43:35.0070 4220 PlugPlay - ok
00:43:35.0117 4220 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
00:43:35.0133 4220 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:43:35.0133 4220 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:43:35.0148 4220 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:43:35.0164 4220 PNRPAutoReg - ok
00:43:35.0195 4220 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:43:35.0211 4220 PNRPsvc - ok
00:43:35.0258 4220 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:43:35.0320 4220 PolicyAgent - ok
00:43:35.0351 4220 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:43:35.0398 4220 Power - ok
00:43:35.0460 4220 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:43:35.0492 4220 PptpMiniport - ok
00:43:35.0523 4220 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:43:35.0554 4220 Processor - ok
00:43:35.0570 4220 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:43:35.0616 4220 ProfSvc - ok
00:43:35.0648 4220 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:43:35.0663 4220 ProtectedStorage - ok
00:43:35.0694 4220 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:43:35.0741 4220 Psched - ok
00:43:35.0788 4220 PSI_SVC_2 (0b6dea0a1662cab8f2bf339dc0752ef4) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
00:43:35.0804 4220 PSI_SVC_2 - ok
00:43:35.0897 4220 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:43:35.0960 4220 ql2300 - ok
00:43:36.0022 4220 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:43:36.0053 4220 ql40xx - ok
00:43:36.0084 4220 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:43:36.0116 4220 QWAVE - ok
00:43:36.0131 4220 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:43:36.0162 4220 QWAVEdrv - ok
00:43:36.0178 4220 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:43:36.0209 4220 RasAcd - ok
00:43:36.0240 4220 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:43:36.0287 4220 RasAgileVpn - ok
00:43:36.0506 4220 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:43:36.0552 4220 RasAuto - ok
00:43:36.0599 4220 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:43:36.0646 4220 Rasl2tp - ok
00:43:36.0677 4220 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:43:36.0740 4220 RasMan - ok
00:43:36.0755 4220 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:43:36.0802 4220 RasPppoe - ok
00:43:36.0818 4220 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:43:36.0864 4220 RasSstp - ok
00:43:36.0896 4220 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:43:36.0958 4220 rdbss - ok
00:43:36.0974 4220 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:43:37.0020 4220 rdpbus - ok
00:43:37.0036 4220 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:43:37.0067 4220 RDPCDD - ok
00:43:37.0114 4220 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
00:43:37.0161 4220 RDPDR - ok
00:43:37.0176 4220 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:43:37.0223 4220 RDPENCDD - ok
00:43:37.0239 4220 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:43:37.0286 4220 RDPREFMP - ok
00:43:37.0332 4220 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
00:43:37.0348 4220 RdpVideoMiniport - ok
00:43:37.0379 4220 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
00:43:37.0426 4220 RDPWD - ok
00:43:37.0488 4220 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:43:37.0504 4220 rdyboost - ok
00:43:37.0520 4220 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:43:37.0566 4220 RemoteAccess - ok
00:43:37.0598 4220 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:43:37.0660 4220 RemoteRegistry - ok
00:43:37.0660 4220 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:43:37.0707 4220 RpcEptMapper - ok
00:43:37.0738 4220 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:43:37.0754 4220 RpcLocator - ok
00:43:37.0785 4220 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:43:37.0832 4220 RpcSs - ok
00:43:37.0847 4220 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:43:37.0894 4220 rspndr - ok
00:43:37.0910 4220 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
00:43:37.0941 4220 s3cap - ok
00:43:37.0972 4220 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:43:37.0988 4220 SamSs - ok
00:43:38.0019 4220 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\DRIVERS\sbp2port.sys
00:43:38.0050 4220 sbp2port - ok
00:43:38.0066 4220 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:43:38.0128 4220 SCardSvr - ok
00:43:38.0159 4220 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:43:38.0190 4220 scfilter - ok
00:43:38.0284 4220 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:43:38.0362 4220 Schedule - ok
00:43:38.0378 4220 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:43:38.0409 4220 SCPolicySvc - ok
00:43:38.0440 4220 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:43:38.0502 4220 SDRSVC - ok
00:43:38.0549 4220 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:43:38.0627 4220 secdrv - ok
00:43:38.0643 4220 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:43:38.0690 4220 seclogon - ok
00:43:38.0705 4220 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:43:38.0752 4220 SENS - ok
00:43:38.0768 4220 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:43:38.0799 4220 SensrSvc - ok
00:43:38.0846 4220 Sentinel64 (84ac127242dd3ccde02f9a4673214b1f) C:\Windows\System32\Drivers\Sentinel64.sys
00:43:38.0861 4220 Sentinel64 - ok
00:43:38.0892 4220 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:43:38.0924 4220 Serenum - ok
00:43:38.0939 4220 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:43:39.0002 4220 Serial - ok
00:43:39.0033 4220 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:43:39.0048 4220 sermouse - ok
00:43:39.0095 4220 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:43:39.0158 4220 SessionEnv - ok
00:43:39.0173 4220 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:43:39.0204 4220 sffdisk - ok
00:43:39.0220 4220 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:43:39.0267 4220 sffp_mmc - ok
00:43:39.0282 4220 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:43:39.0314 4220 sffp_sd - ok
00:43:39.0329 4220 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:43:39.0360 4220 sfloppy - ok
00:43:39.0407 4220 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:43:39.0470 4220 SharedAccess - ok
00:43:39.0516 4220 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:43:39.0563 4220 ShellHWDetection - ok
00:43:39.0579 4220 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:43:39.0626 4220 SiSRaid2 - ok
00:43:39.0641 4220 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:43:39.0657 4220 SiSRaid4 - ok
00:43:39.0672 4220 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:43:39.0719 4220 Smb - ok
00:43:39.0750 4220 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:43:39.0782 4220 SNMPTRAP - ok
00:43:39.0782 4220 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:43:39.0797 4220 spldr - ok
00:43:39.0860 4220 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:43:39.0906 4220 Spooler - ok
00:43:40.0094 4220 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:43:40.0218 4220 sppsvc - ok
00:43:40.0296 4220 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:43:40.0328 4220 sppuinotify - ok
00:43:40.0390 4220 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:43:40.0437 4220 srv - ok
00:43:40.0484 4220 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:43:40.0499 4220 srv2 - ok
00:43:40.0530 4220 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:43:40.0562 4220 srvnet - ok
00:43:40.0593 4220 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:43:40.0640 4220 SSDPSRV - ok
00:43:40.0655 4220 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:43:40.0686 4220 SstpSvc - ok
00:43:40.0702 4220 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:43:40.0718 4220 stexstor - ok
00:43:40.0749 4220 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
00:43:40.0796 4220 StillCam - ok
00:43:40.0858 4220 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:43:40.0889 4220 stisvc - ok
00:43:40.0905 4220 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
00:43:40.0920 4220 storflt - ok
00:43:40.0936 4220 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
00:43:40.0967 4220 storvsc - ok
00:43:40.0998 4220 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:43:41.0014 4220 swenum - ok
00:43:41.0139 4220 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:43:41.0170 4220 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
00:43:41.0170 4220 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
00:43:41.0217 4220 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:43:41.0279 4220 swprv - ok
00:43:41.0279 4220 Synth3dVsc - ok
00:43:41.0404 4220 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:43:41.0482 4220 SysMain - ok
00:43:41.0638 4220 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:43:41.0669 4220 TabletInputService - ok
00:43:41.0716 4220 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:43:41.0763 4220 TapiSrv - ok
00:43:41.0794 4220 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:43:41.0841 4220 TBS - ok
00:43:41.0966 4220 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:43:42.0059 4220 Tcpip - ok
00:43:42.0215 4220 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:43:42.0262 4220 TCPIP6 - ok
00:43:42.0309 4220 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:43:42.0356 4220 tcpipreg - ok
00:43:42.0387 4220 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:43:42.0402 4220 TDPIPE - ok
00:43:42.0434 4220 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:43:42.0434 4220 TDTCP - ok
00:43:42.0465 4220 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:43:42.0512 4220 tdx - ok
00:43:42.0543 4220 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:43:42.0574 4220 TermDD - ok
00:43:42.0636 4220 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:43:42.0683 4220 TermService - ok
00:43:42.0714 4220 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:43:42.0730 4220 Themes - ok
00:43:42.0761 4220 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:43:42.0792 4220 THREADORDER - ok
00:43:42.0839 4220 Tpkd (c676b0f52f2b6483afb88f79cabb011e) C:\Windows\system32\drivers\Tpkd.sys
00:43:42.0855 4220 Tpkd - ok
00:43:42.0870 4220 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:43:42.0933 4220 TrkWks - ok
00:43:42.0980 4220 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:43:43.0011 4220 TrustedInstaller - ok
00:43:43.0042 4220 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:43:43.0104 4220 tssecsrv - ok
00:43:43.0120 4220 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:43:43.0151 4220 TsUsbFlt - ok
00:43:43.0151 4220 tsusbhub - ok
00:43:43.0198 4220 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:43:43.0229 4220 tunnel - ok
00:43:43.0245 4220 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:43:43.0276 4220 uagp35 - ok
00:43:43.0323 4220 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:43:43.0370 4220 udfs - ok
00:43:43.0401 4220 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:43:43.0416 4220 UI0Detect - ok
00:43:43.0432 4220 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:43:43.0463 4220 uliagpkx - ok
00:43:43.0494 4220 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:43:43.0541 4220 umbus - ok
00:43:43.0557 4220 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:43:43.0588 4220 UmPass - ok
00:43:43.0619 4220 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
00:43:43.0666 4220 UmRdpService - ok
00:43:43.0697 4220 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:43:43.0744 4220 upnphost - ok
00:43:43.0775 4220 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:43:43.0806 4220 usbccgp - ok
00:43:43.0838 4220 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:43:43.0869 4220 usbcir - ok
00:43:43.0884 4220 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:43:43.0931 4220 usbehci - ok
00:43:43.0978 4220 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:43:44.0025 4220 usbhub - ok
00:43:44.0040 4220 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:43:44.0072 4220 usbohci - ok
00:43:44.0087 4220 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:43:44.0118 4220 usbprint - ok
00:43:44.0150 4220 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:43:44.0228 4220 USBSTOR - ok
00:43:44.0228 4220 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
00:43:44.0259 4220 usbuhci - ok
00:43:44.0274 4220 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:43:44.0321 4220 UxSms - ok
00:43:44.0352 4220 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:43:44.0368 4220 VaultSvc - ok
00:43:44.0384 4220 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:43:44.0430 4220 vdrvroot - ok
00:43:44.0477 4220 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:43:44.0540 4220 vds - ok
00:43:44.0555 4220 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:43:44.0571 4220 vga - ok
00:43:44.0571 4220 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:43:44.0618 4220 VgaSave - ok
00:43:44.0633 4220 VGPU - ok
00:43:44.0680 4220 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:43:44.0711 4220 vhdmp - ok
00:43:44.0742 4220 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:43:44.0758 4220 viaide - ok
00:43:44.0789 4220 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
00:43:44.0852 4220 vmbus - ok
00:43:44.0867 4220 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
00:43:44.0914 4220 VMBusHID - ok
00:43:44.0930 4220 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:43:44.0961 4220 volmgr - ok
00:43:45.0023 4220 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:43:45.0039 4220 volmgrx - ok
00:43:45.0070 4220 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:43:45.0086 4220 volsnap - ok
00:43:45.0117 4220 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:43:45.0148 4220 vsmraid - ok
00:43:45.0257 4220 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:43:45.0335 4220 VSS - ok
00:43:45.0413 4220 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:43:45.0444 4220 vwifibus - ok
00:43:45.0460 4220 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:43:45.0491 4220 vwififlt - ok
00:43:45.0507 4220 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:43:45.0522 4220 vwifimp - ok
00:43:45.0569 4220 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:43:45.0616 4220 W32Time - ok
00:43:45.0632 4220 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:43:45.0663 4220 WacomPen - ok
00:43:45.0834 4220 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:43:45.0881 4220 WANARP - ok
00:43:45.0912 4220 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:43:45.0944 4220 Wanarpv6 - ok
00:43:46.0084 4220 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:43:46.0146 4220 WatAdminSvc - ok
00:43:46.0240 4220 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:43:46.0302 4220 wbengine - ok
00:43:46.0396 4220 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:43:46.0427 4220 WbioSrvc - ok
00:43:46.0474 4220 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:43:46.0521 4220 wcncsvc - ok
00:43:46.0521 4220 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:43:46.0568 4220 WcsPlugInService - ok
00:43:46.0599 4220 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:43:46.0599 4220 Wd - ok
00:43:46.0630 4220 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
00:43:46.0661 4220 WDC_SAM - ok
00:43:46.0708 4220 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:43:46.0724 4220 Wdf01000 - ok
00:43:46.0755 4220 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:43:46.0833 4220 WdiServiceHost - ok
00:43:46.0833 4220 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:43:46.0848 4220 WdiSystemHost - ok
00:43:46.0880 4220 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:43:46.0942 4220 WebClient - ok
00:43:46.0958 4220 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:43:47.0020 4220 Wecsvc - ok
00:43:47.0036 4220 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:43:47.0067 4220 wercplsupport - ok
00:43:47.0098 4220 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:43:47.0145 4220 WerSvc - ok
00:43:47.0176 4220 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:43:47.0223 4220 WfpLwf - ok
00:43:47.0223 4220 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:43:47.0238 4220 WIMMount - ok
00:43:47.0270 4220 WinDefend - ok
00:43:47.0285 4220 WinHttpAutoProxySvc - ok
00:43:47.0332 4220 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:43:47.0379 4220 Winmgmt - ok
00:43:47.0504 4220 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:43:47.0582 4220 WinRM - ok
00:43:47.0691 4220 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:43:47.0706 4220 WinUsb - ok
00:43:47.0784 4220 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:43:47.0816 4220 Wlansvc - ok
00:43:47.0847 4220 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:43:47.0862 4220 WmiAcpi - ok
00:43:47.0909 4220 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:43:47.0940 4220 wmiApSrv - ok
00:43:47.0972 4220 WMPNetworkSvc - ok
00:43:47.0987 4220 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:43:48.0034 4220 WPCSvc - ok
00:43:48.0174 4220 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:43:48.0190 4220 WPDBusEnum - ok
00:43:48.0221 4220 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:43:48.0268 4220 ws2ifsl - ok
00:43:48.0284 4220 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
00:43:48.0315 4220 wscsvc - ok
00:43:48.0315 4220 WSearch - ok
00:43:48.0455 4220 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:43:48.0549 4220 wuauserv - ok
00:43:48.0642 4220 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:43:48.0689 4220 WudfPf - ok
00:43:48.0720 4220 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:43:48.0767 4220 WUDFRd - ok
00:43:48.0798 4220 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:43:48.0830 4220 wudfsvc - ok
00:43:48.0861 4220 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:43:48.0892 4220 WwanSvc - ok
00:43:48.0970 4220 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:43:49.0064 4220 \Device\Harddisk0\DR0 - ok
00:43:49.0095 4220 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
00:43:49.0142 4220 \Device\Harddisk1\DR1 - ok
00:43:49.0142 4220 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
00:43:49.0329 4220 \Device\Harddisk2\DR2 - ok
00:43:49.0329 4220 Boot (0x1200) (3eb61c80f7e2c49a7b2ad8d701dadc8c) \Device\Harddisk0\DR0\Partition0
00:43:49.0329 4220 \Device\Harddisk0\DR0\Partition0 - ok
00:43:49.0344 4220 Boot (0x1200) (a9946ad4a0853904dfc54b378dc4811a) \Device\Harddisk0\DR0\Partition1
00:43:49.0344 4220 \Device\Harddisk0\DR0\Partition1 - ok
00:43:49.0360 4220 Boot (0x1200) (89a1ba517f273ffdaddc38f0e3532517) \Device\Harddisk1\DR1\Partition0
00:43:49.0360 4220 \Device\Harddisk1\DR1\Partition0 - ok
00:43:49.0360 4220 ============================================================
00:43:49.0360 4220 Scan finished
00:43:49.0360 4220 ============================================================
00:43:49.0376 4908 Detected object count: 11
00:43:49.0376 4908 Actual detected object count: 11
00:45:02.0821 4908 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:45:02.0821 4908 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:45:02.0821 4908 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:45:02.0821 4908 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:45:02.0821 4908 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
00:45:02.0821 4908 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:45:02.0821 4908 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:45:02.0821 4908 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:45:02.0821 4908 M4LIC ( UnsignedFile.Multi.Generic ) - skipped by user
00:45:02.0821 4908 M4LIC ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:45:02.0821 4908 MacDrive8Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:45:02.0821 4908 MacDrive8Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:45:02.0836 4908 msvsmon90 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
00:45:02.0836 4908 msvsmon90 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
00:45:02.0836 4908 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:45:02.0836 4908 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:45:02.0836 4908 Nexus Server ( UnsignedFile.Multi.Generic ) - skipped by user
00:45:02.0836 4908 Nexus Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:45:02.0836 4908 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:45:02.0836 4908 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:45:02.0836 4908 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
00:45:02.0836 4908 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:14:55.0872 1512 Deinitialize success

koubelka · #2 Příspěvek od **koubelka** » 14 kvě 2012 23:57

(pokračování předchozího příspěvku!)

prozměnu v jiném vlákně jsem si přečet že nic neskazím ani logem z programu RSIT (návod jak na to jsem si vzal prozmě zde

a zde je log který mi RSITx64.exe vygeneroval:

info.txt logfile of random's system information tool 1.09 2012-05-14 00:00:05

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove
64 Bit HP CIO Components Installer-->MsiExec.exe /I{BE930E38-7BB3-45B6-85B2-5251F374F844}
Adobe After Effects CS3 Presets-->MsiExec.exe /I{4B215C29-1A3E-4736-92AA-10C83FA56EB9}
Adobe After Effects CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\b7dd24a87e82dcf8af8876fd727b7cf\Setup.exe
Adobe After Effects CS3-->MsiExec.exe /I{8AF3FB06-BDA3-42A3-995C-308812D2F094}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Community Help-->msiexec /qb /x {3521BDBD-D453-5D9F-AA55-44B75D214629}
Adobe Community Help-->MsiExec.exe /I{3521BDBD-D453-5D9F-AA55-44B75D214629}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_10_3_162_ActiveX.exe -maintain activex
Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -maintain activex
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS5.1-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{9158FF30-78D7-40EF-B83E-451AC5334640}"
Adobe Reader 9.1 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A91000000001}
Adobe Setup-->MsiExec.exe /I{2C294A0B-DF22-4023-B168-8C7645B10019}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avid Audio Drivers (x64)-->MsiExec.exe /X{2F227ACA-204C-4529-BA33-D095C42C72DB}
Avid EDL Manager-->MsiExec.exe /X{D5BC49DF-35C6-4C01-A79F-E638E4BF19B3}
Avid FilmScribe-->MsiExec.exe /X{E8692F58-03E1-4DBB-8D1A-A70AB1DC634A}
Avid Log Exchange-->MsiExec.exe /X{5AE7D9E5-9530-4216-98EA-C3E7D0752FB3}
Avid Media Composer-->MsiExec.exe /X{76907753-C8DC-406E-819B-20DF131FA052}
Avid MediaLog-->MsiExec.exe /X{24185972-C785-4D02-82A1-632FD14C14EC}
Babylon toolbar on IE-->"C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\uninstall.exe"
backburner 2.3-->MsiExec.exe /I{805A148C-045F-45D9-B837-BAA678DDA212}
CINEMA 4D 11.514-->"C:\Program Files\MAXON\CINEMA 4D R11.5\CINEMA 4D 64 Bit.exe" "C:\Program Files\MAXON\CINEMA 4D R11.5\resource\install20100815_203407.log" -uninstall
Corel Graphics - Windows Shell Extension-->c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellUninst.exe -ProductCode {51DD370C-6690-424E-9674-5F14468B323F} -arp
Corel Graphics - Windows Shell Extension-->MsiExec.exe /X{51DD370C-6690-424E-9674-5F14468B323F}
CorelDRAW Graphics Suite X5 - IPM-->MsiExec.exe /I{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit-->MsiExec.exe /I{66C10F29-31F0-4A9B-B2CF-465F488AE086}
CorelDRAW Graphics Suite X5 - WT-->MsiExec.exe /I{9244E956-5939-4B88-930C-0699D4AB2B95}
CorelDRAW(R) Graphics Suite X5-->c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Setup\SetupARP.exe /arp
Creative Audio Control Panel-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9 /remove
Creative Sound Blaster Properties x64 Edition-->"C:\Program Files (x86)\Creative Installation Information\SBCONTROL64\Setup.exe" /remove /l0x0009
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)-->c:\Windows\SysWOW64\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)-->c:\Windows\SysWOW64\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)-->c:\Windows\SysWOW64\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)-->c:\Windows\SysWOW64\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)-->c:\Windows\SysWOW64\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
HP Customer Participation Program 14.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Imaging Device Functions 14.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6-->C:\Program Files (x86)\HP\Digital Imaging\{68550918-63B5-4762-85CB-3C160AA4B213}\setup\hpzscr40.exe -datfile hposcr43.dat -onestop -forcereboot
HP Smart Web Printing 4.60-->C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 14.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}
Java(TM) 7 Update 4-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217004FF}
JavaFX 2.1.0-->MsiExec.exe /X{1111706F-666A-4037-7777-210328764D10}
MacDrive 8-->MsiExec.exe /X{8F6D780C-53B8-4385-98BC-62F78F9E4C38}
Magic ISO Maker v5.5 (build 0281)-->C:\PROGRA~2\MagicISO\UNWISE.EXE C:\PROGRA~2\MagicISO\INSTALL.LOG
MetaSync-->MsiExec.exe /X{A7BE4592-E101-4806-BF9A-D88CF5E387E4}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0405-1000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {0B7A4B67-2A38-42B1-9857-662FAB361E08}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {FDF9A959-241A-4662-A8DE-7DED9C22D160}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual Studio Tools for Applications 2.0 - ENU-->MsiExec.exe /X{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}
Microsoft Visual Studio Tools for Applications 2.0 Runtime-->MsiExec.exe /X{299C0434-4F4E-341F-A916-4E07AEB35E79}
Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Microsoft_VC90_MFCLOC_x86_x64-->MsiExec.exe /I{90BF0360-A1DB-4599-A643-95AB90A52C1E}
Microsoft_VC90_MFCLOC_x86-->MsiExec.exe /I{B6D38690-755E-4F40-A35A-23F8BC2B86AC}
Mozilla Firefox 9.0.1 (x86 cs)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA Performance Drivers-->MsiExec.exe /I{4C0A8D65-4286-4B58-87FE-18AD24289285}
OpenAL-->"C:\Program Files (x86)\OpenAL\OALInst.exe" /U
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Realtek High Definition Audio Driver-->RtlUpd64.exe -r -m
Rhozet Carbon Coder-->C:\Program Files (x86)\InstallShield Installation Information\{663118ED-6E80-45D6-9484-6830798B8B86}\setup.exe -runfromtemp -l0x0009 -removeonly
Rhozet Media Pipeline-->MsiExec.exe /I{6A0D0EF4-A5C8-4C9D-A2FD-A59721C90198}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE}
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F}
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {ABB5F56F-FC55-4C7E-9622-B8A1E670BAFC}
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270}
Sentinel Protection Installer 7.4.0-->MsiExec.exe /I{5A180ED5-0AC1-410A-B790-5E0319CD0A93}
ServiceCommander Version 4-->"C:\Program Files (x86)\ServiceCommander\unins000.exe"
Shop for HP Supplies-->C:\Program Files (x86)\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
TNod User & Password Finder-->"C:\Program Files (x86)\TNod User & Password Finder\uninst-TNod.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
XDCAMBrowser-->MsiExec.exe /X{4A12259B-8346-49DF-82C6-2F9D765A523E}

======System event log======

Computer Name: user-PC
Event Code: 26
Message: Procesor 3 ve skupině 0 uvádí následující informace:

stavy nečinnosti: 1
stavy činnosti: 2
stavy omezení: 8
Record Number: 15523
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20101122084430.761621-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: user-PC
Event Code: 26
Message: Procesor 2 ve skupině 0 uvádí následující informace:

stavy nečinnosti: 1
stavy činnosti: 2
stavy omezení: 8
Record Number: 15522
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20101122084430.761621-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: user-PC
Event Code: 26
Message: Procesor 1 ve skupině 0 uvádí následující informace:

stavy nečinnosti: 1
stavy činnosti: 2
stavy omezení: 8
Record Number: 15521
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20101122084430.761621-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: user-PC
Event Code: 26
Message: Procesor 0 ve skupině 0 uvádí následující informace:

stavy nečinnosti: 1
stavy činnosti: 2
stavy omezení: 8
Record Number: 15520
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20101122084430.761621-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: user-PC
Event Code: 15
Message: Broadcom NetXtreme Gigabit Ethernet: Driver initialized successfully.
Record Number: 15519
Source Name: b57nd60a
Time Written: 20101122084430.168820-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: user-PC
Event Code: 3
Message:
Record Number: 1822463
Source Name: Adobe Version Cue CS3
Time Written: 20111021130709.000000-000
Event Type: Chyba
User:

Computer Name: user-PC
Event Code: 3
Message:
Record Number: 1822462
Source Name: Adobe Version Cue CS3
Time Written: 20111021130709.000000-000
Event Type: Chyba
User:

Computer Name: user-PC
Event Code: 3
Message:
Record Number: 1822461
Source Name: Adobe Version Cue CS3
Time Written: 20111021130709.000000-000
Event Type: Chyba
User:

Computer Name: user-PC
Event Code: 3
Message:
Record Number: 1822460
Source Name: Adobe Version Cue CS3
Time Written: 20111021130709.000000-000
Event Type: Chyba
User:

Computer Name: user-PC
Event Code: 3
Message:
Record Number: 1822459
Source Name: Adobe Version Cue CS3
Time Written: 20111021130709.000000-000
Event Type: Chyba
User:

=====Security event log=====

Computer Name: user-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-21-4265328179-1441448899-2627571303-1004
Název účtu: DBA62277437545189A2D
Doména účtu: user-PC
ID přihlášení: 0x17965c7

Oprávnění: SeSecurityPrivilege
Record Number: 122881
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120509092943.176832-000
Event Type: Úspěšný audit
User:

Computer Name: user-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-21-4265328179-1441448899-2627571303-1000
Název účtu: user
Doména účtu: user-PC
ID přihlášení: 0x2f9ea

Typ přihlášení: 4

Nové přihlášení:
ID zabezpečení: S-1-5-21-4265328179-1441448899-2627571303-1004
Název účtu: DBA62277437545189A2D
Doména účtu: user-PC
ID přihlášení: 0x17965c7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0xbf0
Název procesu: C:\Program Files (x86)\Avid\Avid Media Composer\DSM\DSM_Server.exe

Informace o síti:
Název pracovní stanice: USER-PC
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 122880
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120509092943.176832-000
Event Type: Úspěšný audit
User:

Computer Name: user-PC
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.

Předmět:
ID zabezpečení: S-1-5-21-4265328179-1441448899-2627571303-1000
Název účtu: user
Doména účtu: user-PC
ID přihlášení: 0x2f9ea
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Účet, jehož pověření bylo použito:
Název účtu: DBA62277437545189A2D
Doména účtu: user-PC
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Cílový server:
Název cílového serveru: localhost
Další informace: localhost

Informace o procesu:
ID procesu: 0xbf0
Název procesu: C:\Program Files (x86)\Avid\Avid Media Composer\DSM\DSM_Server.exe

Informace o síti:
Síťová adresa: -
Port: -

Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 122879
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120509092943.176832-000
Event Type: Úspěšný audit
User:

Computer Name: user-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-21-4265328179-1441448899-2627571303-1004
Název účtu: DBA62277437545189A2D
Doména účtu: user-PC
ID přihlášení: 0x1796573

Oprávnění: SeSecurityPrivilege
Record Number: 122878
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120509092943.136830-000
Event Type: Úspěšný audit
User:

Computer Name: user-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-21-4265328179-1441448899-2627571303-1000
Název účtu: user
Doména účtu: user-PC
ID přihlášení: 0x2f9ea

Typ přihlášení: 4

Nové přihlášení:
ID zabezpečení: S-1-5-21-4265328179-1441448899-2627571303-1004
Název účtu: DBA62277437545189A2D
Doména účtu: user-PC
ID přihlášení: 0x1796573
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0xbf0
Název procesu: C:\Program Files (x86)\Avid\Avid Media Composer\DSM\DSM_Server.exe

Informace o síti:
Název pracovní stanice: USER-PC
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 122877
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120509092943.136830-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\backburner 2\;C:\Program Files (x86)\Common Files\Avid;C:\Program Files\Common Files\Avid;C:\Program Files (x86)\Rhozet\RMP\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=1707
"CLASSPATH"=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

koubelka · #3 Příspěvek od **koubelka** » 15 kvě 2012 00:03

taky ještě přikládám log z programu MbrScan kterýžto jsem vytvořil podle návodu který jsem si přečetl zde:

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 23 Stepping 7, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/05/14 (ISO 8601) at 01:01:48
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __WDC WD50 00AAKS-60YGA (21.0)
BUS_TYPE       : (0x08)  RAID
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR1 __ST332062 0AS (3.AA)
BUS_TYPE       : (0x08)  RAID
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	465.8 Go  [Fixed] ==> 7 MBR Code

MBR_MD5   : 453B1B1DE0DDEC94726E21C2477CA960
MBR_SHA1  : 5714643D7A0A875BAB5BB95966525D806F79E110

Device\Harddisk0\Partition1	100.0 Mo  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	465.7 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk1\DR1	298.1 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : 135B81D639A4F926CB14CD907E3C3B65
MBR_SHA1  : 0A090D5915214BC2952CBA7BE72B787680681781

Device\Harddisk1\Partition1	298.1 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk2\DR2	931.5 Go  [Fixed] ==> Hidden MBR Code !! ....

MBR_MD5   : BF619EAC0CDF3F68D496EA9344137E8B
MBR_SHA1  : 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5

________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x03214000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00B96000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C0C000
SIZE    : 316.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00C6F000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00CCD000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E49000
SIZE    : 656.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00EED000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00EFC000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00F53000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00F5C000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00F66000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00F99000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00FA6000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00FBB000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00D8D000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00FD0000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\vmbus.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 240.0 Ko

DRIVER  : C:\Windows\system32\drivers\winhv.sys => Invisible on the disk
ADDRESS : 0x00FEA000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\drivers\iaStorV.sys => Invisible on the disk
ADDRESS : 0x0104C000
SIZE    : 1.12 Mo

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x0116A000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x01175000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x011C1000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01225000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x014B8000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01516000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01531000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x015A3000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x015B4000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x016E1000
SIZE    : 972.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01660000
SIZE    : 172.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x018F2000
SIZE    : 2.01 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01AF5000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\epfwwfp.sys => Invisible on the disk
ADDRESS : 0x01B3F000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x01B54000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01B64000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Tpkd.sys => Invisible on the disk
ADDRESS : 0x01BB0000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01BD3000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\sbp2port.sys => Invisible on the disk
ADDRESS : 0x01BDB000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x0183A000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\MDPMGRNT.SYS => Invisible on the disk
ADDRESS : 0x0184C000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\Drivers\MDFSYSNT.sys => Invisible on the disk
ADDRESS : 0x01859000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x018AC000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x018B5000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x0168B000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x016A1000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x043A4000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x043CE000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x043D7000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ehdrv.sys => Invisible on the disk
ADDRESS : 0x04200000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x04227000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x04235000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x0425A000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x0426A000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x043DE000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x043E7000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x043F0000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x017D4000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x015BE000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x017E5000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x017F2000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x01489000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x01492000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x015E0000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\EpfwLWF.sys => Invisible on the disk
ADDRESS : 0x013C8000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x013D5000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x013E4000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x011D5000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x02E79000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x02ECA000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x02ED6000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x02EE1000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x02EF0000
SIZE    : 524.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x02F73000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\drivers\CBDisk.sys => Invisible on the disk
ADDRESS : 0x02F91000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x02FA5000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x02FB6000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nvlddmkm.sys => Invisible on the disk
ADDRESS : 0x0F242000
SIZE    : 12.57 Mo

DRIVER  : C:\Windows\system32\DRIVERS\nvBridge.kmd => Invisible on the disk
ADDRESS : 0x0FED4000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x0FED6000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x02E00000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\drivers\ctaud2k.sys => Invisible on the disk
ADDRESS : 0x04433000
SIZE    : 676.0 Ko

DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x044DC000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x04519000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x0453B000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\drivers\ctoss2k.sys => Invisible on the disk
ADDRESS : 0x0457E000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\system32\drivers\ctprxy2k.sys => Invisible on the disk
ADDRESS : 0x045AF000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x045B7000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbuhci.sys => Invisible on the disk
ADDRESS : 0x045BD000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x046C8000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x0471E000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\1394ohci.sys => Invisible on the disk
ADDRESS : 0x0472F000
SIZE    : 248.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\b57nd60a.sys => Invisible on the disk
ADDRESS : 0x0476D000
SIZE    : 288.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bcmwl664.sys => Invisible on the disk
ADDRESS : 0x04E37000
SIZE    : 2.72 Mo

DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x050F0000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\i8042prt.sys => Invisible on the disk
ADDRESS : 0x050FD000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x0511B000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x0512A000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\parport.sys => Invisible on the disk
ADDRESS : 0x05139000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk
ADDRESS : 0x05156000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\fdc.sys => Invisible on the disk
ADDRESS : 0x05162000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x0516F000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x05185000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x0518E000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x0519E000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x051B4000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x051D8000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x04E00000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x051E4000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x047B5000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x047D6000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x047F0000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x04E2F000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x04600000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x04612000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\system32\drivers\ha20x22k.sys => Invisible on the disk
ADDRESS : 0x05A37000
SIZE    : 1.55 Mo

DRIVER  : C:\Windows\system32\drivers\emupia2k.sys => Invisible on the disk
ADDRESS : 0x0466C000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\drivers\ctsfm2k.sys => Invisible on the disk
ADDRESS : 0x05BC4000
SIZE    : 224.0 Ko

DRIVER  : C:\Windows\System32\drivers\CTHWIUT.SYS => Invisible on the disk
ADDRESS : 0x05A00000
SIZE    : 112.0 Ko

DRIVER  : C:\Windows\System32\drivers\CT20XUT.SYS => Invisible on the disk
ADDRESS : 0x0F200000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x05A1C000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\CTEXFIFX.SYS => Invisible on the disk
ADDRESS : 0x0622D000
SIZE    : 1.39 Mo

DRIVER  : C:\Windows\system32\DRIVERS\wdcsam64.sys => Invisible on the disk
ADDRESS : 0x06391000
SIZE    : 16.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x06395000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x063B2000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x063B4000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x063C2000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x063DB000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk
ADDRESS : 0x063E4000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x06200000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00010000
SIZE    : 3.08 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x0620D000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x06219000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_iaStorV.sys => Invisible on the disk
ADDRESS : 0x04273000
SIZE    : 1.12 Mo

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x045CA000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x046B6000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x005A0000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00760000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x045DD000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\eamonm.sys => Invisible on the disk
ADDRESS : 0x02618000
SIZE    : 904.0 Ko

DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x026FA000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\epfw.sys => Invisible on the disk
ADDRESS : 0x0271B000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x0274C000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x02761000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x027B4000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x027C7000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwifimp.sys => Invisible on the disk
ADDRESS : 0x027DF000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x03C82000
SIZE    : 804.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x03D4B000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x03D7C000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x03D9A000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x03C00000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x03C4E000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x064E9000
SIZE    : 420.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x06552000
SIZE    : 608.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Sentinel64.sys => Invisible on the disk
ADDRESS : 0x06400000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\system32\drivers\aksdf.sys => Invisible on the disk
ADDRESS : 0x06425000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x06438000
SIZE    : 216.0 Ko

DRIVER  : C:\Windows\system32\drivers\aksfridge.sys => Invisible on the disk
ADDRESS : 0x0646E000
SIZE    : 128.0 Ko

DRIVER  : C:\Windows\system32\drivers\hardlock.sys => Invisible on the disk
ADDRESS : 0x0648E000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x06C27000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x06CCD000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x06CD8000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x06CEA000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\asyncmac.sys => Invisible on the disk
ADDRESS : 0x06D8C000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\49085236.sys => Invisible on the disk
ADDRESS : 0x06D97000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x475B0000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 1E 33 1F 33 00 00 80 20   em...c{..3.3... 
0x000001C0   21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF   !..ß....... ...ß
0x000001D0   14 0C 07 FE FF FF 00 28 03 00 00 30 35 3A 00 00   ...þ...(...05:..
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

_______MBR   \Device\Harddisk1\DR1  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 66 1E 9E C2 00 00 00 20   .....,Dcf..Â... 
0x000001C0   21 00 07 FE FF FF 00 08 00 00 00 D8 42 25 00 00   !..þ.......ØB%..
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

_______MBR   \Device\Harddisk2\DR2  

0x00000000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000020   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

#4 Příspěvek od **vyosek** » 15 kvě 2012 08:55

Zdravim a pekny den preji

Mate tam peknou mrchu se jmenem ZeroAccess - a ta mrcha neni prehnane pojmenovani, i na zahranicnich forech jeji leceni je nic moc a muze skoncit formatovanim, jelikoz dela s PC opravdu psi kusy

Chytit se da i diky tomu, ze ten cracknuty ESET co tam mate vas nedokaze ochranit - pravidla fora jsou ale jasna, s PC kde je nelegalni bezp.SW nepomahame. Takze udelame dohodu - po ukoceni leceni tam date free reseni v podobe Avastu, Aviry ci MSE - souhlas?

A poprosim o druhy log z RSIT s nazvem log.txt, je ulozen v c:\rsit

koubelka · #5 Příspěvek od **koubelka** » 15 kvě 2012 12:03

děkuji za odpověď. Tak během rána se muselo na počítači pracovat a když kolega počítač restartoval, tak mu už nenaběhl, takže jediná možnost jak na počítači nadále pracovat bylo spustit tu konzoli pro zotavení, nebo vrácení se k poslednímu možnému bodu (nebyl jsem u toho - stalo se to kolegovi...). Takže když teď šli na oběd, tak vidím že při té příležitosti jsem opět přišel o antivir... - to znamená že Eset vzal kompletně za své a v jeho adresářích není nic jiného než jen zbytky nějaký <něco>.dat souborů... - nevím jestli ten vir oddinstalova kompletně antivirus nebo něco takového... ...

takže jsem znovu stáhnul RSITx64.exe, spustil a zde přikládám log který jsem našel přesně tam kde jsi říkal. (pokračova v opravách budu moci nejdříve bohužel asi až za pár hodin...)

a ještě bych měl jeden dotaz - má nebo nemá cenu (či je či není to dobrý nápad) zkusit na takto zavirovaném počítači spustit to co se nachází na stránce: How do I remove ZeroAccess (Sirefef) rootkit?
-respektive mám zkoušet stáhnout a spustit ESETSirefefRemover.exe? Nechci pokoušet osud (či nejbože si zničit počítač), a tak se raději ptám předem.

log.txt

Kód: Vybrat vše

Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2012-05-14 12:55:01
Microsoft Windows 7 Ultimate  Service Pack 1
System drive C: has 384 GB (81%) free of 477 GB
Total RAM: 8175 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:55:12, on 14.5.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (file missing)
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc. - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mediafour M4LIC service (M4LIC) - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nexus Server (Carbon Coder) (Nexus Server) - Unknown owner - C:\Program Files (x86)\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8130 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 27695872
\??\C:\Windows\system32\conhost.exe "-1558785258289895038282446555-405071401598627329-179572121120272671802084948165
C:\Windows\System32\spoolsv.exe
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe" -s
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe  -run
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE"
"C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe"
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe"
"C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe" 
"C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe"
C:\Windows\System32\svchost.exe -k HPZ12
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe" 
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\vds.exe
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-514b8fd7-3332-4c06-a786-0e66d5ddbc2a -SystemEventPortName:HostProcess-d81a6622-54db-40ca-a3ec-44754b8fb5b7 -IoCancelEventPortName:HostProcess-8e9d4ea6-d561-49d4-af64-d01241045c0d -NonStateChangingEventPortName:HostProcess-80298e21-b5b3-4ec2-9807-4efede9e6414 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:9bcee8ea-8739-4786-aa97-0f2cd3edf415
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Rhozet\Carbon Coder\Kernel\PNXKERNL.Exe" C:\Windows\TEMP\CT978D.tmp
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Photosmart C4700 series#1281622687" -Startup
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
\systemroot\assembly\tmp\U
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536 
"C:\Users\user\Desktop\RSITx64.exe" 
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\t5ahwyo3.default

prefs.js - "browser.startup.homepage" -  "http://www.google.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.4.1]
"Description"=
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MacDrive 8 application"=C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe [2010-02-04 345688]
"Getting started with MacDrive 8"=C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe [2009-03-31 151040]
"TNOD UP"=C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe [2011-09-18 1892352]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"DigidesignMMERefresh"=C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [2010-05-05 77824]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*

======List of files/folders created in the last 1 month======

2012-05-14 00:42:42 ----A---- C:\TDSSKiller.2.7.34.0_14.05.2012_00.42.42_log.txt
2012-05-13 23:59:23 ----D---- C:\rsit
2012-05-13 23:59:23 ----D---- C:\Program Files\trend micro
2012-05-13 21:48:46 ----D---- C:\Program Files (x86)\ServiceCommander
2012-05-13 21:01:42 ----D---- C:\Users\user\AppData\Roaming\ESET
2012-05-13 20:52:13 ----A---- C:\Windows\ntbtlog.txt
2012-05-13 20:24:40 ----D---- C:\ProgramData\ESET
2012-05-13 20:17:45 ----D---- C:\Program Files (x86)\TNod User & Password Finder
2012-05-13 20:12:51 ----D---- C:\ProgramData\Sun
2012-05-13 20:12:34 ----D---- C:\Program Files (x86)\Oracle
2012-05-13 20:12:06 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2012-05-13 20:12:06 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-05-13 20:12:06 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-05-13 20:12:00 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-05-13 20:12:00 ----A---- C:\Windows\SYSWOW64\java.exe
2012-05-13 20:11:53 ----D---- C:\Program Files (x86)\Java
2012-05-13 19:14:57 ----SD---- C:\32788R22FWJFW
2012-05-09 10:51:01 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-09 10:51:01 ----A---- C:\Windows\system32\DWrite.dll
2012-05-09 10:51:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-09 10:50:59 ----A---- C:\Windows\system32\win32k.sys
2012-05-09 10:50:58 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-09 10:50:58 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-09 10:50:07 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-09 10:49:36 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-04-17 20:23:48 ----A---- C:\Windows\SYSWOW64\wmi.dll
2012-04-17 20:23:48 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-04-17 20:23:48 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2012-04-17 20:23:48 ----A---- C:\Windows\system32\wmi.dll
2012-04-17 20:23:48 ----A---- C:\Windows\system32\wintrust.dll
2012-04-17 20:23:48 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-17 20:23:48 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-17 10:58:24 ----A---- C:\Windows\system32\mshtml.dll
2012-04-17 10:58:23 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-04-17 10:58:21 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-04-17 10:58:20 ----A---- C:\Windows\system32\iertutil.dll
2012-04-17 10:58:20 ----A---- C:\Windows\system32\ieframe.dll
2012-04-17 10:58:19 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-04-17 10:58:19 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-04-17 10:58:19 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-04-17 10:58:19 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-04-17 10:58:19 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-04-17 10:58:19 ----A---- C:\Windows\system32\wininet.dll
2012-04-17 10:58:19 ----A---- C:\Windows\system32\urlmon.dll
2012-04-17 10:58:19 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-17 10:58:19 ----A---- C:\Windows\system32\msfeeds.dll
2012-04-17 10:58:19 ----A---- C:\Windows\system32\ieui.dll
2012-04-17 10:58:18 ----A---- C:\Windows\SYSWOW64\url.dll
2012-04-17 10:58:18 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-04-17 10:58:18 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-04-17 10:58:18 ----A---- C:\Windows\system32\url.dll
2012-04-17 10:58:18 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-17 10:56:38 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-04-17 10:56:38 ----A---- C:\Windows\system32\rdpwsx.dll
2012-04-17 10:56:38 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-04-17 10:56:37 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-04-17 10:56:37 ----A---- C:\Windows\system32\rdpcorets.dll
2012-04-17 10:56:37 ----A---- C:\Windows\system32\rdpcore.dll
2012-04-17 10:56:37 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-04-17 10:56:37 ----A---- C:\Windows\system32\drivers\rdpwd.sys

======List of files/folders modified in the last 1 month======

2012-05-14 22:47:31 ----D---- C:\Windows\Tasks
2012-05-14 22:47:31 ----D---- C:\Windows\system32\wbem
2012-05-14 22:47:31 ----D---- C:\Windows\system32\DriverStore
2012-05-14 22:47:31 ----D---- C:\Windows\system32\drivers\etc
2012-05-14 22:47:31 ----D---- C:\Windows\system32\catroot2
2012-05-14 22:47:31 ----D---- C:\Windows\inf
2012-05-14 22:47:31 ----D---- C:\Windows
2012-05-14 22:47:30 ----D---- C:\Windows\system32\drivers
2012-05-14 22:47:26 ----D---- C:\Windows\registration
2012-05-14 22:47:23 ----D---- C:\Windows\system32\catroot
2012-05-14 22:47:22 ----D---- C:\Windows\Microsoft.NET
2012-05-14 22:47:17 ----RSD---- C:\Windows\assembly
2012-05-14 22:45:44 ----SHD---- C:\System Volume Information
2012-05-14 12:54:12 ----D---- C:\Windows\System32
2012-05-14 12:54:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-14 12:53:25 ----D---- C:\Windows\Temp
2012-05-14 12:52:08 ----D---- C:\Windows\Prefetch
2012-05-14 12:49:13 ----D---- C:\Windows\system32\config
2012-05-14 12:48:53 ----ASH---- C:\Windows\system32\dds_log_ad13.cmd
2012-05-13 22:18:48 ----SHD---- C:\Windows\Installer
2012-05-13 22:17:53 ----HD---- C:\Config.Msi
2012-05-13 22:04:58 ----D---- C:\Program Files\ESET
2012-05-13 21:48:46 ----RD---- C:\Program Files (x86)
2012-05-13 21:11:49 ----D---- C:\Windows\SysWOW64
2012-05-13 20:24:40 ----HD---- C:\ProgramData
2012-05-13 20:12:50 ----D---- C:\Program Files (x86)\Common Files
2012-05-10 09:15:05 ----D---- C:\Windows\winsxs
2012-05-09 18:51:10 ----A---- C:\Windows\system32\MRT.exe
2012-05-09 18:51:03 ----D---- C:\ProgramData\Microsoft Help
2012-05-09 18:42:23 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-05-09 18:42:03 ----D---- C:\Program Files\Windows Journal
2012-04-19 11:28:28 ----D---- C:\Windows\SYSWOW64\migration
2012-04-19 11:28:28 ----D---- C:\Program Files\Internet Explorer
2012-04-19 11:28:28 ----D---- C:\Program Files (x86)\Internet Explorer
2012-04-19 11:28:27 ----D---- C:\Windows\system32\migration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MDFSYSNT;MacDrive file system driver; C:\Windows\system32\drivers\MDFSYSNT.sys [2010-02-04 304232]
R0 MDPMGRNT;MacDrive Partition Driver; C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [2009-09-23 32352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 Tpkd;Tpkd; C:\Windows\system32\drivers\Tpkd.sys [2009-12-23 105592]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CBDisk;CBDisk; \??\C:\Windows\system32\drivers\CBDisk.sys [2010-01-13 70344]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2010-07-27 75648]
R2 aksfridge;aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [2010-09-27 131072]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2009-03-13 318464]
R2 Sentinel64;Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [2007-04-27 142120]
R3 BCM43XX;ASUS 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-10-23 2838008]
R3 CT20XUT.SYS;CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2010-07-07 697816]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2010-07-07 15960]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2010-07-07 213080]
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2010-07-07 118360]
R3 ha20x22k;Creative 20X2 HAL Driver; C:\Windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2010-07-07 179288]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 CT20XUT;CT20XUT; C:\Windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2010-07-07 580696]
S3 CTEXFIFX;CTEXFIFX; C:\Windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
S3 CTHWIUT;CTHWIUT; C:\Windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]
S3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2010-07-07 1567832]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2007-08-28 1209112]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2010-02-12 286720]
R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [2010-05-05 77824]
R2 hasplms;Sentinel HASP License Manager; C:\Windows\system32\hasplms.exe [2010-09-27 4180576]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 M4LIC;Mediafour M4LIC service; C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]
R2 MacDrive8Service;MacDrive 8 service; C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-01-07 218112]
R2 msvsmon90;Safety Settings Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Nexus Server;Nexus Server (Carbon Coder); C:\Program Files (x86)\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe [2011-04-24 757891]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 6237800]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 159336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2009-07-24 189728]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-03 79360]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-15 654848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-09 1255736]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe []
S4 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

-----------------EOF-----------------

#6 Příspěvek od **vyosek** » 15 kvě 2012 12:12

Prectete si prosim PMku...

Problem dale resit nebudeme, jedna se o firemni PC (jak jste psal v PMce), vy se bojite o ztratu dat\programu a ja si to triko nevezmu...Navic nebudeme tu delat praci za nekoho jineho...

VIRY.CZ

abnow.com - problém s internetem

abnow.com - problém s internetem

Re: abnow.com - problém s internetem

Re: abnow.com - problém s internetem

Re: abnow.com - problém s internetem

Re: abnow.com - problém s internetem

Re: abnow.com - problém s internetem