Kontrola logu - upozornění z UPC

Zpráva

Zick01 · #1 Příspěvek od **Zick01** » 11 kvě 2012 23:04

Dobrý den, dnes jsem se pídil, proč mi nejdou Torrenty a maily a na UPC mi řekli, že mi zablokovaly porty

a mám prý virus Torpig. Používal jsem antivir Avast a žádnou akci nezaznamenal... Takže jsem teď stáhl v trialu eset smart security 5 a ten mi našel nějakých 5 hrozeb mezi nimi byl Kryptik, provedl jsem smart kontrolu a viry odstranil.

Teď jsem pro jistotu udělal RSIT log a rád bych vás poprosil o případnou kontrolu, zda je vše v pořádku. Velmi děkuji za pomoc. Nejdou mi ani emaily

Logfile of random's system information tool 1.09 (written by random/random)
Run by Zick at 2012-05-11 23:54:45
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 3 GB (11%) free of 31 GB
Total RAM: 4094 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:54:49, on 11.5.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
D:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Zick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Zick.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Zick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeBridge] "D:\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - D:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8270 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
Ati2evxx.exe -Client
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\OO Software\Defrag\oodag.exe"
"C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\kX Audio Driver\3550\kxmixer.exe" --startup
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files\OO Software\Defrag\oodtray.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
"C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"
"D:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Users\Zick\AppData\Local\Google\Chrome\Application\chrome.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Users\Zick\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_http/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="3764.0.2114772882\1651043930" /prefetch:3
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\sppsvc.exe
"D:\Downloads\RSITx64.exe"
C:\Windows\System32\svchost.exe -k secsvcs

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559359669-2066989481-2770150702-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559359669-2066989481-2770150702-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Zick\AppData\Roaming\Mozilla\Firefox\Profiles\dr1nyho4.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.228 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.4.1]
"Description"=
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.228 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04 157576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-28 11101800]
"kX Mixer"=C:\Program Files\kX Audio Driver\3550\kxmixer.exe [2009-09-18 677896]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2011-10-26 3993936]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Zick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 136176]
"AdobeBridge"=D:\Adobe\Adobe Bridge CS5\Bridge.exe -stealth []
"KiesHelper"=C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2012-04-04 954256]
"KiesPDLR"=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-04-04 21392]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-11 61440]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"Device Detector"=C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe [2003-11-26 217088]
"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]
"RemoteControl"=d:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]
"LanguageShortcut"=d:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2012-04-04 3521424]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-11 23:54:45 ----D---- C:\rsit
2012-05-11 23:54:45 ----D---- C:\Program Files\trend micro
2012-05-11 20:45:42 ----D---- C:\Users\Zick\AppData\Roaming\ESET
2012-05-11 20:44:02 ----D---- C:\ProgramData\ESET
2012-05-11 20:44:02 ----D---- C:\Program Files\ESET
2012-05-11 19:06:57 ----D---- C:\Program Files (x86)\Oracle
2012-05-11 19:06:35 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2012-05-11 19:06:35 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-05-10 18:01:15 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-10 18:01:15 ----A---- C:\Windows\system32\DWrite.dll
2012-05-10 18:01:13 ----A---- C:\Windows\system32\win32k.sys
2012-05-10 18:01:13 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-10 18:01:12 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-10 18:01:12 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-10 17:56:22 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-10 17:53:38 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-04-29 12:23:29 ----D---- C:\ProgramData\Mozilla
2012-04-29 12:23:28 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-28 10:01:59 ----D---- C:\Temp
2012-04-28 09:52:05 ----A---- C:\Windows\SYSWOW64\Redemption.dll
2012-04-28 09:51:57 ----A---- C:\Windows\SYSWOW64\dgderapi.dll
2012-04-22 14:52:01 ----D---- C:\Program Files (x86)\Google
2012-04-12 22:43:20 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-04-12 22:43:20 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-12 22:43:19 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-04-12 22:43:19 ----A---- C:\Windows\system32\jscript9.dll
2012-04-12 22:43:19 ----A---- C:\Windows\system32\iertutil.dll
2012-04-12 22:43:18 ----A---- C:\Windows\SYSWOW64\url.dll
2012-04-12 22:43:18 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-04-12 22:43:18 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-04-12 22:43:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-04-12 22:43:18 ----A---- C:\Windows\system32\url.dll
2012-04-12 22:43:18 ----A---- C:\Windows\system32\ieui.dll
2012-04-12 22:43:17 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-04-12 22:43:17 ----A---- C:\Windows\system32\urlmon.dll
2012-04-12 22:43:17 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-12 22:43:17 ----A---- C:\Windows\system32\jscript.dll
2012-04-12 22:43:16 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-04-12 22:43:16 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-04-12 22:43:16 ----A---- C:\Windows\system32\wininet.dll
2012-04-12 22:43:15 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-04-12 22:43:14 ----A---- C:\Windows\system32\mshtml.dll
2012-04-12 22:43:13 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-04-12 22:43:12 ----A---- C:\Windows\system32\ieframe.dll
2012-04-12 22:41:58 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-04-12 22:41:58 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2012-04-12 22:41:58 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-12 22:41:58 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 22:41:57 ----A---- C:\Windows\SYSWOW64\wmi.dll
2012-04-12 22:41:57 ----A---- C:\Windows\system32\wmi.dll
2012-04-12 22:41:57 ----A---- C:\Windows\system32\wintrust.dll

======List of files/folders modified in the last 1 month======

2012-05-11 23:54:49 ----D---- C:\Windows\Prefetch
2012-05-11 23:54:45 ----RD---- C:\Program Files
2012-05-11 23:51:54 ----D---- C:\Windows
2012-05-11 23:50:46 ----D---- C:\Windows\system32\config
2012-05-11 23:46:31 ----D---- C:\Windows\Temp
2012-05-11 21:43:23 ----SHD---- C:\System Volume Information
2012-05-11 20:55:06 ----D---- C:\Windows\System32
2012-05-11 20:55:06 ----D---- C:\Windows\inf
2012-05-11 20:55:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-11 20:50:04 ----D---- C:\ProgramData\AVAST Software
2012-05-11 20:45:36 ----SHD---- C:\Windows\Installer
2012-05-11 20:45:09 ----D---- C:\Windows\system32\drivers
2012-05-11 20:45:05 ----D---- C:\Windows\system32\DriverStore
2012-05-11 20:45:05 ----D---- C:\Windows\system32\catroot
2012-05-11 20:44:02 ----HD---- C:\ProgramData
2012-05-11 20:43:57 ----D---- C:\Windows\SysWOW64
2012-05-11 20:10:40 ----D---- C:\Users\Zick\AppData\Roaming\uTorrent
2012-05-11 19:47:49 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2012-05-11 19:25:18 ----D---- C:\Program Files (x86)\uTorrent
2012-05-11 19:08:10 ----D---- C:\Users\Zick\AppData\Roaming\foobar2000
2012-05-11 19:07:15 ----D---- C:\Program Files (x86)\Common Files
2012-05-11 19:06:57 ----RD---- C:\Program Files (x86)
2012-05-11 19:06:21 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-05-11 19:06:21 ----A---- C:\Windows\SYSWOW64\java.exe
2012-05-11 19:06:20 ----D---- C:\Program Files (x86)\Java
2012-05-11 17:25:30 ----D---- C:\Windows\Microsoft.NET
2012-05-11 17:25:29 ----RSD---- C:\Windows\assembly
2012-05-11 16:12:19 ----D---- C:\Program Files (x86)\The KMPlayer
2012-05-11 13:54:36 ----D---- C:\Windows\winsxs
2012-05-10 23:38:15 ----A---- C:\Windows\system32\MRT.exe
2012-05-10 23:30:21 ----D---- C:\Program Files\Windows Journal
2012-05-10 17:43:47 ----D---- C:\Windows\system32\catroot2
2012-05-06 15:28:53 ----D---- C:\Users\Zick\AppData\Roaming\FileZilla
2012-04-29 12:23:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-04-28 09:51:53 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-04-28 09:51:24 ----D---- C:\ProgramData\Samsung
2012-04-28 09:50:20 ----D---- C:\Users\Zick\AppData\Roaming\Samsung
2012-04-28 09:50:15 ----D---- C:\Windows\SYSWOW64\drivers
2012-04-28 09:50:15 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2012-04-13 13:03:47 ----D---- C:\Windows\SYSWOW64\migration
2012-04-13 13:03:47 ----D---- C:\Windows\system32\migration
2012-04-13 13:03:47 ----D---- C:\Program Files\Internet Explorer
2012-04-13 13:03:47 ----D---- C:\Program Files (x86)\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2009-08-13 112240]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2010-01-29 115600]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\d:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [2007-11-03 32240]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-11 5352960]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-28 2445672]
R3 kxwdmdrv;kX WDM Driver Service; C:\Windows\system32\drivers\kx.sys [2009-09-18 765448]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-10-27 36328]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2011-01-20 20552]
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-10-27 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-10-27 146920]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2011-10-27 136264]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2011-10-27 19016]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2011-10-27 172104]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2011-01-20 16392]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2010-02-11 952320]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2011-10-26 3272016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2007-10-15 243056]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; D:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-29 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-21 1255736]

-----------------EOF-----------------

Zick01 · #2 Příspěvek od **Zick01** » 12 kvě 2012 13:34

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 15 Stepping 7, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/05/12 (ISO 8601) at 14:18:07
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __WDC WD2500KS-00MJB0 (02.01C03)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR1 __Hitachi HDT725050VLA360 (V56OA7EA)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk2\DR2 __SAMSUNG HD103SJ (1AJ10001)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk3\DR3 __WDC WD800BB-22JHC0 (500.)
BUS_TYPE       : (0x08)  RAID
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : dword aligned
________________________________________________________________________________

Device\Harddisk0\DR0	232.9 Go  [Fixed] ==> 7 MBR Code

MBR_MD5   : 80052595297BA6EAF3FD1B26FA13A41B
MBR_SHA1  : 7BCDE5E0E67F3CD0EF0957DA0485148FC152202A

Device\Harddisk0\Partition1	232.9 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

Device\Harddisk1\DR1	465.8 Go  [Fixed] ==> 7 MBR Code

MBR_MD5   : DA348668A5FF485E715E2271B1D4E212
MBR_SHA1  : 4CB4FA6734BBCBDBF2CB134C52E34A22F9496723

Device\Harddisk1\Partition1	465.8 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

Device\Harddisk2\DR2	931.5 Go  [Fixed] ==> 7 MBR Code

MBR_MD5   : 49550D65350D39D413BCC3ABBCD74209
MBR_SHA1  : 1610CC16EE7F3774D1322F6C7D550C831D036404

Device\Harddisk2\Partition1	30.76 Go  	0x07 NTFS / HPFS
Device\Harddisk2\Partition2	900.7 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk3\DR3	74.53 Go  [Fixed] ==> 7 MBR Code .

MBR_MD5   : 3EF4B3695A702773F22A47EA52089339
MBR_SHA1  : 7265EDCCEA97434779851DC13AD52CB130EC7B57

Device\Harddisk3\Partition1	74.53 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x025EC000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00B7B000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C71000
SIZE    : 316.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00CD4000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00D32000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E8B000
SIZE    : 656.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F2F000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F3E000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00F95000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00F9E000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00FA8000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00FDB000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00FE8000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00E15000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\system32\drivers\pciide.sys => Invisible on the disk
ADDRESS : 0x00E71000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x00E78000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\vmbus.sys => Invisible on the disk
ADDRESS : 0x00C1A000
SIZE    : 240.0 Ko

DRIVER  : C:\Windows\system32\drivers\winhv.sys => Invisible on the disk
ADDRESS : 0x00C56000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x00DF2000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x010A1000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\jraid.sys => Invisible on the disk
ADDRESS : 0x010CB000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\SCSIPORT.SYS => Invisible on the disk
ADDRESS : 0x010E9000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x01118000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x01123000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x0116F000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01252000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01183000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x0121B000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x0122C000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x014B1000
SIZE    : 972.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01460000
SIZE    : 172.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x016AA000
SIZE    : 2.01 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x018AD000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\epfwwfp.sys => Invisible on the disk
ADDRESS : 0x018F7000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x0190C000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x0191C000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01968000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01970000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x019AA000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x019BC000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x019C5000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01616000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\system32\drivers\cdrom.sys => Invisible on the disk
ADDRESS : 0x0167C000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x0148B000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x01494000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ehdrv.sys => Invisible on the disk
ADDRESS : 0x015A4000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x015CB000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x015D9000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x0149B000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x01236000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x0123F000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x01248000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x013F5000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x01072000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x02C38000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x02C5A000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x02C67000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x02CF0000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x02D35000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x02D3E000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\EpfwLWF.sys => Invisible on the disk
ADDRESS : 0x02D64000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x02D71000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk
ADDRESS : 0x02D80000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x02D9D000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x02DB8000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x02E14000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x02E65000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x02E71000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x02E9A000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x02EA9000
SIZE    : 524.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x02F2C000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x02F4A000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x02F5B000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x02F81000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\atikmdag.sys => Invisible on the disk
ADDRESS : 0x0304E000
SIZE    : 5.44 Mo

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x0366E000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x03762000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbuhci.sys => Invisible on the disk
ADDRESS : 0x037A8000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x03600000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x03656000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x037B5000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk
ADDRESS : 0x02F97000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\kx.sys => Invisible on the disk
ADDRESS : 0x038A6000
SIZE    : 744.0 Ko

DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x03960000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x0399D000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x03800000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x03843000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\system32\drivers\1394ohci.sys => Invisible on the disk
ADDRESS : 0x03849000
SIZE    : 248.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\fdc.sys => Invisible on the disk
ADDRESS : 0x03887000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk
ADDRESS : 0x03894000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\parport.sys => Invisible on the disk
ADDRESS : 0x039BF000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x039DC000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x037D9000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x035BE000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x039EC000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x03000000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x0302F000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x02DCC000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x035E2000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x037EF000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\kbdclass.sys => Invisible on the disk
ADDRESS : 0x02FEE000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\mouclass.sys => Invisible on the disk
ADDRESS : 0x02E00000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x039F8000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\MarvinBus64.sys => Invisible on the disk
ADDRESS : 0x040FF000
SIZE    : 272.0 Ko

DRIVER  : C:\Windows\system32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x04143000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x04155000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\flpydisk.sys => Invisible on the disk
ADDRESS : 0x041AF000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x041BA000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x058AB000
SIZE    : 2.33 Mo

DRIVER  : C:\Windows\system32\drivers\hidusb.sys => Invisible on the disk
ADDRESS : 0x05AFF000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\drivers\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x05B0D000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\drivers\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x05B26000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\USBD.SYS => Invisible on the disk
ADDRESS : 0x05B2F000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x05B31000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\drivers\kbdhid.sys => Invisible on the disk
ADDRESS : 0x05B5B000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\udfs.sys => Invisible on the disk
ADDRESS : 0x05B69000
SIZE    : 340.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x05BBE000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x05BCC000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00070000
SIZE    : 3.08 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x05BF4000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x05800000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00500000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00700000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x0580E000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\eamonm.sys => Invisible on the disk
ADDRESS : 0x04000000
SIZE    : 904.0 Ko

DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x05831000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\epfw.sys => Invisible on the disk
ADDRESS : 0x05852000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x05883000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x040E2000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x0666A000
SIZE    : 804.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x06733000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x06751000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x06769000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x06796000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x06600000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x070B5000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x0715B000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x07166000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x07197000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x07000000
SIZE    : 420.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x07820000
SIZE    : 608.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x078B8000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x0790B000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x0791E000
SIZE    : 216.0 Ko

DRIVER  : C:\Windows\system32\drivers\spsys.sys => Invisible on the disk
ADDRESS : 0x07954000
SIZE    : 452.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x079C5000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x479B0000
SIZE    : 128.0 Ko

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 74 05 80 EE 02 03 80 20   em...c{.t..î... 
0x000001C0   21 00 07 FE FF FF 00 08 00 00 00 40 1C 1D 00 00   !..þ.......@....
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    33c0            XOR AX, AX   
0x0002    8ed0            MOV SS, AX   
0x0004    bc 007c         MOV SP, 0x7c00   
0x0007    8ec0            MOV ES, AX   
0x0009    8ed8            MOV DS, AX   
0x000B    be 007c         MOV SI, 0x7c00   
0x000E    bf 0006         MOV DI, 0x600   
0x0011    b9 0002         MOV CX, 0x200   
0x0014    fc              CLD   
0x0015    f3 a4           REP MOVSB   
0x0017    50              PUSH AX   
0x0018    68 1c06         PUSH 0x61c   
0x001B    cb              RETF   
0x001C    fb              STI   
0x001D    b9 0400         MOV CX, 0x4   
0x0020    bd be07         MOV BP, 0x7be   
0x0023    807e 00 00      CMP BYTE [BP+0x0], 0x0   
0x0027    7c 0b           JL 0x34   
0x0029    0f85 0e01       JNZ 0x13b   
0x002D    83c5 10         ADD BP, 0x10   
0x0030    e2 f1           LOOP 0x23   
0x0032    cd 18           INT 0x18   
0x0034    8856 00         MOV [BP+0x0], DL   
0x0037    55              PUSH BP   
0x0038    c646 11 05      MOV BYTE [BP+0x11], 0x5   
0x003C    c646 10 00      MOV BYTE [BP+0x10], 0x0   
0x0040    b4 41           MOV AH, 0x41   
0x0042    bb aa55         MOV BX, 0x55aa   
0x0045    cd 13           INT 0x13   
0x0047    5d              POP BP   
0x0048    72 0f           JB 0x59   
0x004A    81fb 55aa       CMP BX, 0xaa55   
0x004E    75 09           JNZ 0x59   
0x0050    f7c1 0100       TEST CX, 0x1   
0x0054    74 03           JZ 0x59   
0x0056    fe46 10         INC BYTE [BP+0x10]   
0x0059    66 60           PUSHAD   
0x005B    807e 10 00      CMP BYTE [BP+0x10], 0x0   
0x005F    74 26           JZ 0x87   
0x0061    66 68 00000000  PUSH 0x0   
0x0067    66 ff76 08      PUSH DWORD [BP+0x8]   
0x006B    68 0000         PUSH 0x0   
0x006E    68 007c         PUSH 0x7c00   
0x0071    68 0100         PUSH 0x1   
0x0074    68 1000         PUSH 0x10   
0x0077    b4 42           MOV AH, 0x42   
0x0079    8a56 00         MOV DL, [BP+0x0]   
0x007C    8bf4            MOV SI, SP   
0x007E    cd 13           INT 0x13   
0x0080    9f              LAHF   
0x0081    83c4 10         ADD SP, 0x10   
0x0084    9e              SAHF   
0x0085    eb 14           JMP 0x9b   
0x0087    b8 0102         MOV AX, 0x201   
0x008A    bb 007c         MOV BX, 0x7c00   
0x008D    8a56 00         MOV DL, [BP+0x0]   
0x0090    8a76 01         MOV DH, [BP+0x1]   
0x0093    8a4e 02         MOV CL, [BP+0x2]   
0x0096    8a6e 03         MOV CH, [BP+0x3]   
0x0099    cd 13           INT 0x13   
0x009B    66 61           POPAD   
0x009D    73 1c           JAE 0xbb   
0x009F    fe4e 11         DEC BYTE [BP+0x11]   
0x00A2    75 0c           JNZ 0xb0   
0x00A4    807e 00 80      CMP BYTE [BP+0x0], 0x80   
0x00A8    0f84 8a00       JZ 0x136   
0x00AC    b2 80           MOV DL, 0x80   
0x00AE    eb 84           JMP 0x34   
0x00B0    55              PUSH BP   
0x00B1    32e4            XOR AH, AH   
0x00B3    8a56 00         MOV DL, [BP+0x0]   
0x00B6    cd 13           INT 0x13   
0x00B8    5d              POP BP   
0x00B9    eb 9e           JMP 0x59   
0x00BB    813e fe7d 55aa  CMP WORD [0x7dfe], 0xaa55   
0x00C1    75 6e           JNZ 0x131   
0x00C3    ff76 00         PUSH WORD [BP+0x0]   
0x00C6    e8 8d00         CALL 0x156   
0x00C9    75 17           JNZ 0xe2   
0x00CB    fa              CLI   
0x00CC    b0 d1           MOV AL, 0xd1   
0x00CE    e6 64           OUT 0x64, AL   
0x00D0    e8 8300         CALL 0x156   
0x00D3    b0 df           MOV AL, 0xdf   
0x00D5    e6 60           OUT 0x60, AL   
0x00D7    e8 7c00         CALL 0x156   
0x00DA    b0 ff           MOV AL, 0xff   
0x00DC    e6 64           OUT 0x64, AL   
0x00DE    e8 7500         CALL 0x156   
0x00E1    fb              STI   
0x00E2    b8 00bb         MOV AX, 0xbb00   
0x00E5    cd 1a           INT 0x1a   
0x00E7    66 23c0         AND EAX, EAX   
0x00EA    75 3b           JNZ 0x127   
0x00EC    66 81fb 54435041CMP EBX, 0x41504354   
0x00F3    75 32           JNZ 0x127   
0x00F5    81f9 0201       CMP CX, 0x102   
0x00F9    72 2c           JB 0x127   
0x00FB    66 68 07bb0000  PUSH 0xbb07   
0x0101    66 68 00020000  PUSH 0x200   
0x0107    66 68 08000000  PUSH 0x8   
0x010D    66 53           PUSH EBX   
0x010F    66 53           PUSH EBX   
0x0111    66 55           PUSH EBP   
0x0113    66 68 00000000  PUSH 0x0   
0x0119    66 68 007c0000  PUSH 0x7c00   
0x011F    66 61           POPAD   
0x0121    68 0000         PUSH 0x0   
0x0124    07              POP ES   
0x0125    cd 1a           INT 0x1a   
0x0127    5a              POP DX   
0x0128    32f6            XOR DH, DH   
0x012A    ea 007c 0000    JMP FAR 0x0:0x7c00   
0x012F    cd 18           INT 0x18   
0x0131    a0 b707         MOV AL, [0x7b7]   
0x0134    eb 08           JMP 0x13e   
0x0136    a0 b607         MOV AL, [0x7b6]   
0x0139    eb 03           JMP 0x13e   
0x013B    a0 b507         MOV AL, [0x7b5]   
0x013E    32e4            XOR AH, AH   
0x0140    05 0007         ADD AX, 0x700   
0x0143    8bf0            MOV SI, AX   
0x0145    ac              LODSB   
0x0146    3c 00           CMP AL, 0x0   
0x0148    74 09           JZ 0x153   
0x014A    bb 0700         MOV BX, 0x7   
0x014D    b4 0e           MOV AH, 0xe   
0x014F    cd 10           INT 0x10   
0x0151    eb f2           JMP 0x145   
0x0153    f4              HLT   
0x0154    eb fd           JMP 0x153   
0x0156    2bc9            SUB CX, CX   
0x0158    e4 64           IN AL, 0x64   
0x015A    eb 00           JMP 0x15c   
0x015C    24 02           AND AL, 0x2   
0x015E    e0 f8           LOOPNZ 0x158   
0x0160    24 02           AND AL, 0x2   
0x0162    c3              RET   
0x0163    49              DEC CX   
0x0164    6e              OUTSB   
0x0165    76 61           JBE 0x1c8   
0x0167    6c              INSB   
0x0168    6964 20 7061    IMUL SP, [SI+0x20], 0x6170   
0x016D    72 74           JB 0x1e3   
0x016F    6974 69 6f6e    IMUL SI, [SI+0x69], 0x6e6f   
0x0174    2074 61         AND [SI+0x61], DH   
0x0177    626c 65         BOUND BP, [SI+0x65]   
0x017A    0045 72         ADD [DI+0x72], AL   
0x017D    72 6f           JB 0x1ee   
0x017F    72 20           JB 0x1a1   
0x0181    6c              INSB   
0x0182    6f              OUTSW   
0x0183    61              POPA   
0x0184    64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20   
0x018A    70 65           JO 0x1f1   
0x018C    72 61           JB 0x1ef   
0x018E    74 69           JZ 0x1f9   
0x0190    6e              OUTSB   
0x0191    67 2073 79      AND [EBX+0x79], DH   
0x0195    73 74           JAE 0x20b   
0x0197    65 6d           INS WORD GS:[DI], DX   
0x0199    004d 69         ADD [DI+0x69], CL   
0x019C    73 73           JAE 0x211   
0x019E    696e 67 206f    IMUL BP, [BP+0x67], 0x6f20   
0x01A3    70 65           JO 0x20a   
0x01A5    72 61           JB 0x208   
0x01A7    74 69           JZ 0x212   
0x01A9    6e              OUTSB   
0x01AA    67 2073 79      AND [EBX+0x79], DH   
0x01AE    73 74           JAE 0x224   
0x01B0    65 6d           INS WORD GS:[DI], DX   
0x01B2    0000            ADD [BX+SI], AL   
0x01B4    0063 7b         ADD [BP+DI+0x7b], AH   
0x01B7    9a 7405 80ee    CALL FAR 0xee80:0x574   
0x01BC    0203            ADD AL, [BP+DI]   
0x01BE    8020 21         AND BYTE [BX+SI], 0x21   
0x01C1    0007            ADD [BX], AL   
0x01C3    fe              DB 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff00            INC WORD [BX+SI]   
0x01C7    0800            OR [BX+SI], AL   
0x01C9    0000            ADD [BX+SI], AL   
0x01CB    40              INC AX   
0x01CC    1c 1d           SBB AL, 0x1d   
0x01CE    0000            ADD [BX+SI], AL   
0x01D0    0000            ADD [BX+SI], AL   
0x01D2    0000            ADD [BX+SI], AL   
0x01D4    0000            ADD [BX+SI], AL   
0x01D6    0000            ADD [BX+SI], AL   
0x01D8    0000            ADD [BX+SI], AL   
0x01DA    0000            ADD [BX+SI], AL   
0x01DC    0000            ADD [BX+SI], AL   
0x01DE    0000            ADD [BX+SI], AL   
0x01E0    0000            ADD [BX+SI], AL   
0x01E2    0000            ADD [BX+SI], AL   
0x01E4    0000            ADD [BX+SI], AL   
0x01E6    0000            ADD [BX+SI], AL   
0x01E8    0000            ADD [BX+SI], AL   
0x01EA    0000            ADD [BX+SI], AL   
0x01EC    0000            ADD [BX+SI], AL   
0x01EE    0000            ADD [BX+SI], AL   
0x01F0    0000            ADD [BX+SI], AL   
0x01F2    0000            ADD [BX+SI], AL   
0x01F4    0000            ADD [BX+SI], AL   
0x01F6    0000            ADD [BX+SI], AL   
0x01F8    0000            ADD [BX+SI], AL   
0x01FA    0000            ADD [BX+SI], AL   
0x01FC    0000            ADD [BX+SI], AL   
0x01FE    55              PUSH BP   
0x01FF    aa              STOSB   


_______MBR   \Device\Harddisk1\DR1  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 0C BB F2 12 00 00 80 01   em...c{..»ò.....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 02 4C 38 3A 00 00   ...þ..?....L8:..
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    33c0            XOR AX, AX   
0x0002    8ed0            MOV SS, AX   
0x0004    bc 007c         MOV SP, 0x7c00   
0x0007    8ec0            MOV ES, AX   
0x0009    8ed8            MOV DS, AX   
0x000B    be 007c         MOV SI, 0x7c00   
0x000E    bf 0006         MOV DI, 0x600   
0x0011    b9 0002         MOV CX, 0x200   
0x0014    fc              CLD   
0x0015    f3 a4           REP MOVSB   
0x0017    50              PUSH AX   
0x0018    68 1c06         PUSH 0x61c   
0x001B    cb              RETF   
0x001C    fb              STI   
0x001D    b9 0400         MOV CX, 0x4   
0x0020    bd be07         MOV BP, 0x7be   
0x0023    807e 00 00      CMP BYTE [BP+0x0], 0x0   
0x0027    7c 0b           JL 0x34   
0x0029    0f85 0e01       JNZ 0x13b   
0x002D    83c5 10         ADD BP, 0x10   
0x0030    e2 f1           LOOP 0x23   
0x0032    cd 18           INT 0x18   
0x0034    8856 00         MOV [BP+0x0], DL   
0x0037    55              PUSH BP   
0x0038    c646 11 05      MOV BYTE [BP+0x11], 0x5   
0x003C    c646 10 00      MOV BYTE [BP+0x10], 0x0   
0x0040    b4 41           MOV AH, 0x41   
0x0042    bb aa55         MOV BX, 0x55aa   
0x0045    cd 13           INT 0x13   
0x0047    5d              POP BP   
0x0048    72 0f           JB 0x59   
0x004A    81fb 55aa       CMP BX, 0xaa55   
0x004E    75 09           JNZ 0x59   
0x0050    f7c1 0100       TEST CX, 0x1   
0x0054    74 03           JZ 0x59   
0x0056    fe46 10         INC BYTE [BP+0x10]   
0x0059    66 60           PUSHAD   
0x005B    807e 10 00      CMP BYTE [BP+0x10], 0x0   
0x005F    74 26           JZ 0x87   
0x0061    66 68 00000000  PUSH 0x0   
0x0067    66 ff76 08      PUSH DWORD [BP+0x8]   
0x006B    68 0000         PUSH 0x0   
0x006E    68 007c         PUSH 0x7c00   
0x0071    68 0100         PUSH 0x1   
0x0074    68 1000         PUSH 0x10   
0x0077    b4 42           MOV AH, 0x42   
0x0079    8a56 00         MOV DL, [BP+0x0]   
0x007C    8bf4            MOV SI, SP   
0x007E    cd 13           INT 0x13   
0x0080    9f              LAHF   
0x0081    83c4 10         ADD SP, 0x10   
0x0084    9e              SAHF   
0x0085    eb 14           JMP 0x9b   
0x0087    b8 0102         MOV AX, 0x201   
0x008A    bb 007c         MOV BX, 0x7c00   
0x008D    8a56 00         MOV DL, [BP+0x0]   
0x0090    8a76 01         MOV DH, [BP+0x1]   
0x0093    8a4e 02         MOV CL, [BP+0x2]   
0x0096    8a6e 03         MOV CH, [BP+0x3]   
0x0099    cd 13           INT 0x13   
0x009B    66 61           POPAD   
0x009D    73 1c           JAE 0xbb   
0x009F    fe4e 11         DEC BYTE [BP+0x11]   
0x00A2    75 0c           JNZ 0xb0   
0x00A4    807e 00 80      CMP BYTE [BP+0x0], 0x80   
0x00A8    0f84 8a00       JZ 0x136   
0x00AC    b2 80           MOV DL, 0x80   
0x00AE    eb 84           JMP 0x34   
0x00B0    55              PUSH BP   
0x00B1    32e4            XOR AH, AH   
0x00B3    8a56 00         MOV DL, [BP+0x0]   
0x00B6    cd 13           INT 0x13   
0x00B8    5d              POP BP   
0x00B9    eb 9e           JMP 0x59   
0x00BB    813e fe7d 55aa  CMP WORD [0x7dfe], 0xaa55   
0x00C1    75 6e           JNZ 0x131   
0x00C3    ff76 00         PUSH WORD [BP+0x0]   
0x00C6    e8 8d00         CALL 0x156   
0x00C9    75 17           JNZ 0xe2   
0x00CB    fa              CLI   
0x00CC    b0 d1           MOV AL, 0xd1   
0x00CE    e6 64           OUT 0x64, AL   
0x00D0    e8 8300         CALL 0x156   
0x00D3    b0 df           MOV AL, 0xdf   
0x00D5    e6 60           OUT 0x60, AL   
0x00D7    e8 7c00         CALL 0x156   
0x00DA    b0 ff           MOV AL, 0xff   
0x00DC    e6 64           OUT 0x64, AL   
0x00DE    e8 7500         CALL 0x156   
0x00E1    fb              STI   
0x00E2    b8 00bb         MOV AX, 0xbb00   
0x00E5    cd 1a           INT 0x1a   
0x00E7    66 23c0         AND EAX, EAX   
0x00EA    75 3b           JNZ 0x127   
0x00EC    66 81fb 54435041CMP EBX, 0x41504354   
0x00F3    75 32           JNZ 0x127   
0x00F5    81f9 0201       CMP CX, 0x102   
0x00F9    72 2c           JB 0x127   
0x00FB    66 68 07bb0000  PUSH 0xbb07   
0x0101    66 68 00020000  PUSH 0x200   
0x0107    66 68 08000000  PUSH 0x8   
0x010D    66 53           PUSH EBX   
0x010F    66 53           PUSH EBX   
0x0111    66 55           PUSH EBP   
0x0113    66 68 00000000  PUSH 0x0   
0x0119    66 68 007c0000  PUSH 0x7c00   
0x011F    66 61           POPAD   
0x0121    68 0000         PUSH 0x0   
0x0124    07              POP ES   
0x0125    cd 1a           INT 0x1a   
0x0127    5a              POP DX   
0x0128    32f6            XOR DH, DH   
0x012A    ea 007c 0000    JMP FAR 0x0:0x7c00   
0x012F    cd 18           INT 0x18   
0x0131    a0 b707         MOV AL, [0x7b7]   
0x0134    eb 08           JMP 0x13e   
0x0136    a0 b607         MOV AL, [0x7b6]   
0x0139    eb 03           JMP 0x13e   
0x013B    a0 b507         MOV AL, [0x7b5]   
0x013E    32e4            XOR AH, AH   
0x0140    05 0007         ADD AX, 0x700   
0x0143    8bf0            MOV SI, AX   
0x0145    ac              LODSB   
0x0146    3c 00           CMP AL, 0x0   
0x0148    74 09           JZ 0x153   
0x014A    bb 0700         MOV BX, 0x7   
0x014D    b4 0e           MOV AH, 0xe   
0x014F    cd 10           INT 0x10   
0x0151    eb f2           JMP 0x145   
0x0153    f4              HLT   
0x0154    eb fd           JMP 0x153   
0x0156    2bc9            SUB CX, CX   
0x0158    e4 64           IN AL, 0x64   
0x015A    eb 00           JMP 0x15c   
0x015C    24 02           AND AL, 0x2   
0x015E    e0 f8           LOOPNZ 0x158   
0x0160    24 02           AND AL, 0x2   
0x0162    c3              RET   
0x0163    49              DEC CX   
0x0164    6e              OUTSB   
0x0165    76 61           JBE 0x1c8   
0x0167    6c              INSB   
0x0168    6964 20 7061    IMUL SP, [SI+0x20], 0x6170   
0x016D    72 74           JB 0x1e3   
0x016F    6974 69 6f6e    IMUL SI, [SI+0x69], 0x6e6f   
0x0174    2074 61         AND [SI+0x61], DH   
0x0177    626c 65         BOUND BP, [SI+0x65]   
0x017A    0045 72         ADD [DI+0x72], AL   
0x017D    72 6f           JB 0x1ee   
0x017F    72 20           JB 0x1a1   
0x0181    6c              INSB   
0x0182    6f              OUTSW   
0x0183    61              POPA   
0x0184    64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20   
0x018A    70 65           JO 0x1f1   
0x018C    72 61           JB 0x1ef   
0x018E    74 69           JZ 0x1f9   
0x0190    6e              OUTSB   
0x0191    67 2073 79      AND [EBX+0x79], DH   
0x0195    73 74           JAE 0x20b   
0x0197    65 6d           INS WORD GS:[DI], DX   
0x0199    004d 69         ADD [DI+0x69], CL   
0x019C    73 73           JAE 0x211   
0x019E    696e 67 206f    IMUL BP, [BP+0x67], 0x6f20   
0x01A3    70 65           JO 0x20a   
0x01A5    72 61           JB 0x208   
0x01A7    74 69           JZ 0x212   
0x01A9    6e              OUTSB   
0x01AA    67 2073 79      AND [EBX+0x79], DH   
0x01AE    73 74           JAE 0x224   
0x01B0    65 6d           INS WORD GS:[DI], DX   
0x01B2    0000            ADD [BX+SI], AL   
0x01B4    0063 7b         ADD [BP+DI+0x7b], AH   
0x01B7    9a 0cbb f212    CALL FAR 0x12f2:0xbb0c   
0x01BC    0000            ADD [BX+SI], AL   
0x01BE    8001 01         ADD BYTE [BX+DI], 0x1   
0x01C1    0007            ADD [BX], AL   
0x01C3    fe              DB 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff              DB 0xff   
0x01C6    3f              AAS   
0x01C7    0000            ADD [BX+SI], AL   
0x01C9    0002            ADD [BP+SI], AL   
0x01CB    4c              DEC SP   
0x01CC    383a            CMP [BP+SI], BH   
0x01CE    0000            ADD [BX+SI], AL   
0x01D0    0000            ADD [BX+SI], AL   
0x01D2    0000            ADD [BX+SI], AL   
0x01D4    0000            ADD [BX+SI], AL   
0x01D6    0000            ADD [BX+SI], AL   
0x01D8    0000            ADD [BX+SI], AL   
0x01DA    0000            ADD [BX+SI], AL   
0x01DC    0000            ADD [BX+SI], AL   
0x01DE    0000            ADD [BX+SI], AL   
0x01E0    0000            ADD [BX+SI], AL   
0x01E2    0000            ADD [BX+SI], AL   
0x01E4    0000            ADD [BX+SI], AL   
0x01E6    0000            ADD [BX+SI], AL   
0x01E8    0000            ADD [BX+SI], AL   
0x01EA    0000            ADD [BX+SI], AL   
0x01EC    0000            ADD [BX+SI], AL   
0x01EE    0000            ADD [BX+SI], AL   
0x01F0    0000            ADD [BX+SI], AL   
0x01F2    0000            ADD [BX+SI], AL   
0x01F4    0000            ADD [BX+SI], AL   
0x01F6    0000            ADD [BX+SI], AL   
0x01F8    0000            ADD [BX+SI], AL   
0x01FA    0000            ADD [BX+SI], AL   
0x01FC    0000            ADD [BX+SI], AL   
0x01FE    55              PUSH BP   
0x01FF    aa              STOSB   


_______MBR   \Device\Harddisk2\DR2  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 59 19 FC D1 00 00 00 20   em...c{.Y.üÑ... 
0x000001C0   21 00 07 FE FF FF 00 08 00 00 00 60 D8 03 00 FE   !..þ.......`Ø..þ
0x000001D0   FF FF 07 FE FF FF 00 68 D8 03 00 F0 97 70 00 00   ...þ...hØ..ð.p..
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    33c0            XOR AX, AX   
0x0002    8ed0            MOV SS, AX   
0x0004    bc 007c         MOV SP, 0x7c00   
0x0007    8ec0            MOV ES, AX   
0x0009    8ed8            MOV DS, AX   
0x000B    be 007c         MOV SI, 0x7c00   
0x000E    bf 0006         MOV DI, 0x600   
0x0011    b9 0002         MOV CX, 0x200   
0x0014    fc              CLD   
0x0015    f3 a4           REP MOVSB   
0x0017    50              PUSH AX   
0x0018    68 1c06         PUSH 0x61c   
0x001B    cb              RETF   
0x001C    fb              STI   
0x001D    b9 0400         MOV CX, 0x4   
0x0020    bd be07         MOV BP, 0x7be   
0x0023    807e 00 00      CMP BYTE [BP+0x0], 0x0   
0x0027    7c 0b           JL 0x34   
0x0029    0f85 0e01       JNZ 0x13b   
0x002D    83c5 10         ADD BP, 0x10   
0x0030    e2 f1           LOOP 0x23   
0x0032    cd 18           INT 0x18   
0x0034    8856 00         MOV [BP+0x0], DL   
0x0037    55              PUSH BP   
0x0038    c646 11 05      MOV BYTE [BP+0x11], 0x5   
0x003C    c646 10 00      MOV BYTE [BP+0x10], 0x0   
0x0040    b4 41           MOV AH, 0x41   
0x0042    bb aa55         MOV BX, 0x55aa   
0x0045    cd 13           INT 0x13   
0x0047    5d              POP BP   
0x0048    72 0f           JB 0x59   
0x004A    81fb 55aa       CMP BX, 0xaa55   
0x004E    75 09           JNZ 0x59   
0x0050    f7c1 0100       TEST CX, 0x1   
0x0054    74 03           JZ 0x59   
0x0056    fe46 10         INC BYTE [BP+0x10]   
0x0059    66 60           PUSHAD   
0x005B    807e 10 00      CMP BYTE [BP+0x10], 0x0   
0x005F    74 26           JZ 0x87   
0x0061    66 68 00000000  PUSH 0x0   
0x0067    66 ff76 08      PUSH DWORD [BP+0x8]   
0x006B    68 0000         PUSH 0x0   
0x006E    68 007c         PUSH 0x7c00   
0x0071    68 0100         PUSH 0x1   
0x0074    68 1000         PUSH 0x10   
0x0077    b4 42           MOV AH, 0x42   
0x0079    8a56 00         MOV DL, [BP+0x0]   
0x007C    8bf4            MOV SI, SP   
0x007E    cd 13           INT 0x13   
0x0080    9f              LAHF   
0x0081    83c4 10         ADD SP, 0x10   
0x0084    9e              SAHF   
0x0085    eb 14           JMP 0x9b   
0x0087    b8 0102         MOV AX, 0x201   
0x008A    bb 007c         MOV BX, 0x7c00   
0x008D    8a56 00         MOV DL, [BP+0x0]   
0x0090    8a76 01         MOV DH, [BP+0x1]   
0x0093    8a4e 02         MOV CL, [BP+0x2]   
0x0096    8a6e 03         MOV CH, [BP+0x3]   
0x0099    cd 13           INT 0x13   
0x009B    66 61           POPAD   
0x009D    73 1c           JAE 0xbb   
0x009F    fe4e 11         DEC BYTE [BP+0x11]   
0x00A2    75 0c           JNZ 0xb0   
0x00A4    807e 00 80      CMP BYTE [BP+0x0], 0x80   
0x00A8    0f84 8a00       JZ 0x136   
0x00AC    b2 80           MOV DL, 0x80   
0x00AE    eb 84           JMP 0x34   
0x00B0    55              PUSH BP   
0x00B1    32e4            XOR AH, AH   
0x00B3    8a56 00         MOV DL, [BP+0x0]   
0x00B6    cd 13           INT 0x13   
0x00B8    5d              POP BP   
0x00B9    eb 9e           JMP 0x59   
0x00BB    813e fe7d 55aa  CMP WORD [0x7dfe], 0xaa55   
0x00C1    75 6e           JNZ 0x131   
0x00C3    ff76 00         PUSH WORD [BP+0x0]   
0x00C6    e8 8d00         CALL 0x156   
0x00C9    75 17           JNZ 0xe2   
0x00CB    fa              CLI   
0x00CC    b0 d1           MOV AL, 0xd1   
0x00CE    e6 64           OUT 0x64, AL   
0x00D0    e8 8300         CALL 0x156   
0x00D3    b0 df           MOV AL, 0xdf   
0x00D5    e6 60           OUT 0x60, AL   
0x00D7    e8 7c00         CALL 0x156   
0x00DA    b0 ff           MOV AL, 0xff   
0x00DC    e6 64           OUT 0x64, AL   
0x00DE    e8 7500         CALL 0x156   
0x00E1    fb              STI   
0x00E2    b8 00bb         MOV AX, 0xbb00   
0x00E5    cd 1a           INT 0x1a   
0x00E7    66 23c0         AND EAX, EAX   
0x00EA    75 3b           JNZ 0x127   
0x00EC    66 81fb 54435041CMP EBX, 0x41504354   
0x00F3    75 32           JNZ 0x127   
0x00F5    81f9 0201       CMP CX, 0x102   
0x00F9    72 2c           JB 0x127   
0x00FB    66 68 07bb0000  PUSH 0xbb07   
0x0101    66 68 00020000  PUSH 0x200   
0x0107    66 68 08000000  PUSH 0x8   
0x010D    66 53           PUSH EBX   
0x010F    66 53           PUSH EBX   
0x0111    66 55           PUSH EBP   
0x0113    66 68 00000000  PUSH 0x0   
0x0119    66 68 007c0000  PUSH 0x7c00   
0x011F    66 61           POPAD   
0x0121    68 0000         PUSH 0x0   
0x0124    07              POP ES   
0x0125    cd 1a           INT 0x1a   
0x0127    5a              POP DX   
0x0128    32f6            XOR DH, DH   
0x012A    ea 007c 0000    JMP FAR 0x0:0x7c00   
0x012F    cd 18           INT 0x18   
0x0131    a0 b707         MOV AL, [0x7b7]   
0x0134    eb 08           JMP 0x13e   
0x0136    a0 b607         MOV AL, [0x7b6]   
0x0139    eb 03           JMP 0x13e   
0x013B    a0 b507         MOV AL, [0x7b5]   
0x013E    32e4            XOR AH, AH   
0x0140    05 0007         ADD AX, 0x700   
0x0143    8bf0            MOV SI, AX   
0x0145    ac              LODSB   
0x0146    3c 00           CMP AL, 0x0   
0x0148    74 09           JZ 0x153   
0x014A    bb 0700         MOV BX, 0x7   
0x014D    b4 0e           MOV AH, 0xe   
0x014F    cd 10           INT 0x10   
0x0151    eb f2           JMP 0x145   
0x0153    f4              HLT   
0x0154    eb fd           JMP 0x153   
0x0156    2bc9            SUB CX, CX   
0x0158    e4 64           IN AL, 0x64   
0x015A    eb 00           JMP 0x15c   
0x015C    24 02           AND AL, 0x2   
0x015E    e0 f8           LOOPNZ 0x158   
0x0160    24 02           AND AL, 0x2   
0x0162    c3              RET   
0x0163    49              DEC CX   
0x0164    6e              OUTSB   
0x0165    76 61           JBE 0x1c8   
0x0167    6c              INSB   
0x0168    6964 20 7061    IMUL SP, [SI+0x20], 0x6170   
0x016D    72 74           JB 0x1e3   
0x016F    6974 69 6f6e    IMUL SI, [SI+0x69], 0x6e6f   
0x0174    2074 61         AND [SI+0x61], DH   
0x0177    626c 65         BOUND BP, [SI+0x65]   
0x017A    0045 72         ADD [DI+0x72], AL   
0x017D    72 6f           JB 0x1ee   
0x017F    72 20           JB 0x1a1   
0x0181    6c              INSB   
0x0182    6f              OUTSW   
0x0183    61              POPA   
0x0184    64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20   
0x018A    70 65           JO 0x1f1   
0x018C    72 61           JB 0x1ef   
0x018E    74 69           JZ 0x1f9   
0x0190    6e              OUTSB   
0x0191    67 2073 79      AND [EBX+0x79], DH   
0x0195    73 74           JAE 0x20b   
0x0197    65 6d           INS WORD GS:[DI], DX   
0x0199    004d 69         ADD [DI+0x69], CL   
0x019C    73 73           JAE 0x211   
0x019E    696e 67 206f    IMUL BP, [BP+0x67], 0x6f20   
0x01A3    70 65           JO 0x20a   
0x01A5    72 61           JB 0x208   
0x01A7    74 69           JZ 0x212   
0x01A9    6e              OUTSB   
0x01AA    67 2073 79      AND [EBX+0x79], DH   
0x01AE    73 74           JAE 0x224   
0x01B0    65 6d           INS WORD GS:[DI], DX   
0x01B2    0000            ADD [BX+SI], AL   
0x01B4    0063 7b         ADD [BP+DI+0x7b], AH   
0x01B7    9a 5919 fcd1    CALL FAR 0xd1fc:0x1959   
0x01BC    0000            ADD [BX+SI], AL   
0x01BE    0020            ADD [BX+SI], AH   
0x01C0    2100            AND [BX+SI], AX   
0x01C2    07              POP ES   
0x01C3    fe              DB 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff00            INC WORD [BX+SI]   
0x01C7    0800            OR [BX+SI], AL   
0x01C9    0000            ADD [BX+SI], AL   
0x01CB    60              PUSHA   
0x01CC    d803            FADD DWORD [BP+DI]   
0x01CE    00fe            ADD DH, BH   
0x01D0    ff              DB 0xff   
0x01D1    ff07            INC WORD [BX]   
0x01D3    fe              DB 0xfe   
0x01D4    ff              DB 0xff   
0x01D5    ff00            INC WORD [BX+SI]   
0x01D7    68 d803         PUSH 0x3d8   
0x01DA    00f0            ADD AL, DH   
0x01DC    97              XCHG DI, AX   
0x01DD    70 00           JO 0x1df   
0x01DF    0000            ADD [BX+SI], AL   
0x01E1    0000            ADD [BX+SI], AL   
0x01E3    0000            ADD [BX+SI], AL   
0x01E5    0000            ADD [BX+SI], AL   
0x01E7    0000            ADD [BX+SI], AL   
0x01E9    0000            ADD [BX+SI], AL   
0x01EB    0000            ADD [BX+SI], AL   
0x01ED    0000            ADD [BX+SI], AL   
0x01EF    0000            ADD [BX+SI], AL   
0x01F1    0000            ADD [BX+SI], AL   
0x01F3    0000            ADD [BX+SI], AL   
0x01F5    0000            ADD [BX+SI], AL   
0x01F7    0000            ADD [BX+SI], AL   
0x01F9    0000            ADD [BX+SI], AL   
0x01FB    0000            ADD [BX+SI], AL   
0x01FD    0055 aa         ADD [DI-0x56], DL   


_______MBR   \Device\Harddisk3\DR3  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 04 FE 04 FE 00 00 80 20   em...c{..þ.þ... 
0x000001C0   21 00 07 FE FF FF 00 08 00 00 00 E8 50 09 00 00   !..þ.......èP...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    33c0            XOR AX, AX   
0x0002    8ed0            MOV SS, AX   
0x0004    bc 007c         MOV SP, 0x7c00   
0x0007    8ec0            MOV ES, AX   
0x0009    8ed8            MOV DS, AX   
0x000B    be 007c         MOV SI, 0x7c00   
0x000E    bf 0006         MOV DI, 0x600   
0x0011    b9 0002         MOV CX, 0x200   
0x0014    fc              CLD   
0x0015    f3 a4           REP MOVSB   
0x0017    50              PUSH AX   
0x0018    68 1c06         PUSH 0x61c   
0x001B    cb              RETF   
0x001C    fb              STI   
0x001D    b9 0400         MOV CX, 0x4   
0x0020    bd be07         MOV BP, 0x7be   
0x0023    807e 00 00      CMP BYTE [BP+0x0], 0x0   
0x0027    7c 0b           JL 0x34   
0x0029    0f85 0e01       JNZ 0x13b   
0x002D    83c5 10         ADD BP, 0x10   
0x0030    e2 f1           LOOP 0x23   
0x0032    cd 18           INT 0x18   
0x0034    8856 00         MOV [BP+0x0], DL   
0x0037    55              PUSH BP   
0x0038    c646 11 05      MOV BYTE [BP+0x11], 0x5   
0x003C    c646 10 00      MOV BYTE [BP+0x10], 0x0   
0x0040    b4 41           MOV AH, 0x41   
0x0042    bb aa55         MOV BX, 0x55aa   
0x0045    cd 13           INT 0x13   
0x0047    5d              POP BP   
0x0048    72 0f           JB 0x59   
0x004A    81fb 55aa       CMP BX, 0xaa55   
0x004E    75 09           JNZ 0x59   
0x0050    f7c1 0100       TEST CX, 0x1   
0x0054    74 03           JZ 0x59   
0x0056    fe46 10         INC BYTE [BP+0x10]   
0x0059    66 60           PUSHAD   
0x005B    807e 10 00      CMP BYTE [BP+0x10], 0x0   
0x005F    74 26           JZ 0x87   
0x0061    66 68 00000000  PUSH 0x0   
0x0067    66 ff76 08      PUSH DWORD [BP+0x8]   
0x006B    68 0000         PUSH 0x0   
0x006E    68 007c         PUSH 0x7c00   
0x0071    68 0100         PUSH 0x1   
0x0074    68 1000         PUSH 0x10   
0x0077    b4 42           MOV AH, 0x42   
0x0079    8a56 00         MOV DL, [BP+0x0]   
0x007C    8bf4            MOV SI, SP   
0x007E    cd 13           INT 0x13   
0x0080    9f              LAHF   
0x0081    83c4 10         ADD SP, 0x10   
0x0084    9e              SAHF   
0x0085    eb 14           JMP 0x9b   
0x0087    b8 0102         MOV AX, 0x201   
0x008A    bb 007c         MOV BX, 0x7c00   
0x008D    8a56 00         MOV DL, [BP+0x0]   
0x0090    8a76 01         MOV DH, [BP+0x1]   
0x0093    8a4e 02         MOV CL, [BP+0x2]   
0x0096    8a6e 03         MOV CH, [BP+0x3]   
0x0099    cd 13           INT 0x13   
0x009B    66 61           POPAD   
0x009D    73 1c           JAE 0xbb   
0x009F    fe4e 11         DEC BYTE [BP+0x11]   
0x00A2    75 0c           JNZ 0xb0   
0x00A4    807e 00 80      CMP BYTE [BP+0x0], 0x80   
0x00A8    0f84 8a00       JZ 0x136   
0x00AC    b2 80           MOV DL, 0x80   
0x00AE    eb 84           JMP 0x34   
0x00B0    55              PUSH BP   
0x00B1    32e4            XOR AH, AH   
0x00B3    8a56 00         MOV DL, [BP+0x0]   
0x00B6    cd 13           INT 0x13   
0x00B8    5d              POP BP   
0x00B9    eb 9e           JMP 0x59   
0x00BB    813e fe7d 55aa  CMP WORD [0x7dfe], 0xaa55   
0x00C1    75 6e           JNZ 0x131   
0x00C3    ff76 00         PUSH WORD [BP+0x0]   
0x00C6    e8 8d00         CALL 0x156   
0x00C9    75 17           JNZ 0xe2   
0x00CB    fa              CLI   
0x00CC    b0 d1           MOV AL, 0xd1   
0x00CE    e6 64           OUT 0x64, AL   
0x00D0    e8 8300         CALL 0x156   
0x00D3    b0 df           MOV AL, 0xdf   
0x00D5    e6 60           OUT 0x60, AL   
0x00D7    e8 7c00         CALL 0x156   
0x00DA    b0 ff           MOV AL, 0xff   
0x00DC    e6 64           OUT 0x64, AL   
0x00DE    e8 7500         CALL 0x156   
0x00E1    fb              STI   
0x00E2    b8 00bb         MOV AX, 0xbb00   
0x00E5    cd 1a           INT 0x1a   
0x00E7    66 23c0         AND EAX, EAX   
0x00EA    75 3b           JNZ 0x127   
0x00EC    66 81fb 54435041CMP EBX, 0x41504354   
0x00F3    75 32           JNZ 0x127   
0x00F5    81f9 0201       CMP CX, 0x102   
0x00F9    72 2c           JB 0x127   
0x00FB    66 68 07bb0000  PUSH 0xbb07   
0x0101    66 68 00020000  PUSH 0x200   
0x0107    66 68 08000000  PUSH 0x8   
0x010D    66 53           PUSH EBX   
0x010F    66 53           PUSH EBX   
0x0111    66 55           PUSH EBP   
0x0113    66 68 00000000  PUSH 0x0   
0x0119    66 68 007c0000  PUSH 0x7c00   
0x011F    66 61           POPAD   
0x0121    68 0000         PUSH 0x0   
0x0124    07              POP ES   
0x0125    cd 1a           INT 0x1a   
0x0127    5a              POP DX   
0x0128    32f6            XOR DH, DH   
0x012A    ea 007c 0000    JMP FAR 0x0:0x7c00   
0x012F    cd 18           INT 0x18   
0x0131    a0 b707         MOV AL, [0x7b7]   
0x0134    eb 08           JMP 0x13e   
0x0136    a0 b607         MOV AL, [0x7b6]   
0x0139    eb 03           JMP 0x13e   
0x013B    a0 b507         MOV AL, [0x7b5]   
0x013E    32e4            XOR AH, AH   
0x0140    05 0007         ADD AX, 0x700   
0x0143    8bf0            MOV SI, AX   
0x0145    ac              LODSB   
0x0146    3c 00           CMP AL, 0x0   
0x0148    74 09           JZ 0x153   
0x014A    bb 0700         MOV BX, 0x7   
0x014D    b4 0e           MOV AH, 0xe   
0x014F    cd 10           INT 0x10   
0x0151    eb f2           JMP 0x145   
0x0153    f4              HLT   
0x0154    eb fd           JMP 0x153   
0x0156    2bc9            SUB CX, CX   
0x0158    e4 64           IN AL, 0x64   
0x015A    eb 00           JMP 0x15c   
0x015C    24 02           AND AL, 0x2   
0x015E    e0 f8           LOOPNZ 0x158   
0x0160    24 02           AND AL, 0x2   
0x0162    c3              RET   
0x0163    49              DEC CX   
0x0164    6e              OUTSB   
0x0165    76 61           JBE 0x1c8   
0x0167    6c              INSB   
0x0168    6964 20 7061    IMUL SP, [SI+0x20], 0x6170   
0x016D    72 74           JB 0x1e3   
0x016F    6974 69 6f6e    IMUL SI, [SI+0x69], 0x6e6f   
0x0174    2074 61         AND [SI+0x61], DH   
0x0177    626c 65         BOUND BP, [SI+0x65]   
0x017A    0045 72         ADD [DI+0x72], AL   
0x017D    72 6f           JB 0x1ee   
0x017F    72 20           JB 0x1a1   
0x0181    6c              INSB   
0x0182    6f              OUTSW   
0x0183    61              POPA   
0x0184    64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20   
0x018A    70 65           JO 0x1f1   
0x018C    72 61           JB 0x1ef   
0x018E    74 69           JZ 0x1f9   
0x0190    6e              OUTSB   
0x0191    67 2073 79      AND [EBX+0x79], DH   
0x0195    73 74           JAE 0x20b   
0x0197    65 6d           INS WORD GS:[DI], DX   
0x0199    004d 69         ADD [DI+0x69], CL   
0x019C    73 73           JAE 0x211   
0x019E    696e 67 206f    IMUL BP, [BP+0x67], 0x6f20   
0x01A3    70 65           JO 0x20a   
0x01A5    72 61           JB 0x208   
0x01A7    74 69           JZ 0x212   
0x01A9    6e              OUTSB   
0x01AA    67 2073 79      AND [EBX+0x79], DH   
0x01AE    73 74           JAE 0x224   
0x01B0    65 6d           INS WORD GS:[DI], DX   
0x01B2    0000            ADD [BX+SI], AL   
0x01B4    0063 7b         ADD [BP+DI+0x7b], AH   
0x01B7    9a 04fe 04fe    CALL FAR 0xfe04:0xfe04   
0x01BC    0000            ADD [BX+SI], AL   
0x01BE    8020 21         AND BYTE [BX+SI], 0x21   
0x01C1    0007            ADD [BX], AL   
0x01C3    fe              DB 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff00            INC WORD [BX+SI]   
0x01C7    0800            OR [BX+SI], AL   
0x01C9    0000            ADD [BX+SI], AL   
0x01CB    e8 5009         CALL 0xb1e   
0x01CE    0000            ADD [BX+SI], AL   
0x01D0    0000            ADD [BX+SI], AL   
0x01D2    0000            ADD [BX+SI], AL   
0x01D4    0000            ADD [BX+SI], AL   
0x01D6    0000            ADD [BX+SI], AL   
0x01D8    0000            ADD [BX+SI], AL   
0x01DA    0000            ADD [BX+SI], AL   
0x01DC    0000            ADD [BX+SI], AL   
0x01DE    0000            ADD [BX+SI], AL   
0x01E0    0000            ADD [BX+SI], AL   
0x01E2    0000            ADD [BX+SI], AL   
0x01E4    0000            ADD [BX+SI], AL   
0x01E6    0000            ADD [BX+SI], AL   
0x01E8    0000            ADD [BX+SI], AL   
0x01EA    0000            ADD [BX+SI], AL   
0x01EC    0000            ADD [BX+SI], AL   
0x01EE    0000            ADD [BX+SI], AL   
0x01F0    0000            ADD [BX+SI], AL   
0x01F2    0000            ADD [BX+SI], AL   
0x01F4    0000            ADD [BX+SI], AL   
0x01F6    0000            ADD [BX+SI], AL   
0x01F8    0000            ADD [BX+SI], AL   
0x01FA    0000            ADD [BX+SI], AL   
0x01FC    0000            ADD [BX+SI], AL   
0x01FE    55              PUSH BP   
0x01FF    aa              STOSB

Zick01 · #3 Příspěvek od **Zick01** » 12 kvě 2012 13:34

-------------------------------------------------------------------------------------------------------------------

14:20:37.0088 1256 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
14:20:37.0187 1256 ============================================================
14:20:37.0187 1256 Current date / time: 2012/05/12 14:20:37.0187
14:20:37.0187 1256 SystemInfo:
14:20:37.0187 1256
14:20:37.0187 1256 OS Version: 6.1.7601 ServicePack: 1.0
14:20:37.0187 1256 Product type: Workstation
14:20:37.0187 1256 ComputerName: ZICK01
14:20:37.0187 1256 UserName: Zick
14:20:37.0187 1256 Windows directory: C:\Windows
14:20:37.0187 1256 System windows directory: C:\Windows
14:20:37.0187 1256 Running under WOW64
14:20:37.0187 1256 Processor architecture: Intel x64
14:20:37.0187 1256 Number of processors: 4
14:20:37.0187 1256 Page size: 0x1000
14:20:37.0187 1256 Boot type: Normal boot
14:20:37.0187 1256 ============================================================
14:20:38.0382 1256 Drive \Device\Harddisk3\DR3 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
14:20:38.0382 1256 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:20:38.0382 1256 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:20:38.0386 1256 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:20:38.0393 1256 ============================================================
14:20:38.0393 1256 \Device\Harddisk3\DR3:
14:20:38.0394 1256 MBR partitions:
14:20:38.0394 1256 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
14:20:38.0394 1256 \Device\Harddisk0\DR0:
14:20:38.0394 1256 MBR partitions:
14:20:38.0394 1256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4000
14:20:38.0394 1256 \Device\Harddisk1\DR1:
14:20:38.0394 1256 MBR partitions:
14:20:38.0394 1256 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
14:20:38.0394 1256 \Device\Harddisk2\DR2:
14:20:38.0394 1256 MBR partitions:
14:20:38.0394 1256 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3D86000
14:20:38.0394 1256 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3D86800, BlocksNum 0x7097F000
14:20:38.0394 1256 ============================================================
14:20:38.0417 1256 C: <-> \Device\Harddisk2\DR2\Partition0
14:20:38.0441 1256 H: <-> \Device\Harddisk3\DR3\Partition0
14:20:38.0458 1256 E: <-> \Device\Harddisk1\DR1\Partition0
14:20:38.0519 1256 D: <-> \Device\Harddisk2\DR2\Partition1
14:20:38.0533 1256 G: <-> \Device\Harddisk0\DR0\Partition0
14:20:38.0533 1256 ============================================================
14:20:38.0533 1256 Initialize success
14:20:38.0533 1256 ============================================================
14:21:02.0991 2152 ============================================================
14:21:02.0991 2152 Scan started
14:21:02.0991 2152 Mode: Manual; SigCheck; TDLFS;
14:21:02.0991 2152 ============================================================
14:21:03.0770 2152 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:21:03.0827 2152 1394ohci - ok
14:21:03.0877 2152 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:21:03.0896 2152 ACPI - ok
14:21:03.0921 2152 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:21:03.0955 2152 AcpiPmi - ok
14:21:04.0041 2152 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:21:04.0052 2152 AdobeARMservice - ok
14:21:04.0165 2152 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:21:04.0180 2152 AdobeFlashPlayerUpdateSvc - ok
14:21:04.0219 2152 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:21:04.0277 2152 adp94xx - ok
14:21:04.0292 2152 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:21:04.0346 2152 adpahci - ok
14:21:04.0355 2152 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:21:04.0373 2152 adpu320 - ok
14:21:04.0394 2152 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:21:04.0433 2152 AeLookupSvc - ok
14:21:04.0498 2152 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:21:04.0519 2152 AFD - ok
14:21:04.0545 2152 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:21:04.0558 2152 agp440 - ok
14:21:04.0573 2152 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:21:04.0589 2152 ALG - ok
14:21:04.0602 2152 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:21:04.0632 2152 aliide - ok
14:21:04.0645 2152 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:21:04.0675 2152 amdide - ok
14:21:04.0684 2152 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:21:04.0716 2152 AmdK8 - ok
14:21:04.0721 2152 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:21:04.0754 2152 AmdPPM - ok
14:21:04.0774 2152 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:21:04.0822 2152 amdsata - ok
14:21:04.0838 2152 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:21:04.0872 2152 amdsbs - ok
14:21:04.0884 2152 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:21:04.0897 2152 amdxata - ok
14:21:04.0949 2152 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
14:21:04.0992 2152 androidusb - ok
14:21:05.0024 2152 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:21:05.0061 2152 AppID - ok
14:21:05.0075 2152 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:21:05.0113 2152 AppIDSvc - ok
14:21:05.0130 2152 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:21:05.0167 2152 Appinfo - ok
14:21:05.0202 2152 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:21:05.0219 2152 AppMgmt - ok
14:21:05.0231 2152 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:21:05.0263 2152 arc - ok
14:21:05.0270 2152 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:21:05.0286 2152 arcsas - ok
14:21:05.0294 2152 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:21:05.0332 2152 AsyncMac - ok
14:21:05.0345 2152 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:21:05.0357 2152 atapi - ok
14:21:05.0410 2152 Ati External Event Utility (ca4a0176fa380efd45de9d0acb9e1f86) C:\Windows\system32\Ati2evxx.exe
14:21:05.0447 2152 Ati External Event Utility - ok
14:21:05.0609 2152 atikmdag (aeae4abe6419923c037a0b2a157e1fc6) C:\Windows\system32\DRIVERS\atikmdag.sys
14:21:05.0725 2152 atikmdag - ok
14:21:05.0850 2152 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:21:05.0897 2152 AudioEndpointBuilder - ok
14:21:05.0904 2152 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:21:05.0949 2152 AudioSrv - ok
14:21:05.0979 2152 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:21:06.0028 2152 AxInstSV - ok
14:21:06.0094 2152 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:21:06.0133 2152 b06bdrv - ok
14:21:06.0167 2152 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:21:06.0204 2152 b57nd60a - ok
14:21:06.0230 2152 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:21:06.0245 2152 BDESVC - ok
14:21:06.0264 2152 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:21:06.0301 2152 Beep - ok
14:21:06.0352 2152 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:21:06.0398 2152 BFE - ok
14:21:06.0434 2152 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:21:06.0480 2152 BITS - ok
14:21:06.0499 2152 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:21:06.0531 2152 blbdrive - ok
14:21:06.0568 2152 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:21:06.0581 2152 bowser - ok
14:21:06.0585 2152 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:21:06.0604 2152 BrFiltLo - ok
14:21:06.0608 2152 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:21:06.0626 2152 BrFiltUp - ok
14:21:06.0651 2152 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:21:06.0689 2152 Browser - ok
14:21:06.0701 2152 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:21:06.0743 2152 Brserid - ok
14:21:06.0748 2152 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:21:06.0783 2152 BrSerWdm - ok
14:21:06.0787 2152 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:21:06.0821 2152 BrUsbMdm - ok
14:21:06.0825 2152 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:21:06.0841 2152 BrUsbSer - ok
14:21:06.0846 2152 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:21:06.0881 2152 BTHMODEM - ok
14:21:06.0896 2152 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:21:06.0936 2152 bthserv - ok
14:21:06.0951 2152 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:21:06.0990 2152 cdfs - ok
14:21:07.0038 2152 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:21:07.0054 2152 cdrom - ok
14:21:07.0089 2152 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:21:07.0126 2152 CertPropSvc - ok
14:21:07.0149 2152 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:21:07.0168 2152 circlass - ok
14:21:07.0202 2152 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:21:07.0221 2152 CLFS - ok
14:21:07.0278 2152 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:21:07.0290 2152 clr_optimization_v2.0.50727_32 - ok
14:21:07.0357 2152 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:21:07.0370 2152 clr_optimization_v2.0.50727_64 - ok
14:21:07.0422 2152 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:21:07.0436 2152 clr_optimization_v4.0.30319_32 - ok
14:21:07.0491 2152 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:21:07.0504 2152 clr_optimization_v4.0.30319_64 - ok
14:21:07.0514 2152 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:21:07.0542 2152 CmBatt - ok
14:21:07.0556 2152 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:21:07.0586 2152 cmdide - ok
14:21:07.0621 2152 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:21:07.0649 2152 CNG - ok
14:21:07.0662 2152 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:21:07.0691 2152 Compbatt - ok
14:21:07.0723 2152 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:21:07.0740 2152 CompositeBus - ok
14:21:07.0751 2152 COMSysApp - ok
14:21:07.0757 2152 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:21:07.0772 2152 crcdisk - ok
14:21:07.0813 2152 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:21:07.0852 2152 CryptSvc - ok
14:21:07.0896 2152 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:21:07.0915 2152 CSC - ok
14:21:07.0956 2152 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:21:07.0980 2152 CscService - ok
14:21:08.0122 2152 DAUpdaterSvc (80861969541971176e005d2c09dae851) D:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
14:21:08.0132 2152 DAUpdaterSvc - ok
14:21:08.0171 2152 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:21:08.0213 2152 DcomLaunch - ok
14:21:08.0253 2152 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:21:08.0320 2152 defragsvc - ok
14:21:08.0374 2152 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:21:08.0427 2152 DfsC - ok
14:21:08.0460 2152 dgderdrv (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
14:21:08.0471 2152 dgderdrv - ok
14:21:08.0498 2152 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:21:08.0538 2152 Dhcp - ok
14:21:08.0558 2152 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:21:08.0596 2152 discache - ok
14:21:08.0649 2152 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:21:08.0663 2152 Disk - ok
14:21:08.0683 2152 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:21:08.0699 2152 Dnscache - ok
14:21:08.0732 2152 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:21:08.0773 2152 dot3svc - ok
14:21:08.0798 2152 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:21:08.0837 2152 DPS - ok
14:21:08.0865 2152 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:21:08.0882 2152 drmkaud - ok
14:21:08.0933 2152 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:21:08.0960 2152 DXGKrnl - ok
14:21:09.0015 2152 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
14:21:09.0028 2152 eamonm - ok
14:21:09.0050 2152 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:21:09.0090 2152 EapHost - ok
14:21:09.0186 2152 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:21:09.0270 2152 ebdrv - ok
14:21:09.0359 2152 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:21:09.0375 2152 EFS - ok
14:21:09.0438 2152 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
14:21:09.0468 2152 ehdrv - ok
14:21:09.0652 2152 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
14:21:09.0681 2152 ekrn - ok
14:21:09.0714 2152 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:21:09.0740 2152 elxstor - ok
14:21:09.0786 2152 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys
14:21:09.0801 2152 epfw - ok
14:21:09.0833 2152 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys
14:21:09.0878 2152 EpfwLWF - ok
14:21:09.0887 2152 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys
14:21:09.0898 2152 epfwwfp - ok
14:21:09.0915 2152 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:21:09.0930 2152 ErrDev - ok
14:21:09.0968 2152 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:21:10.0012 2152 EventSystem - ok
14:21:10.0032 2152 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:21:10.0073 2152 exfat - ok
14:21:10.0093 2152 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:21:10.0132 2152 fastfat - ok
14:21:10.0182 2152 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:21:10.0206 2152 Fax - ok
14:21:10.0221 2152 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:21:10.0236 2152 fdc - ok
14:21:10.0250 2152 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:21:10.0288 2152 fdPHost - ok
14:21:10.0299 2152 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:21:10.0337 2152 FDResPub - ok
14:21:10.0348 2152 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:21:10.0362 2152 FileInfo - ok
14:21:10.0373 2152 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:21:10.0411 2152 Filetrace - ok
14:21:10.0424 2152 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:21:10.0438 2152 flpydisk - ok
14:21:10.0467 2152 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:21:10.0484 2152 FltMgr - ok
14:21:10.0558 2152 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:21:10.0590 2152 FontCache - ok
14:21:10.0686 2152 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:21:10.0697 2152 FontCache3.0.0.0 - ok
14:21:10.0717 2152 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:21:10.0731 2152 FsDepends - ok
14:21:10.0751 2152 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:21:10.0764 2152 Fs_Rec - ok
14:21:10.0791 2152 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:21:10.0812 2152 fvevol - ok
14:21:10.0840 2152 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:21:10.0903 2152 gagp30kx - ok
14:21:10.0947 2152 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:21:10.0995 2152 gpsvc - ok
14:21:11.0060 2152 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:21:11.0074 2152 gusvc - ok
14:21:11.0079 2152 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:21:11.0107 2152 hcw85cir - ok
14:21:11.0146 2152 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:21:11.0169 2152 HdAudAddService - ok
14:21:11.0189 2152 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:21:11.0207 2152 HDAudBus - ok
14:21:11.0211 2152 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:21:11.0259 2152 HidBatt - ok
14:21:11.0269 2152 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:21:11.0305 2152 HidBth - ok
14:21:11.0310 2152 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:21:11.0361 2152 HidIr - ok
14:21:11.0373 2152 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:21:11.0411 2152 hidserv - ok
14:21:11.0443 2152 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:21:11.0458 2152 HidUsb - ok
14:21:11.0502 2152 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:21:11.0540 2152 hkmsvc - ok
14:21:11.0566 2152 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:21:11.0584 2152 HomeGroupListener - ok
14:21:11.0612 2152 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:21:11.0628 2152 HomeGroupProvider - ok
14:21:11.0648 2152 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:21:11.0664 2152 HpSAMD - ok
14:21:11.0739 2152 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:21:11.0783 2152 HTTP - ok
14:21:11.0806 2152 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:21:11.0852 2152 hwpolicy - ok
14:21:11.0882 2152 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:21:11.0898 2152 i8042prt - ok
14:21:11.0933 2152 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:21:11.0972 2152 iaStorV - ok
14:21:12.0058 2152 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:21:12.0086 2152 idsvc - ok
14:21:12.0109 2152 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:21:12.0124 2152 iirsp - ok
14:21:12.0157 2152 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:21:12.0206 2152 IKEEXT - ok
14:21:12.0300 2152 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
14:21:12.0377 2152 IntcAzAudAddService - ok
14:21:12.0446 2152 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:21:12.0460 2152 intelide - ok
14:21:12.0502 2152 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:21:12.0516 2152 intelppm - ok
14:21:12.0538 2152 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:21:12.0577 2152 IPBusEnum - ok
14:21:12.0614 2152 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:21:12.0651 2152 IpFilterDriver - ok
14:21:12.0681 2152 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:21:12.0726 2152 iphlpsvc - ok
14:21:12.0743 2152 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:21:12.0759 2152 IPMIDRV - ok
14:21:12.0766 2152 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:21:12.0806 2152 IPNAT - ok
14:21:12.0826 2152 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:21:12.0845 2152 IRENUM - ok
14:21:12.0869 2152 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:21:12.0883 2152 isapnp - ok
14:21:12.0915 2152 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:21:12.0933 2152 iScsiPrt - ok
14:21:13.0008 2152 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
14:21:13.0021 2152 ISODrive - ok
14:21:13.0036 2152 JRAID (86cfef6dc6de51aab0c10384fe98f48f) C:\Windows\system32\DRIVERS\jraid.sys
14:21:13.0048 2152 JRAID - ok
14:21:13.0072 2152 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:21:13.0086 2152 kbdclass - ok
14:21:13.0108 2152 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:21:13.0122 2152 kbdhid - ok
14:21:13.0143 2152 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:13.0157 2152 KeyIso - ok
14:21:13.0175 2152 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:21:13.0189 2152 KSecDD - ok
14:21:13.0201 2152 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:21:13.0219 2152 KSecPkg - ok
14:21:13.0236 2152 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:21:13.0274 2152 ksthunk - ok
14:21:13.0304 2152 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:21:13.0348 2152 KtmRm - ok
14:21:13.0410 2152 kxwdmdrv (807043dbc7ece990cb5b37a2c4cbe24f) C:\Windows\system32\drivers\kx.sys
14:21:13.0442 2152 kxwdmdrv - ok
14:21:13.0482 2152 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:21:13.0521 2152 LanmanServer - ok
14:21:13.0541 2152 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:21:13.0581 2152 LanmanWorkstation - ok
14:21:13.0618 2152 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:21:13.0658 2152 lltdio - ok
14:21:13.0690 2152 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:21:13.0733 2152 lltdsvc - ok
14:21:13.0751 2152 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:21:13.0791 2152 lmhosts - ok
14:21:13.0814 2152 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:21:13.0847 2152 LSI_FC - ok
14:21:13.0854 2152 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:21:13.0887 2152 LSI_SAS - ok
14:21:13.0892 2152 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:21:13.0925 2152 LSI_SAS2 - ok
14:21:13.0931 2152 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:21:13.0965 2152 LSI_SCSI - ok
14:21:13.0999 2152 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:21:14.0038 2152 luafv - ok
14:21:14.0083 2152 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
14:21:14.0102 2152 MarvinBus - ok
14:21:14.0106 2152 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:21:14.0153 2152 megasas - ok
14:21:14.0165 2152 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:21:14.0204 2152 MegaSR - ok
14:21:14.0220 2152 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:21:14.0260 2152 MMCSS - ok
14:21:14.0264 2152 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:21:14.0302 2152 Modem - ok
14:21:14.0321 2152 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:21:14.0338 2152 monitor - ok
14:21:14.0357 2152 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:21:14.0370 2152 mouclass - ok
14:21:14.0386 2152 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:21:14.0401 2152 mouhid - ok
14:21:14.0424 2152 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:21:14.0439 2152 mountmgr - ok
14:21:14.0520 2152 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:21:14.0534 2152 MozillaMaintenance - ok
14:21:14.0563 2152 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:21:14.0579 2152 mpio - ok
14:21:14.0625 2152 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:21:14.0663 2152 mpsdrv - ok
14:21:14.0707 2152 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:21:14.0757 2152 MpsSvc - ok
14:21:14.0779 2152 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:21:14.0800 2152 MRxDAV - ok
14:21:14.0822 2152 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:21:14.0836 2152 mrxsmb - ok
14:21:14.0855 2152 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:21:14.0871 2152 mrxsmb10 - ok
14:21:14.0888 2152 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:21:14.0902 2152 mrxsmb20 - ok
14:21:14.0929 2152 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:21:14.0960 2152 msahci - ok
14:21:14.0986 2152 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:21:15.0002 2152 msdsm - ok
14:21:15.0026 2152 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:21:15.0044 2152 MSDTC - ok
14:21:15.0059 2152 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:21:15.0097 2152 Msfs - ok
14:21:15.0106 2152 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:21:15.0143 2152 mshidkmdf - ok
14:21:15.0159 2152 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:21:15.0172 2152 msisadrv - ok
14:21:15.0205 2152 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:21:15.0246 2152 MSiSCSI - ok
14:21:15.0250 2152 msiserver - ok
14:21:15.0272 2152 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:21:15.0309 2152 MSKSSRV - ok
14:21:15.0312 2152 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:21:15.0350 2152 MSPCLOCK - ok
14:21:15.0365 2152 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:21:15.0403 2152 MSPQM - ok
14:21:15.0439 2152 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:21:15.0459 2152 MsRPC - ok
14:21:15.0483 2152 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:21:15.0495 2152 mssmbios - ok
14:21:15.0510 2152 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:21:15.0546 2152 MSTEE - ok
14:21:15.0560 2152 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:21:15.0575 2152 MTConfig - ok
14:21:15.0591 2152 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:21:15.0605 2152 Mup - ok
14:21:15.0636 2152 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:21:15.0678 2152 napagent - ok
14:21:15.0707 2152 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:21:15.0729 2152 NativeWifiP - ok
14:21:15.0778 2152 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:21:15.0808 2152 NDIS - ok
14:21:15.0821 2152 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:21:15.0859 2152 NdisCap - ok
14:21:15.0880 2152 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:21:15.0918 2152 NdisTapi - ok
14:21:15.0939 2152 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:21:15.0975 2152 Ndisuio - ok
14:21:16.0003 2152 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:21:16.0041 2152 NdisWan - ok
14:21:16.0073 2152 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:21:16.0109 2152 NDProxy - ok
14:21:16.0123 2152 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:21:16.0161 2152 NetBIOS - ok
14:21:16.0178 2152 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:21:16.0216 2152 NetBT - ok
14:21:16.0231 2152 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:16.0245 2152 Netlogon - ok
14:21:16.0281 2152 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:21:16.0322 2152 Netman - ok
14:21:16.0345 2152 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:21:16.0387 2152 netprofm - ok
14:21:16.0488 2152 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:21:16.0501 2152 NetTcpPortSharing - ok
14:21:16.0522 2152 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:21:16.0569 2152 nfrd960 - ok
14:21:16.0608 2152 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:21:16.0648 2152 NlaSvc - ok
14:21:16.0661 2152 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:21:16.0699 2152 Npfs - ok
14:21:16.0707 2152 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:21:16.0746 2152 nsi - ok
14:21:16.0766 2152 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:21:16.0803 2152 nsiproxy - ok
14:21:16.0866 2152 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:21:16.0911 2152 Ntfs - ok
14:21:16.0971 2152 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:21:17.0008 2152 Null - ok
14:21:17.0053 2152 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:21:17.0088 2152 nvraid - ok
14:21:17.0105 2152 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:21:17.0155 2152 nvstor - ok
14:21:17.0170 2152 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:21:17.0203 2152 nv_agp - ok
14:21:17.0281 2152 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:21:17.0300 2152 odserv - ok
14:21:17.0325 2152 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:21:17.0340 2152 ohci1394 - ok
14:21:17.0469 2152 OODefragAgent (dac788ebf4bfe5e4fb4077f10e28f849) C:\Program Files\OO Software\Defrag\oodag.exe
14:21:17.0544 2152 OODefragAgent - ok
14:21:17.0564 2152 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:21:17.0577 2152 ose - ok
14:21:17.0684 2152 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:21:17.0702 2152 p2pimsvc - ok
14:21:17.0724 2152 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:21:17.0742 2152 p2psvc - ok
14:21:17.0802 2152 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:21:17.0818 2152 Parport - ok
14:21:17.0846 2152 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:21:17.0860 2152 partmgr - ok
14:21:17.0881 2152 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:21:17.0902 2152 PcaSvc - ok
14:21:17.0931 2152 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:21:17.0947 2152 pci - ok
14:21:17.0954 2152 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:21:17.0967 2152 pciide - ok
14:21:17.0985 2152 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:21:18.0021 2152 pcmcia - ok
14:21:18.0035 2152 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:21:18.0048 2152 pcw - ok
14:21:18.0077 2152 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:21:18.0121 2152 PEAUTH - ok
14:21:18.0175 2152 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:21:18.0204 2152 PeerDistSvc - ok
14:21:18.0247 2152 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:21:18.0263 2152 PerfHost - ok
14:21:18.0342 2152 pfc - ok
14:21:18.0425 2152 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:21:18.0484 2152 pla - ok
14:21:18.0533 2152 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:21:18.0552 2152 PlugPlay - ok
14:21:18.0578 2152 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:21:18.0593 2152 PNRPAutoReg - ok
14:21:18.0619 2152 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:21:18.0637 2152 PNRPsvc - ok
14:21:18.0673 2152 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:21:18.0717 2152 PolicyAgent - ok
14:21:18.0746 2152 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:21:18.0788 2152 Power - ok
14:21:18.0843 2152 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:21:18.0880 2152 PptpMiniport - ok
14:21:18.0905 2152 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:21:18.0937 2152 Processor - ok
14:21:18.0958 2152 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:21:18.0999 2152 ProfSvc - ok
14:21:19.0013 2152 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:19.0027 2152 ProtectedStorage - ok
14:21:19.0062 2152 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:21:19.0100 2152 Psched - ok
14:21:19.0152 2152 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:21:19.0198 2152 ql2300 - ok
14:21:19.0255 2152 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:21:19.0271 2152 ql40xx - ok
14:21:19.0294 2152 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:21:19.0318 2152 QWAVE - ok
14:21:19.0331 2152 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:21:19.0351 2152 QWAVEdrv - ok
14:21:19.0355 2152 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:21:19.0393 2152 RasAcd - ok
14:21:19.0417 2152 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:21:19.0456 2152 RasAgileVpn - ok
14:21:19.0468 2152 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:21:19.0508 2152 RasAuto - ok
14:21:19.0528 2152 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:21:19.0565 2152 Rasl2tp - ok
14:21:19.0594 2152 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:21:19.0638 2152 RasMan - ok
14:21:19.0658 2152 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:21:19.0696 2152 RasPppoe - ok
14:21:19.0706 2152 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:21:19.0744 2152 RasSstp - ok
14:21:19.0777 2152 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:21:19.0816 2152 rdbss - ok
14:21:19.0827 2152 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:21:19.0844 2152 rdpbus - ok
14:21:19.0851 2152 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:21:19.0889 2152 RDPCDD - ok
14:21:19.0918 2152 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:21:19.0934 2152 RDPDR - ok
14:21:19.0943 2152 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:21:19.0981 2152 RDPENCDD - ok
14:21:19.0994 2152 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:21:20.0032 2152 RDPREFMP - ok
14:21:20.0071 2152 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:21:20.0085 2152 RdpVideoMiniport - ok
14:21:20.0112 2152 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:21:20.0129 2152 RDPWD - ok
14:21:20.0162 2152 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:21:20.0178 2152 rdyboost - ok
14:21:20.0203 2152 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:21:20.0243 2152 RemoteAccess - ok
14:21:20.0264 2152 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:21:20.0306 2152 RemoteRegistry - ok
14:21:20.0398 2152 RichVideo (2d84428075ce90f1b8882d54960c7000) C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
14:21:20.0412 2152 RichVideo - ok
14:21:20.0444 2152 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:21:20.0483 2152 RpcEptMapper - ok
14:21:20.0492 2152 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:21:20.0508 2152 RpcLocator - ok
14:21:20.0539 2152 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:21:20.0581 2152 RpcSs - ok
14:21:20.0622 2152 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:21:20.0660 2152 rspndr - ok
14:21:20.0690 2152 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:21:20.0725 2152 RTL8167 - ok
14:21:20.0749 2152 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:21:20.0772 2152 s3cap - ok
14:21:20.0793 2152 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:20.0808 2152 SamSs - ok
14:21:20.0835 2152 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:21:20.0868 2152 sbp2port - ok
14:21:20.0890 2152 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:21:20.0931 2152 SCardSvr - ok
14:21:20.0959 2152 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:21:20.0996 2152 scfilter - ok
14:21:21.0046 2152 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:21:21.0095 2152 Schedule - ok
14:21:21.0250 2152 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:21:21.0287 2152 SCPolicySvc - ok
14:21:21.0361 2152 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:21:21.0379 2152 SDRSVC - ok
14:21:21.0408 2152 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:21:21.0463 2152 secdrv - ok
14:21:21.0484 2152 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:21:21.0523 2152 seclogon - ok
14:21:21.0545 2152 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:21:21.0585 2152 SENS - ok
14:21:21.0601 2152 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:21:21.0617 2152 SensrSvc - ok
14:21:21.0627 2152 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:21:21.0641 2152 Serenum - ok
14:21:21.0660 2152 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:21:21.0675 2152 Serial - ok
14:21:21.0703 2152 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:21:21.0718 2152 sermouse - ok
14:21:21.0744 2152 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:21:21.0784 2152 SessionEnv - ok
14:21:21.0799 2152 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:21:21.0817 2152 sffdisk - ok
14:21:21.0826 2152 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:21:21.0844 2152 sffp_mmc - ok
14:21:21.0857 2152 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:21:21.0874 2152 sffp_sd - ok
14:21:21.0888 2152 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:21:21.0919 2152 sfloppy - ok
14:21:21.0949 2152 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:21:21.0993 2152 SharedAccess - ok
14:21:22.0028 2152 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:21:22.0070 2152 ShellHWDetection - ok
14:21:22.0088 2152 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:21:22.0748 2152 SiSRaid2 - ok
14:21:22.0754 2152 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:21:22.0787 2152 SiSRaid4 - ok
14:21:22.0803 2152 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:21:22.0842 2152 Smb - ok
14:21:22.0873 2152 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:21:22.0890 2152 SNMPTRAP - ok
14:21:22.0905 2152 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:21:22.0918 2152 spldr - ok
14:21:22.0966 2152 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:21:23.0012 2152 Spooler - ok
14:21:23.0129 2152 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:21:23.0205 2152 sppsvc - ok
14:21:23.0266 2152 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:21:23.0305 2152 sppuinotify - ok
14:21:23.0354 2152 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:21:23.0372 2152 srv - ok
14:21:23.0391 2152 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:21:23.0409 2152 srv2 - ok
14:21:23.0424 2152 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:21:23.0440 2152 srvnet - ok
14:21:23.0498 2152 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
14:21:23.0545 2152 ssadbus - ok
14:21:23.0577 2152 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:21:23.0617 2152 ssadmdfl - ok
14:21:23.0642 2152 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
14:21:23.0677 2152 ssadmdm - ok
14:21:23.0710 2152 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
14:21:23.0757 2152 ssadserd - ok
14:21:23.0787 2152 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
14:21:23.0801 2152 sscdbus - ok
14:21:23.0821 2152 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
14:21:23.0832 2152 sscdmdfl - ok
14:21:23.0852 2152 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
14:21:23.0866 2152 sscdmdm - ok
14:21:23.0916 2152 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:21:23.0958 2152 SSDPSRV - ok
14:21:23.0974 2152 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:21:24.0015 2152 SstpSvc - ok
14:21:24.0032 2152 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:21:24.0046 2152 stexstor - ok
14:21:24.0099 2152 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:21:24.0126 2152 stisvc - ok
14:21:24.0154 2152 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:21:24.0167 2152 storflt - ok
14:21:24.0176 2152 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:21:24.0207 2152 storvsc - ok
14:21:24.0223 2152 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:21:24.0255 2152 swenum - ok
14:21:24.0278 2152 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:21:24.0322 2152 swprv - ok
14:21:24.0333 2152 Synth3dVsc - ok
14:21:24.0427 2152 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:21:24.0467 2152 SysMain - ok
14:21:24.0562 2152 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:21:24.0585 2152 TabletInputService - ok
14:21:24.0603 2152 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:21:24.0646 2152 TapiSrv - ok
14:21:24.0669 2152 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:21:24.0709 2152 TBS - ok
14:21:24.0825 2152 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:21:24.0876 2152 Tcpip - ok
14:21:24.0953 2152 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:21:24.0994 2152 TCPIP6 - ok
14:21:25.0040 2152 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:21:25.0076 2152 tcpipreg - ok
14:21:25.0095 2152 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:21:25.0109 2152 TDPIPE - ok
14:21:25.0142 2152 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:21:25.0155 2152 TDTCP - ok
14:21:25.0186 2152 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:21:25.0223 2152 tdx - ok
14:21:25.0450 2152 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:21:25.0522 2152 TeamViewer7 - ok
14:21:25.0564 2152 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:21:25.0578 2152 TermDD - ok
14:21:25.0608 2152 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:21:25.0653 2152 TermService - ok
14:21:25.0707 2152 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
14:21:25.0735 2152 TFsExDisk - ok
14:21:25.0761 2152 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:21:25.0782 2152 Themes - ok
14:21:25.0803 2152 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:21:25.0841 2152 THREADORDER - ok
14:21:25.0873 2152 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:21:25.0913 2152 TrkWks - ok
14:21:25.0950 2152 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:21:25.0989 2152 TrustedInstaller - ok
14:21:26.0049 2152 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:21:26.0086 2152 tssecsrv - ok
14:21:26.0110 2152 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:21:26.0125 2152 TsUsbFlt - ok
14:21:26.0128 2152 tsusbhub - ok
14:21:26.0174 2152 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:21:26.0210 2152 tunnel - ok
14:21:26.0228 2152 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:21:26.0260 2152 uagp35 - ok
14:21:26.0287 2152 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:21:26.0326 2152 udfs - ok
14:21:26.0355 2152 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:21:26.0382 2152 UI0Detect - ok
14:21:26.0405 2152 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:21:26.0723 2152 uliagpkx - ok
14:21:26.0761 2152 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:21:26.0776 2152 umbus - ok
14:21:26.0780 2152 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:21:26.0812 2152 UmPass - ok
14:21:26.0847 2152 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:21:26.0864 2152 UmRdpService - ok
14:21:26.0887 2152 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:21:26.0929 2152 upnphost - ok
14:21:26.0950 2152 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:21:26.0964 2152 usbccgp - ok
14:21:26.0993 2152 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:21:27.0013 2152 usbcir - ok
14:21:27.0030 2152 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:21:27.0044 2152 usbehci - ok
14:21:27.0062 2152 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:21:27.0079 2152 usbhub - ok
14:21:27.0091 2152 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:21:27.0104 2152 usbohci - ok
14:21:27.0141 2152 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:21:27.0174 2152 usbprint - ok
14:21:27.0193 2152 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:21:27.0208 2152 USBSTOR - ok
14:21:27.0223 2152 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:21:27.0236 2152 usbuhci - ok
14:21:27.0255 2152 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:21:27.0295 2152 UxSms - ok
14:21:27.0304 2152 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:27.0318 2152 VaultSvc - ok
14:21:27.0333 2152 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:21:27.0346 2152 vdrvroot - ok
14:21:27.0389 2152 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:21:27.0436 2152 vds - ok
14:21:27.0445 2152 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:21:27.0463 2152 vga - ok
14:21:27.0475 2152 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:21:27.0512 2152 VgaSave - ok
14:21:27.0529 2152 VGPU - ok
14:21:27.0565 2152 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:21:27.0581 2152 vhdmp - ok
14:21:27.0607 2152 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:21:27.0638 2152 viaide - ok
14:21:27.0672 2152 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:21:27.0688 2152 vmbus - ok
14:21:27.0720 2152 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:21:27.0751 2152 VMBusHID - ok
14:21:27.0767 2152 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:21:27.0781 2152 volmgr - ok
14:21:27.0813 2152 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:21:27.0833 2152 volmgrx - ok
14:21:27.0868 2152 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:21:27.0886 2152 volsnap - ok
14:21:27.0917 2152 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:21:27.0952 2152 vsmraid - ok
14:21:28.0021 2152 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:21:28.0084 2152 VSS - ok
14:21:28.0187 2152 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:21:28.0205 2152 vwifibus - ok
14:21:28.0235 2152 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:21:28.0277 2152 W32Time - ok
14:21:28.0285 2152 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:21:28.0301 2152 WacomPen - ok
14:21:28.0329 2152 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:21:28.0365 2152 WANARP - ok
14:21:28.0369 2152 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:21:28.0405 2152 Wanarpv6 - ok
14:21:28.0462 2152 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:21:28.0501 2152 WatAdminSvc - ok
14:21:28.0567 2152 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:21:28.0609 2152 wbengine - ok
14:21:28.0647 2152 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:21:28.0671 2152 WbioSrvc - ok
14:21:28.0702 2152 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:21:28.0728 2152 wcncsvc - ok
14:21:28.0754 2152 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:21:28.0771 2152 WcsPlugInService - ok
14:21:28.0785 2152 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:21:28.0800 2152 Wd - ok
14:21:28.0827 2152 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:21:28.0853 2152 Wdf01000 - ok
14:21:28.0870 2152 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:21:28.0893 2152 WdiServiceHost - ok
14:21:28.0896 2152 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:21:28.0918 2152 WdiSystemHost - ok
14:21:28.0948 2152 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:21:28.0974 2152 WebClient - ok
14:21:28.0991 2152 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:21:29.0034 2152 Wecsvc - ok
14:21:29.0045 2152 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:21:29.0086 2152 wercplsupport - ok
14:21:29.0119 2152 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:21:29.0159 2152 WerSvc - ok
14:21:29.0183 2152 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:21:29.0220 2152 WfpLwf - ok
14:21:29.0224 2152 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:21:29.0238 2152 WIMMount - ok
14:21:29.0262 2152 WinDefend - ok
14:21:29.0269 2152 WinHttpAutoProxySvc - ok
14:21:29.0312 2152 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:21:29.0351 2152 Winmgmt - ok
14:21:29.0420 2152 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:21:29.0490 2152 WinRM - ok
14:21:29.0573 2152 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:21:29.0592 2152 WinUsb - ok
14:21:29.0634 2152 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:21:29.0664 2152 Wlansvc - ok
14:21:29.0691 2152 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:21:29.0706 2152 WmiAcpi - ok
14:21:29.0725 2152 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:21:29.0743 2152 wmiApSrv - ok
14:21:29.0769 2152 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:21:29.0785 2152 WPCSvc - ok
14:21:29.0812 2152 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:21:29.0831 2152 WPDBusEnum - ok
14:21:29.0852 2152 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:21:29.0889 2152 ws2ifsl - ok
14:21:29.0903 2152 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:21:29.0925 2152 wscsvc - ok
14:21:29.0928 2152 WSearch - ok
14:21:30.0017 2152 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:21:30.0082 2152 wuauserv - ok
14:21:30.0125 2152 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:21:30.0161 2152 WudfPf - ok
14:21:30.0191 2152 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:21:30.0229 2152 WUDFRd - ok
14:21:30.0256 2152 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:21:30.0295 2152 wudfsvc - ok
14:21:30.0319 2152 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:21:30.0343 2152 WwanSvc - ok
14:21:30.0458 2152 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (6839fa0c104dbbdd989e2eac27acb761) d:\Program Files (x86)\CyberLink\PowerDVD\000.fcl
14:21:30.0468 2152 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
14:21:30.0471 2152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
14:21:30.0523 2152 \Device\Harddisk3\DR3 - ok
14:21:30.0526 2152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:21:30.0578 2152 \Device\Harddisk0\DR0 - ok
14:21:30.0581 2152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:21:30.0629 2152 \Device\Harddisk1\DR1 - ok
14:21:30.0638 2152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
14:21:30.0692 2152 \Device\Harddisk2\DR2 - ok
14:21:30.0695 2152 Boot (0x1200) (bd9aaf4f1802be509c1b7f84befc479e) \Device\Harddisk3\DR3\Partition0
14:21:30.0696 2152 \Device\Harddisk3\DR3\Partition0 - ok
14:21:30.0699 2152 Boot (0x1200) (f2cc7861d5e3b0c04f66110a5f85abc1) \Device\Harddisk0\DR0\Partition0
14:21:30.0700 2152 \Device\Harddisk0\DR0\Partition0 - ok
14:21:30.0704 2152 Boot (0x1200) (4f9c3d18b66b049a6f801bb2d4ab9ee7) \Device\Harddisk1\DR1\Partition0
14:21:30.0705 2152 \Device\Harddisk1\DR1\Partition0 - ok
14:21:30.0742 2152 Boot (0x1200) (9a00dbebc1859fb3284d6690d678d1b6) \Device\Harddisk2\DR2\Partition0
14:21:30.0743 2152 \Device\Harddisk2\DR2\Partition0 - ok
14:21:30.0753 2152 Boot (0x1200) (ae564be46b71de8db483296f03717ea2) \Device\Harddisk2\DR2\Partition1
14:21:30.0755 2152 \Device\Harddisk2\DR2\Partition1 - ok
14:21:30.0755 2152 ============================================================
14:21:30.0755 2152 Scan finished
14:21:30.0755 2152 ============================================================
14:21:30.0767 4104 Detected object count: 0
14:21:30.0768 4104 Actual detected object count: 0
14:21:54.0122 4080 Deinitialize success

---------------------------------------------------------------------

výpis z esetu:
D:\lanka\Anno.2070-RELOADED\rld-an27.iso » ISO » SOLIDCOR.DLL - varianta infiltrace Win32/Kryptik.FM trojský kůň
E:\Softwary\Registry Easy v5.1 CZ\RegistryEasy51cz.exe » RAR » RE.exe - pravděpodobně varianta infiltrace Win32/Adware.RegistryEasy aplikace

Zick01 · #4 Příspěvek od **Zick01** » 12 kvě 2012 13:39

Jo a ten power tool se mi ukázal jako kostičky

Zick01 · #5 Příspěvek od **Zick01** » 13 kvě 2012 12:29

Kompletní LOG z posledního skenu z Nodu

Protokol o kontrole
Verze virové databáze: 7130 (20120511)
Datum: 11.5.2012 Čas: 21:34:04
Testované disky, adresáře a soubory: Paměť;C:\Boot sektor;D:\Boot sektor;E:\Boot sektor;G:\Boot sektor;H:\Boot sektor;C:\;D:\;E:\;G:\;H:\
C:\hiberfil.sys - chyba při otevírání [4]
C:\pagefile.sys - chyba při otevírání [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - chyba při otevírání [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - chyba při otevírání [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - chyba při otevírání [4]
C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - chyba při otevírání [4]
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - chyba při otevírání [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - chyba při otevírání [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - chyba při otevírání [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - chyba při otevírání [4]
C:\Users\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - chyba při otevírání [4]
C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - chyba při otevírání [4]
C:\Users\Zick\NTUSER.DAT - chyba při otevírání [4]
C:\Users\Zick\ntuser.dat.LOG1 - chyba při otevírání [4]
C:\Users\Zick\ntuser.dat.LOG2 - chyba při otevírání [4]
C:\Users\Zick\AppData\Local\Google\Chrome\User Data\Default\Current Session - chyba při otevírání [4]
C:\Users\Zick\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006567 » RAR » Glee.S03E19.HDTV.x264-LOL.srt - soubor má chybný kontrolní součet (CRC), může být poškozen
C:\Users\Zick\AppData\Local\Microsoft\Windows\UsrClass.dat - chyba při otevírání [4]
C:\Users\Zick\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - chyba při otevírání [4]
C:\Users\Zick\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - chyba při otevírání [4]
C:\Users\Zick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3DOV9RQB\swfupload[1].swf » CWS » file.swf - archiv je poškozen a soubor nemůže být extrahován
C:\Users\Zick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3DOV9RQB\swfupload[2].swf » CWS » file.swf - archiv je poškozen a soubor nemůže být extrahován
C:\Users\Zick\AppData\Roaming\Thunderbird\Profiles\fzj06x2n.default\ImapMail\mail.trent-1.cz\INBOX » MBOX - je v pořádku (neprohlížen uvnitř)
C:\Users\Zick\AppData\Roaming\Thunderbird\Profiles\fzj06x2n.default\ImapMail\mail.trent.cz\&AQw-SOB » MBOX - je v pořádku (neprohlížen uvnitř)
C:\Users\Zick\AppData\Roaming\Thunderbird\Profiles\fzj06x2n.default\ImapMail\mail.trent.cz\INBOX » MBOX - je v pořádku (neprohlížen uvnitř)
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - chyba při otevírání [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - chyba při otevírání [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - chyba při otevírání [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - chyba při otevírání [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - chyba při otevírání [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\8d6787b7b85bf3e80b50d7ff03381acd9ee1bc4a.HomeGroupClassifier\15f1d2167e563951ce4e019a7822d326\grouping\db.mdb - chyba při otevírání [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\8d6787b7b85bf3e80b50d7ff03381acd9ee1bc4a.HomeGroupClassifier\15f1d2167e563951ce4e019a7822d326\grouping\edb.log - chyba při otevírání [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\8d6787b7b85bf3e80b50d7ff03381acd9ee1bc4a.HomeGroupClassifier\15f1d2167e563951ce4e019a7822d326\grouping\tmp.edb - chyba při otevírání [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - chyba při otevírání [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - chyba při otevírání [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - chyba při otevírání [4]
C:\Windows\System32\catroot2\edb.log - chyba při otevírání [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - chyba při otevírání [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - chyba při otevírání [4]
D:\Downloads\chromeinstall-7u4.exe » CAB » jusched - archiv je poškozen a soubor nemůže být extrahován
D:\Downloads\chromeinstall-7u4.exe » CAB » task.xml - archiv je poškozen a soubor nemůže být extrahován
D:\Downloads\chromeinstall-7u4.exe » CAB » task64.xml - archiv je poškozen a soubor nemůže být extrahován
D:\Jany PC\OOo_2.4.1_080531_Win32Intel_install_cs.exe » NSIS » openoffice.org-pyuno.cab » CAB » testtar.tar » TAR » - poškozený archiv
D:\Jany PC\Desktop\OpenOffice.org 3.0 (cs) Installation Files\openofficeorg1.cab » CAB » testtar.tar » TAR » - poškozený archiv
D:\lanka\Anno.2070-RELOADED\rld-an27.iso » ISO » SOLIDCOR.DLL - varianta infiltrace Win32/Kryptik.FM trojský kůň
D:\lanka\Anno.2070.Update.1.01-RELOADED\crack\solidcore32.dll - varianta infiltrace Win32/Kryptik.FM trojský kůň - vyléčen smazáním - uložen do karantény [1]
D:\lanka\Mafia II (CZ)\bcz-mafia2.iso » ISO » SETUP.PA.EXE » RAR » pc\sds\city\dipton_z.sds - nemohu najít další díl archivu
D:\lanka\StarCraft2\rld-scii.iso » ISO » ntle oe1MQ_ - dekomprese neproběhla, ověřte, zda je dostatek paměti a volného místa na disku
D:\lanka\The Witcher 2 Assassins of Kings-Black_Box\The Witcher 2.iso » ISO » eu-.i - dekomprese neproběhla, ověřte, zda je dostatek paměti a volného místa na disku
D:\Program Files (x86)\Demigod-BiNGaMeS\Demigod_BiNGaMeS.Ru_Epidem.ru.7z » 7ZIP » dgdata.zip - chyba při extrakci
D:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\solidcore32.dll - varianta infiltrace Win32/Kryptik.FM trojský kůň - vyléčen smazáním - uložen do karantény [1]
D:\Windows 7 Loader eXtreme Edition v3.503-NAPALUM\w7lxe.exe - varianta infiltrace Win32/HackKMS.A potenciálně nechtěná aplikace - výběr akce byl odložen na konec skenování
D:\ZÁLOHA FIREMNÍ PC\Microsoft\Outlook Express\ADOL.dbx » DBX - je v pořádku (neprohlížen uvnitř)
D:\ZÁLOHA FIREMNÍ PC\Microsoft\Outlook Express\Doručená pošta.dbx » DBX - je v pořádku (neprohlížen uvnitř)
D:\ZÁLOHA FIREMNÍ PC\Microsoft\Outlook Express\Koncepty.dbx » DBX - je v pořádku (neprohlížen uvnitř)
D:\ZÁLOHA FIREMNÍ PC\Microsoft\Outlook Express\Odeslaná pošta (1).dbx » DBX - je v pořádku (neprohlížen uvnitř)
D:\ZÁLOHA FIREMNÍ PC\Microsoft\Outlook Express\Odeslaná pošta.dbx » DBX - je v pořádku (neprohlížen uvnitř)
D:\ZÁLOHA FIREMNÍ PC\Microsoft\Outlook Express\Odstraněná pošta.dbx » DBX - je v pořádku (neprohlížen uvnitř)
D:\ZÁLOHA FIREMNÍ PC\Sdileni\{5C4D6E87-7460-4FE9-BC4B-6BE5D4307948}\Microsoft\Outlook Express\Doručená pošta.dbx » DBX - je v pořádku (neprohlížen uvnitř)
D:\ZÁLOHA FIREMNÍ PC\Sdileni\{5C4D6E87-7460-4FE9-BC4B-6BE5D4307948}\Microsoft\Outlook Express\Odeslaná pošta.dbx » DBX - je v pořádku (neprohlížen uvnitř)
D:\ZÁLOHA FIREMNÍ PC\Sdileni\{5C4D6E87-7460-4FE9-BC4B-6BE5D4307948}\Microsoft\Outlook Express\Odstraněná pošta.dbx » DBX - je v pořádku (neprohlížen uvnitř)
E:\$RECYCLE.BIN\S-1-5-21-1206572581-3563122553-4053948120-1001\$R4SS15Q.rar » RAR » - nemohu najít další díl archivu
E:\$RECYCLE.BIN\S-1-5-21-1206572581-3563122553-4053948120-1001\$ROIXHX9.001 » RAR » - nemohu najít další díl archivu
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$R75YPW4.dat » SIS » xonix.r13 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$R75YPW4.dat » SIS » xonix.r05 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$R75YPW4.dat » SIS » xonix.r04 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$R75YPW4.dat » SIS » xonix.r03 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$R75YPW4.dat » SIS » xonix.r02 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$R75YPW4.dat » SIS » xonix.r01 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$R75YPW4.dat » SIS » fill.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$R75YPW4.dat » SIS » death.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$R75YPW4.dat » SIS » xonix.aif - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$R75YPW4.dat » SIS » xonix.mbm - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$R75YPW4.dat » SIS » Xonix.app - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RG8WNLV.dat » SIS » xonix.r13 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RG8WNLV.dat » SIS » xonix.r05 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RG8WNLV.dat » SIS » xonix.r04 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RG8WNLV.dat » SIS » xonix.r03 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RG8WNLV.dat » SIS » xonix.r02 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RG8WNLV.dat » SIS » xonix.r01 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RG8WNLV.dat » SIS » fill.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RG8WNLV.dat » SIS » death.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RG8WNLV.dat » SIS » xonix.aif - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RG8WNLV.dat » SIS » xonix.mbm - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RG8WNLV.dat » SIS » Xonix.app - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RIZ0S3P.dat » SIS » xonix.r13 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RIZ0S3P.dat » SIS » xonix.r05 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RIZ0S3P.dat » SIS » xonix.r04 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RIZ0S3P.dat » SIS » xonix.r03 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RIZ0S3P.dat » SIS » xonix.r02 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RIZ0S3P.dat » SIS » xonix.r01 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RIZ0S3P.dat » SIS » fill.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RIZ0S3P.dat » SIS » death.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RIZ0S3P.dat » SIS » xonix.aif - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RIZ0S3P.dat » SIS » xonix.mbm - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RIZ0S3P.dat » SIS » Xonix.app - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RNWSUHI.dat » SIS » xonix.r13 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RNWSUHI.dat » SIS » xonix.r05 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RNWSUHI.dat » SIS » xonix.r04 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RNWSUHI.dat » SIS » xonix.r03 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RNWSUHI.dat » SIS » xonix.r02 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RNWSUHI.dat » SIS » xonix.r01 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RNWSUHI.dat » SIS » fill.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RNWSUHI.dat » SIS » death.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RNWSUHI.dat » SIS » xonix.aif - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RNWSUHI.dat » SIS » xonix.mbm - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RNWSUHI.dat » SIS » Xonix.app - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RP749VH.dat » SIS » xonix.r13 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RP749VH.dat » SIS » xonix.r05 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RP749VH.dat » SIS » xonix.r04 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RP749VH.dat » SIS » xonix.r03 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RP749VH.dat » SIS » xonix.r02 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RP749VH.dat » SIS » xonix.r01 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RP749VH.dat » SIS » fill.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RP749VH.dat » SIS » death.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RP749VH.dat » SIS » xonix.aif - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RP749VH.dat » SIS » xonix.mbm - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RP749VH.dat » SIS » Xonix.app - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTJUDNW.dat » SIS » xonix.r13 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTJUDNW.dat » SIS » xonix.r05 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTJUDNW.dat » SIS » xonix.r04 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTJUDNW.dat » SIS » xonix.r03 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTJUDNW.dat » SIS » xonix.r02 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTJUDNW.dat » SIS » xonix.r01 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTJUDNW.dat » SIS » fill.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTJUDNW.dat » SIS » death.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTJUDNW.dat » SIS » xonix.aif - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTJUDNW.dat » SIS » xonix.mbm - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTJUDNW.dat » SIS » Xonix.app - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTZSJKF.dat » SIS » xonix.r13 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTZSJKF.dat » SIS » xonix.r05 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTZSJKF.dat » SIS » xonix.r04 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTZSJKF.dat » SIS » xonix.r03 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTZSJKF.dat » SIS » xonix.r02 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTZSJKF.dat » SIS » xonix.r01 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTZSJKF.dat » SIS » fill.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTZSJKF.dat » SIS » death.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTZSJKF.dat » SIS » xonix.aif - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTZSJKF.dat » SIS » xonix.mbm - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RTZSJKF.dat » SIS » Xonix.app - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RWQN098.dat » SIS » xonix.r13 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RWQN098.dat » SIS » xonix.r05 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RWQN098.dat » SIS » xonix.r04 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RWQN098.dat » SIS » xonix.r03 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RWQN098.dat » SIS » xonix.r02 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RWQN098.dat » SIS » xonix.r01 - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RWQN098.dat » SIS » fill.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RWQN098.dat » SIS » death.wav - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RWQN098.dat » SIS » xonix.aif - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RWQN098.dat » SIS » xonix.mbm - archiv je poškozen a soubor nemůže být extrahován
E:\$RECYCLE.BIN\S-1-5-21-9547581-1944590521-2821983377-1001\$RWQN098.dat » SIS » Xonix.app - archiv je poškozen a soubor nemůže být extrahován
E:\Softwary\Microsoft Office 2007 CZ full\Microsoft Office 2007 CZ.iso » ISO » ENTERWW.CAB » CAB » PROCESS_LIBRARY.FDT » MIME - je v pořádku (neprohlížen uvnitř)
E:\Softwary\Microsoft Office 2007 CZ full\Microsoft Office 2007 CZ.iso » ISO » ENTERWW.CAB » CAB » HIRING_REQUISITION_CUSTOMIZED.FDT » MIME - je v pořádku (neprohlížen uvnitř)
E:\Softwary\Microsoft Office 2007 CZ full\Microsoft Office 2007 CZ.iso » ISO » ENTERWW.CAB » CAB » HIRING_REQUISITION.FDT » MIME - je v pořádku (neprohlížen uvnitř)
E:\Softwary\Microsoft Office 2007 CZ full\Microsoft Office 2007 CZ.iso » ISO » ENTERWW.CAB » CAB » TRACK_ISSUES.FDT » MIME - je v pořádku (neprohlížen uvnitř)
E:\Softwary\Microsoft Office 2007 CZ full\Microsoft Office 2007 CZ.iso » ISO » ENTERWW.CAB » CAB » POLICIES.FDT » MIME - je v pořádku (neprohlížen uvnitř)
E:\Softwary\Registry Easy v5.1 CZ\RegistryEasy51cz.exe » RAR » RE.exe - pravděpodobně varianta infiltrace Win32/Adware.RegistryEasy aplikace
G:\!MP3\Monika Bagarova - Shining\BAGAROVA MONIKA - Shining.nfo » RAR - chyba - soubor je chráněn heslem
H:\!MP3\!!!trance etc\VA - Cosmic Gate - Sign Of The Times (Deluxe Edition) (2010) [WwW.ZoNaTorrent.CoM]\Cosmic_Gate_Sign_Of_The_Times_Deluxe_Edition_BHCD72D_WEB_2010_LOSSLESS.part01.rar » RAR » 12-Whatever.flac - nemohu najít další díl archivu
H:\Boot\BCD - chyba při otevírání [4]
H:\Boot\BCD.LOG - chyba při otevírání [4]
D:\lanka\Anno.2070-RELOADED\rld-an27.iso » ISO » SOLIDCOR.DLL - varianta infiltrace Win32/Kryptik.FM trojský kůň - byl součástí smazaného objektu
D:\Windows 7 Loader eXtreme Edition v3.503-NAPALUM\w7lxe.exe - varianta infiltrace Win32/HackKMS.A potenciálně nechtěná aplikace - vyléčen smazáním - uložen do karantény [1]
E:\Softwary\Registry Easy v5.1 CZ\RegistryEasy51cz.exe » RAR » RE.exe - pravděpodobně varianta infiltrace Win32/Adware.RegistryEasy aplikace - byl součástí smazaného objektu
Počet zkontrolovaných objektů: 1007457
Počet nalezených hrozeb: 5
Počet vyléčených objektů: 5
Čas ukončení: 23:45:30 Celkový čas diagnostiky: 7886 sek (02:11:26)

Poznámky:
[1] Objekt byl smazán, obsahoval pouze škodlivý kód.
[4] Objekt nelze otevřít ke čtení. Je využíván jinou aplikací (nebo operačním systémem), která ho otevřela výhradně pro sebe.

Zick01 · #6 Příspěvek od **Zick01** » 13 kvě 2012 15:05

Chápu, warezem jsem si to zas*al... ted dělám ten Malwarebytes scan, jede to docela dlouho, ale jede... mám tam zatím 2 nalezené objekty... a neustále mi vyskakuje hláška že to zablokovalo potenciálně škodlivé stránky na ip xy a spouští to utorrent.exe jak bude log, tak ho sem postnu

Zick01 · #7 Příspěvek od **Zick01** » 13 kvě 2012 19:26

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.05.13.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zick :: ZICK01 [administrátor]

Ochrana: Povolena

13.5.2012 13:31:51
mbam-log-2012-05-13 (20-25-23).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 490426
Uplynulý čas: 3 hodin, 23 minut, 10 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\QIP Infium JadrisPack\QIP JadrisPack.exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
D:\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Žádná instrukce nebyla provedena.
E:\Softwary\Adobe Photoshop CS5 CZ\Crack\adobe_PS_CS5_keygen.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
E:\System Volume Information\_restore{9F6D0A68-1CC6-4D23-ACFE-17EE5C359BA2}\RP132\A0021252.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.

(konec)

plus jsem se chtěl zeptat ohledně toho blokování utorrent.exe... asi jako většina uživatelů sosám, tak nevím jestli to ignorovat nebo co s tím dělat.

Zick01 · #8 Příspěvek od **Zick01** » 14 kvě 2012 15:07

V poho, taky jsem koukal - snažili se kluci, jen jim chybělo štěstí...

V MBAm jsem odstranil ty 4 mrchožrouty...

zde je LOG:

ComboFix 12-05-14.02 - Zick 14.05.2012 16:14:56.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2991 [GMT 2:00]
Spuštěný z: c:\users\Zick\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Zick\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-14 do 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 14:20 . 2012-05-14 14:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-13 11:30 . 2012-05-13 11:30 -------- d-----w- c:\users\Zick\AppData\Roaming\Malwarebytes
2012-05-13 11:30 . 2012-05-13 11:30 -------- d-----w- c:\programdata\Malwarebytes
2012-05-13 11:30 . 2012-05-13 11:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-13 11:30 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-11 21:54 . 2012-05-11 21:54 -------- d-----w- C:\rsit
2012-05-11 21:54 . 2012-05-11 21:54 -------- d-----w- c:\program files\trend micro
2012-05-11 18:45 . 2012-05-11 18:45 -------- d-----w- c:\users\Zick\AppData\Local\ESET
2012-05-11 18:44 . 2012-05-11 18:44 -------- d-----w- c:\program files\ESET
2012-05-11 17:07 . 2012-05-11 17:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-11 17:06 . 2012-05-11 17:06 -------- d-----w- c:\program files (x86)\Oracle
2012-05-11 17:06 . 2012-04-04 16:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-11 12:09 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A47108D0-998E-4144-B349-C622364AD1AA}\mpengine.dll
2012-05-10 16:01 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 16:01 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 16:01 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 16:01 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 16:01 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 16:01 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 15:56 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 15:53 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 15:53 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 15:53 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 15:53 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 15:53 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 15:53 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-04-29 10:23 . 2012-04-29 10:23 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-29 10:23 . 2012-04-29 10:23 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-29 10:23 . 2012-04-29 10:23 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-28 08:01 . 2012-04-28 08:01 -------- d-----w- C:\Temp
2012-04-28 07:52 . 2011-11-29 14:39 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-04-28 07:51 . 2011-11-29 14:38 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-04-22 12:52 . 2012-04-22 12:52 -------- d-----w- c:\program files (x86)\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 16:39 . 2012-04-06 16:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-06 16:39 . 2011-11-20 13:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 16:47 . 2011-12-07 13:34 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-06 23:15 . 2011-11-20 13:17 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-02 16:33 . 2003-03-18 19:14 505392 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-01 06:46 . 2012-04-12 20:41 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 20:41 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 20:41 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 20:41 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 20:41 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 20:41 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 20:41 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 20:43 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 20:43 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 20:43 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 20:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 20:43 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 20:43 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 20:43 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 20:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 08:18 . 2011-11-20 13:24 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-21 12:29 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-21 12:29 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-21 12:29 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-21 12:29 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-21 12:29 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-12 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Device Detector"="c:\program files (x86)\Common Files\ACD Systems\EN\DevDetect.exe" [2003-11-26 217088]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"RemoteControl"="d:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="d:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-29 129976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-20 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-10-25 3272016]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 16:39]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559359669-2066989481-2770150702-1001Core.job
- c:\users\Zick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 12:56]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-559359669-2066989481-2770150702-1001UA.job
- c:\users\Zick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 12:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"kX Mixer"="c:\program files\kX Audio Driver\3550\kxmixer.exe" [2009-09-17 677896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-10-25 3993936]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37 192.168.1.254
FF - ProfilePath - c:\users\Zick\AppData\Roaming\Mozilla\Firefox\Profiles\dr1nyho4.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - d:\adobe\Adobe Bridge CS5\Bridge.exe
AddRemove-QIP Infium JadrisPack 6.0.0 - c:\qip infium jadrispack\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\d:\program files (x86)\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="BD10A00F0542DA5D69CE04EF1DD1042371567D0D0E074D2E49EAEE31A64E435094499F0675F5AB3E9F46E88EC0287838E7B5EDFC1A484B8232A7EA50779306A92A7A8945E6146F24A5B0D09748E963AFDE219C92A0DA99935172A7F075B97121A0E82B0D3B18D9148AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407FEBC9E127BECC74CA6A0AC4980AC7933B472757F1D6D2C1DBC5F385DC9E3CC40A7FB2A7F01CD2B65A992CC4AE645657D8A741689F5B432857A9828E4AFBCB202A73F49D6A4A7A183B032BB3FC56A46395B8D59028A35C41E251B88B5651AAB291FB7785F88BE661B17583342F69B6F4B1A070041F050DD993D89114B1E8837DA370404541A689D62543837704798C89E2D4E6265EFCD4934332B0C62BD74254012E24EB67DDC3F17D62E5A29B4010E1C6DF3E74F04D629AAF06ADAFDDD339C0B43B748C887B713787DB3C611F25BCD37A9B010A35FFAF0BF4FD6EDE34CFA176C538A7B1144793949206B3A90EA116EE3235DED4BE42C6B369EA24E1F8B68611A3D8785DBF08625D1059906D2B6EE251A91F628F3ADC033DA21A5957CCF7B1F5071FE943780299C5DEAA70FC8A5A57ED79CA0768F067339F90EDAF58F0315444DD3E36EF69A8ABB3C02234E263D4CD99D651FA951EEE1C365115FAF2E437E1C533DCEEAB2183EEFC0EFBA51E332DBEC6E7A5EA2B49C8EE972C8781C71616343A9F87B764488367B44CDC539BDF2313DD3E469D874F8609AF9470BA5B8E252AC1BC7C9914C2ECC77A0283B3C339C8EA7DB9C73D4141EA1945C9523CBA582BD1CF4DB3E4F2C7F3CCDB77FB9A2088418DB1410D33657DD806D79ACEE211E2C7F2E8A5F7FD90DA627BBEBCA014946B0D7DD15220230C73C100D367CC2CE4D82D14EB2ED5BEBD783115524F075A3395D3B8473281E07B1F2C6327DE8148D1FDA533F4816BE56BD276201CDCFA1B4EFFA947D4FEB6715276DFCEBBCC77EAEC8BC8895A95DC07CB058677AD638B116C0AB1746C72DC64AFDCB749F65E340943EE958BDB93C1858689150CE34707675C2C65EB3809BC3A7CD644C066CFC3D36BACF8DF2DE1C9EF46082B1E25DAFE41551D9E5EDA35E8DC4F43E0D2C4D467B203B96D84983DFD7F2D68C836BCC2595488CA291EF5E1076C994169FF28366A5708316CC2496D96507CFC6237403EFC5F9D994A48A5FBCF2F5905D540E93F80CDA18DCE0BD0BD38F7991FAD05B8325562761D84860DC699D9C92375C07008C20A6442C70A5D708C22528283155D64ECC600E490CE98E09B42388FC4EBAD3A3792E96793CBC76A60E7C6102CAE687E8D04C11F5DFF2B1089983233AA3D91D35D3E25F6F65B7E6D3A502526D0C6D26652FA1DD22991B87C2524C57B13C69"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
.
**************************************************************************
.
Celkový čas: 2012-05-14 16:25:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-14 14:25
.
Před spuštěním: 3 461 214 208
Po spuštění: 3 454 402 560
.
- - End Of File - - B2CA306EC415E39C9485265982826826

Zick01 · #9 Příspěvek od **Zick01** » 14 kvě 2012 18:38

Okey, díky. Takže můžu ty softy teď odinstalit, nebo je tam nechám?

palmexman · #10 Příspěvek od **palmexman** » 28 kvě 2012 18:53

Ahoj kluci, musím se omluvit hned na začátku sice jsem počítače studoval ale na VIRY jsem lama.
UPC mi bloklo porty údajně se jednalo se o "BOTS mwtype Torpig" (mají tam log 2 dny po sobě)

Mám doma 2 pc a router takže mají MAC adresu routeru.

Můžete mi někdo poradit co si mám nainstalovat a co sem nahrát na výpis. Nejdřív bych dal svůj PC popř. pak i log z druhého.
Díky moc

#11 Příspěvek od **motji** » 28 kvě 2012 21:23

palmexman píše:Ahoj kluci, musím se omluvit hned na začátku sice jsem počítače studoval ale na VIRY jsem lama.
UPC mi bloklo porty údajně se jednalo se o "BOTS mwtype Torpig" (mají tam log 2 dny po sobě)

Mám doma 2 pc a router takže mají MAC adresu routeru.

Můžete mi někdo poradit co si mám nainstalovat a co sem nahrát na výpis. Nejdřív bych dal svůj PC popř. pak i log z druhého.
Díky moc

Hezký večer

,
založte si prosím vlastní topic, takto by se to tu pletlo.
Vložte log ze rsitu http://forum.viry.cz/viewtopic.php?f=13&t=105895

VIRY.CZ

Kontrola logu - upozornění z UPC

Kontrola logu - upozornění z UPC

Re: Kontrola logu - upozornění z UPC

Re: Kontrola logu - upozornění z UPC

Re: Kontrola logu - upozornění z UPC

Re: Kontrola logu - upozornění z UPC

Re: Kontrola logu - upozornění z UPC

Re: Kontrola logu - upozornění z UPC

Re: Kontrola logu - upozornění z UPC

Re: Kontrola logu - upozornění z UPC

Re: Kontrola logu - upozornění z UPC

Re: Kontrola logu - upozornění z UPC