Nelze spustit .exe Win7

Zpráva

tHx · #1 Příspěvek od **tHx** » 07 lis 2011 23:11

Dobrý večer,
systém mi přestal spouštět .exe. Některé programy přesto naskočí, například otestování souboru antivirem (Security Essentials) nebo notepad (když kliknu na upravit soubor). ComboFix mi to nespustí, Silent Runners také ne. Prosím o radu.

#2 Příspěvek od **Rudy** » 07 lis 2011 23:13

Zdravím!
Zkuste obnovu systému k datu, kdy korektně fungoval.

tHx · #3 Příspěvek od **tHx** » 07 lis 2011 23:15

rstrui mi to také nechce spustit. Neznámé rozhraní. Samotný nástroj také ne (Nástroj Obnovení systému nebylo možné spustit.)

#4 Příspěvek od **cernohous13** » 08 lis 2011 06:11

Pardon

zkus tam před pokračováním s Rudym prohnat toto - http://www.raktor.net/exeHelper/exeHelper.scr

tHx · #5 Příspěvek od **tHx** » 08 lis 2011 08:04

V pohodě

Nic se nestane. Celkově při spuštění poklikáním to nereaguje nijak. Chybové hlášení to vypíše až při nějakém "nuceném" spuštění, třeba přes příkazovou řádku (.bat naskočí) a při snaze o spuštění přes cmd to vypíše zase chybu, u exeHelper.scr Neznámé rozhraní.

Naivně jsem na noc nechal puštěný scan PC (Security Essentials). Samozřejmě to nic nenašlo. To jen kdyby vás to také napadlo

#6 Příspěvek od **motji** » 08 lis 2011 08:13

Omlouvám se za vstup

.

Ani v nouzovém režimu nic nefunguje? Co jste dělal s pc předtím, než tohle začalo?

tHx · #7 Příspěvek od **tHx** » 08 lis 2011 09:00

Nouzový režim je to samé v bledě modrém.

Vinu přikládám jedné z těchto dvou aplikací, před nimy to bylo v pohodě:

Kód: Vybrat vše

http://www.sosej.cz/Desktop-Hry.html
http://portableapps.com/apps/music_video/audacity_portable

A to jsem obě nejdřív pouštěl ve virtuálu. Možná se mi do PC dostalo ještě něco, těžko říct.

#8 Příspěvek od **cernohous13** » 08 lis 2011 09:14

Pokud nám nedáš nějaké bližší informace třeba i z Nouzového režimu - http://www.viry.cz/forum/viewtopic.php?f=13&t=105895
tak snad zbývá jen pokus o opravu systému http://viry.cz/forum/viewtopic.php?f=46&t=41036

tHx · #9 Příspěvek od **tHx** » 08 lis 2011 09:32

Tak v nouzovém režimu se mi přes cmd podařilo spustit jak combofix tak ten rsit. Odpoledne sem dám logy, teď musím frčet do školy. Zatím děkuji všem za ochotu!

#10 Příspěvek od **cernohous13** » 08 lis 2011 09:52

Klidně si počkáme

tHx · #11 Příspěvek od **tHx** » 08 lis 2011 14:39

ComboFix

ComboFix 11-11-08.02 - tHx 08.11.2011 14:15:32.1.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.5117.4238 [GMT 1:00]
Spuštěný z: c:\users\tHx\Desktop\c.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a.bat
c:\users\Public\CashCounter.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-08 do 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-08 13:23 . 2011-11-08 13:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-08 13:23 . 2011-11-08 13:23 -------- d-----w- c:\users\Test Server\AppData\Local\temp
2011-11-08 13:23 . 2011-11-08 13:23 -------- d-----w- c:\users\localhost\AppData\Local\temp
2011-11-08 13:23 . 2011-11-08 13:23 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2011-11-08 13:23 . 2011-11-08 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-08 13:23 . 2011-11-08 13:23 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2011-11-08 13:06 . 2011-11-08 13:06 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF645DA0-C8E1-4248-9DE8-A331F89D2E02}\offreg.dll
2011-11-07 15:41 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF645DA0-C8E1-4248-9DE8-A331F89D2E02}\mpengine.dll
2011-11-06 11:37 . 2011-11-06 11:37 -------- d-----w- c:\users\tHx\AppData\Roaming\EPSON
2011-11-01 14:02 . 2011-11-01 14:02 -------- d-----w- c:\users\Public\spy++8
2011-10-31 22:08 . 2011-10-31 22:08 -------- d-----w- c:\users\Public\netb
2011-10-30 15:57 . 2011-10-30 15:57 119808 ----a-r- c:\users\tHx\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2011-10-30 15:57 . 2011-10-30 15:57 -------- d-----w- c:\users\tHx\AppData\Local\Apps
2011-10-29 13:22 . 2011-10-29 13:22 -------- d-----w- c:\users\tHx\AppData\Local\assembly
2011-10-29 12:12 . 2011-10-29 12:12 -------- d-----w- c:\program files (x86)\WPF Toolkit
2011-10-29 12:07 . 2010-02-04 08:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-10-29 12:07 . 2010-02-04 08:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-10-29 12:07 . 2010-02-04 08:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-10-29 12:07 . 2010-02-04 08:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-10-29 12:04 . 2011-10-29 12:04 -------- d-----w- c:\windows\SysWow64\xlive
2011-10-29 12:04 . 2011-10-29 23:48 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-10-29 12:03 . 2011-10-29 12:03 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-10-29 12:02 . 2011-10-29 12:02 192768 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2011-10-29 11:55 . 2011-10-29 11:55 -------- d-----w- c:\program files (x86)\Microsoft XDE
2011-10-29 11:54 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-10-29 11:54 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-10-27 21:01 . 2011-10-27 21:01 -------- d-----w- c:\users\tHx\AppData\Local\Nero
2011-10-26 21:40 . 2011-10-26 21:40 -------- d-----w- c:\programdata\VS
2011-10-26 21:30 . 2011-09-22 19:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2011-10-26 21:30 . 2011-09-22 15:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2011-10-26 21:28 . 2011-10-26 21:28 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2011-10-26 21:24 . 2011-10-26 21:24 -------- d-----w- c:\program files\Microsoft.NET
2011-10-24 19:42 . 2011-10-03 03:06 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2011-10-23 18:46 . 2011-10-23 18:46 -------- d-----w- C:\QUO_VADIS
2011-10-17 19:38 . 2011-10-17 19:38 -------- d-----w- c:\program files\Microsoft Mathematics
2011-10-13 19:52 . 2011-10-26 21:53 -------- d-----r- c:\users\tHx\Podcasts
2011-10-13 19:52 . 2011-10-13 19:52 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR
2011-10-13 19:52 . 2011-10-13 19:52 -------- d-----w- c:\windows\system32\drivers\UMDF\ms-MY
2011-10-13 19:50 . 2011-10-13 19:50 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2011-10-13 19:50 . 2011-10-13 19:50 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2011-10-13 19:50 . 2011-10-13 19:50 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
2011-10-13 19:50 . 2011-10-13 19:50 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
2011-10-13 19:47 . 2011-10-13 19:52 -------- d-----w- c:\program files\Zune
2011-10-12 20:20 . 2011-10-29 19:31 -------- d-----w- c:\users\Public\Flash_Decompiler_Trillix_5.2.1160
2011-10-12 17:56 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 17:56 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 17:56 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 17:56 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 17:56 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 17:56 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 17:56 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 17:56 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 17:56 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 16:27 . 2011-10-11 16:27 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3470DBC-26AF-41F7-B590-AA189977F9AF}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 21:47 . 2011-08-28 15:19 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-10-26 21:47 . 2011-08-28 14:19 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2011-10-26 21:45 . 2011-08-28 14:53 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2011-10-17 16:36 . 2011-08-28 13:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 04:16 . 2011-08-28 16:28 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 03:06 . 2011-08-28 13:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-22 19:07 . 2011-09-22 19:07 474472 ----a-w- c:\windows\system32\SqlServerSpatial.dll
2011-09-22 19:07 . 2011-08-28 16:45 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
2011-09-22 19:06 . 2011-09-22 19:06 3171176 ----a-w- c:\windows\system32\sqlncli10.dll
2011-09-22 19:01 . 2011-09-22 19:01 312168 ----a-w- c:\windows\system32\drivers\RsFx0104.sys
2011-09-22 19:01 . 2011-09-22 19:01 311144 ----a-w- c:\windows\system32\drivers\RsFx0105.sys
2011-09-22 18:09 . 2011-09-22 18:09 42344 ----a-w- c:\windows\system32\DTSPipelinePerf100.dll
2011-09-22 15:18 . 2011-09-22 15:18 2570088 ----a-w- c:\windows\SysWow64\sqlncli10.dll
2011-09-15 15:04 . 2011-09-15 15:04 8024 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\10.0\SDKFilesVer.dll
2011-09-15 15:04 . 2011-09-15 15:04 8024 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\10.0\addons\NonSDKAddonVer.dll
2011-09-15 15:04 . 2011-09-15 15:04 8024 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\10.0\1033\NonSDKAddonLangVer.dll
2011-09-15 15:04 . 2011-09-15 15:04 8016 ----a-w- c:\programdata\Microsoft\Phone Tools\CoreCon\10.0\addons\WPSDKVer.dll
2011-09-13 19:47 . 2011-09-13 19:47 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-09-13 19:47 . 2011-09-13 19:47 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-28 09:53 . 2011-09-08 13:41 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-28 00:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-28 00:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-27 23:10 . 2011-08-27 23:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-27 23:10 . 2011-08-27 23:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-27 23:10 . 2011-08-27 23:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-27 23:10 . 2011-08-27 23:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-27 23:10 . 2011-08-27 23:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-27 23:10 . 2011-08-27 23:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-27 23:10 . 2011-08-27 23:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-27 23:10 . 2011-08-27 23:10 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-27 23:10 . 2011-08-27 23:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-27 23:10 . 2011-08-27 23:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-27 23:10 . 2011-08-27 23:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-27 23:10 . 2011-08-27 23:10 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-27 23:10 . 2011-08-27 23:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-27 23:10 . 2011-08-27 23:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-27 23:10 . 2011-08-27 23:10 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-27 23:10 . 2011-08-27 23:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-27 23:10 . 2011-08-27 23:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-27 23:10 . 2011-08-27 23:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-27 23:10 . 2011-08-27 23:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-27 23:10 . 2011-08-27 23:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-27 23:10 . 2011-08-27 23:10 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-27 23:10 . 2011-08-27 23:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-27 23:10 . 2011-08-27 23:10 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-27 23:10 . 2011-08-27 23:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-27 23:10 . 2011-08-27 23:10 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-27 23:10 . 2011-08-27 23:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-27 23:10 . 2011-08-27 23:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-27 23:10 . 2011-08-27 23:10 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-27 23:10 . 2011-08-27 23:10 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-27 23:10 . 2011-08-27 23:10 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-27 23:10 . 2011-08-27 23:10 448512 ----a-w- c:\windows\system32\html.iec
2011-08-27 23:10 . 2011-08-27 23:10 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-27 23:10 . 2011-08-27 23:10 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-27 23:10 . 2011-08-27 23:10 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-27 23:10 . 2011-08-27 23:10 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-27 23:10 . 2011-08-27 23:10 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-22 15:07 . 2011-10-07 16:04 62064 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-08-22 15:07 . 2011-10-07 16:03 942192 ----a-w- c:\windows\system32\vnetlib64.dll
2011-08-22 15:07 . 2011-10-07 16:03 354416 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-08-22 15:06 . 2011-10-07 16:03 432752 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-08-22 15:06 . 2011-10-07 16:03 32880 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-08-22 15:06 . 2011-10-07 16:03 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-08-22 13:40 . 2011-08-22 13:40 252016 ----a-w- c:\windows\SysWow64\vmnc.dll
2011-08-22 13:12 . 2011-08-22 13:12 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2011-08-22 13:12 . 2011-08-22 13:12 48752 ----a-w- c:\windows\system32\vnetinst.dll
2011-08-22 13:12 . 2011-08-22 13:12 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2011-08-22 13:12 . 2011-08-22 13:12 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2011-08-22 13:12 . 2011-08-22 13:12 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2011-08-21 21:11 . 2011-10-07 16:03 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-08-16 06:48 . 2011-08-27 22:32 8862544 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48721E6A-855D-44DE-B96D-C3B5C0D197C0}\mpengine.dll
2011-08-12 05:29 . 2011-08-28 09:34 3053160 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-08-27 638736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Zend Controller.lnk - c:\program files (x86)\Zend\ZendServer\bin\zendcontroller.exe [2011-9-4 249776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-21 846448]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 194.228.41.113 160.218.161.54
FF - ProfilePath - c:\users\tHx\AppData\Roaming\Mozilla\Firefox\Profiles\fgat0uxe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-11-08 14:26:47
ComboFix-quarantined-files.txt 2011-11-08 13:26
.
Před spuštěním: Volných bajtů: 1 411 290 087 424
Po spuštění: Volných bajtů: 1 417 247 744 000
.
- - End Of File - - BC73A0D36D20352C8F63A5B61AC47484

tHx · #12 Příspěvek od **tHx** » 08 lis 2011 14:40

RSIT info

info.txt logfile of random's system information tool 1.09 2011-11-08 14:30:48

======Uninstall list======

-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\setup.exe" /Action=RemovePatch /AllInstances
-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances
-->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
Adobe After Effects CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}"
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe -maintain plugin
Adobe Illustrator CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}"
Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader X (10.1.1) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA1000000001}
Aktualizace NVIDIA 1.4.28-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update
AMD USB Filter Driver-->MsiExec.exe /X{82809116-D1EE-443C-AE31-F19E709DDF7A}
ArmA 2 Uninstall-->D:\Gamezz\Bohemia Interactive\UnInstall.exe
Avanquest update-->"C:\Program Files (x86)\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
BitTorrent-->"C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /UNINSTALL
Cabri Geometry II Plus-->MsiExec.exe /I{E45873F4-AB2D-473F-9CBB-78125F4BF624}
DCS Black Shark-->"D:\Games\Ka-50\uninstall.exe"
Definition update for Microsoft Office 2010 (KB982726) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{7A31FF65-054F-4CAF-9929-DCE76CDBAE64}" "1029" "0"
Derive 6-->C:\Program Files (x86)\TI Education\Derive 6\unwise.exe C:\PROGRA~2\TIEDUC~1\DERIVE~1\INSTALL.LOG
EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
FileZilla Client 3.5.1-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
GIMP 2.6.11-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe"
High-Definition Video Playback 10-->MsiExec.exe /X{237CCB62-8454-43E3-B158-3ACD0134852E}
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)-->c:\Windows\SysWOW64\msiexec.exe /package {46F8CF66-AB83-38A7-99B2-A5BE507EE472} /uninstall {3EE9D984-E7A6-30B9-8FF5-A1FE2242440A} /qb+ REBOOTPROMPT=""
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216027FF}
JDownloader 0.9-->C:\Program Files (x86)\JDownloader\JDUninstall.exe
K-Lite Mega Codec Pack 7.8.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
LightScribe System Software-->MsiExec.exe /X{82EF29B1-9B60-4142-A155-0599216DD053}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{790E02A1-145A-3843-8C13-A4F41C9B48B7}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft Advertising SDK for Windows Phone - ENU-->MsiExec.exe /X{656458ED-DA77-4C82-AF2F-1640C191A2A7}
Microsoft Antimalware Service CS-CZ Language Pack-->MsiExec.exe /X{17CA32D1-73BD-4990-B8F6-369D8D34B05D}
Microsoft Antimalware-->MsiExec.exe /X{05BFB060-4F22-4710-B0A2-2801A1B606C5}
Microsoft Expression Blend 3 SDK-->MsiExec.exe /X{256E7DAC-9BE8-494E-8DE7-7857BF96B774}
Microsoft Expression Blend 4 Add-in for Adobe FXG Import-->MsiExec.exe /X{EFBBD030-48F0-43B3-A8AD-789894DAD0B5}
Microsoft Expression Blend 4-->"c:\Program Files (x86)\Microsoft Expression\Blend 4\XSetup.exe" -x -AppLangId:1033 "-manifest:BlendManifest.cab" "-source:c:\Program Files (x86)\Microsoft Expression\Blend 4\Setup\;c:\a18cf870c7ea1e4de69f\Setup"
Microsoft Expression Blend 4-->MsiExec.exe /X{4C6D5779-A766-45DF-9938-D6F595A66F2B}
Microsoft Expression Blend SDK for .NET 4-->MsiExec.exe /X{9B3A1C97-A361-463E-8817-444F9F88CDFE}
Microsoft Expression Blend SDK for Silverlight 4-->MsiExec.exe /X{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}
Microsoft Expression Blend SDK for Windows Phone 7-->MsiExec.exe /X{69E11501-75F7-4ACE-8103-52513DDCFE26}
Microsoft Expression Blend SDK for Windows Phone OS 7.1-->MsiExec.exe /X{12B8E200-99CC-4203-A8D1-4145FC4D0192}
Microsoft Expression Encoder 4 Pro-->"C:\Program Files (x86)\Microsoft Expression\Encoder 4\XSetup.exe" -x -AppLangId:1033 "-manifest:EncoderManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Encoder 4\Setup\;D:\Downloads\Microsoft.Expression.Encoder.Pro.4.SUB100.iSO-rG\rg-meep4\Setup"
Microsoft Expression Encoder 4 Pro-->MsiExec.exe /X{368B385B-0F7B-4E0E-B5BF-855D73B26937}
Microsoft Expression Encoder 4 Screen Capture Codec-->MsiExec.exe /X{BF127B80-CFD5-4379-9752-E8AF1A5D0141}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C}
Microsoft Help Viewer 1.1-->c:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.1\install.exe
Microsoft Help Viewer 1.1-->MsiExec.exe /X{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}
Microsoft Mathematics (64-bit)-->MsiExec.exe /X{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-1000-0000000FF1CE}" "{AEC2C00D-1E7E-45E3-9058-81EA2446B3CD}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-1000-0000000FF1CE}" "{70A3169E-288F-454F-A08D-20DF66639B50}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-1000-0000000FF1CE}" "{0242505C-4E90-407F-9299-B5B275F50D86}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-041B-1000-0000000FF1CE}" "{4B806706-B352-42E8-8C8B-5CEBCEDBC4E0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0405-1000-0000000FF1CE}" "{715203B3-AD16-41A4-B13C-E1065EAB8963}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0405-1000-0000000FF1CE}" "{15D45352-C443-406A-9DF2-EF4A750A40CF}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-1000-0000000FF1CE}" "{4B8654FE-410D-462C-9B3C-09D031BF4534}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-1000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-1000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010-->MsiExec.exe /X{90140000-00BA-0405-1000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010-->MsiExec.exe /X{90140000-0044-0405-1000-0000000FF1CE}
Microsoft Office Office 32-bit Components 2010-->MsiExec.exe /X{90140000-0043-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-1000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-1000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-1000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-1000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-1000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-1000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-1000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-1000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-1000-0000000FF1CE}
Microsoft Office Shared 32-bit MUI (Czech) 2010-->MsiExec.exe /X{90140000-0043-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-1000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-1000-0000000FF1CE}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Security Client CS-CZ Language Pack-->MsiExec.exe /I{DC911ADF-7B60-40F2-A112-FB1EB6402D07}
Microsoft Security Client-->MsiExec.exe /I{42738DB0-FC3E-4672-A99B-9372F5696E30}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Silverlight 3 SDK-->MsiExec.exe /X{2012098D-EEE9-4769-8DD3-B038050854D4}
Microsoft Silverlight 4 SDK-->MsiExec.exe /X{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 (64-bit)-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\SetupARP.exe"
Microsoft SQL Server 2008 (64-bit)-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\SetupARP.exe"
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{5340A3B5-3853-4745-BED2-DD9FF5371331}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{FA7394B8-CE65-4F9E-AC99-F372AD365424}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{FBD367D1-642F-47CF-B79B-9BE48FB34007}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{DF167CE3-60E7-44EA-99EC-2507C51F37AE}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}
Microsoft SQL Server 2008 R2 Management Objects-->MsiExec.exe /I{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}
Microsoft SQL Server 2008 Setup Support Files -->MsiExec.exe /X{6292D514-17A4-403F-98F9-E150F10C043D}
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server Compact 3.5 SP2 x64 ENU-->MsiExec.exe /I{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}
Microsoft SQL Server System CLR Types-->MsiExec.exe /I{877B76B2-F83F-4F5A-B28D-3F398641ADB6}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{0826F9E4-787E-481D-83E0-BC6A57B056D5}
Microsoft Visual Basic 2010 Express - ENU-->C:\Program Files (x86)\Microsoft Visual Studio 10.0\Microsoft Visual Basic 2010 Express - ENU\setup.exe
Microsoft Visual Basic 2010 Express - ENU-->MsiExec.exe /X{ED784556-66AA-3F17-9B58-7246ACB5C7E4}
Microsoft Visual C# 2010 Express - ENU-->C:\Program Files (x86)\Microsoft Visual Studio 10.0\Microsoft Visual C# 2010 Express - ENU\setup.exe
Microsoft Visual C# 2010 Express - ENU-->MsiExec.exe /X{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219-->MsiExec.exe /X{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219-->MsiExec.exe /X{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}
Microsoft Visual C++ 2010 Express - ENU-->C:\Program Files (x86)\Microsoft Visual Studio 10.0\Microsoft Visual C++ 2010 Express - ENU\setup.exe
Microsoft Visual C++ 2010 Express - ENU-->MsiExec.exe /X{46F8CF66-AB83-38A7-99B2-A5BE507EE472}
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools-->MsiExec.exe /X{14DD7530-CCD2-3798-B37D-3839ED6A441C}
Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU-->MsiExec.exe /X{786D445C-F3D7-35D2-81AA-60DB61F9F552}
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU-->MsiExec.exe /X{BCA26999-EC22-3007-BB79-638913079C9A}
Microsoft Visual Studio 2010 Service Pack 1-->C:\ProgramData\VS\vs10sp1\SetupCache\Setup.exe
Microsoft Visual Studio 2010 Service Pack 1-->MsiExec.exe /X{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)-->c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)-->MsiExec.exe /X{11538652-E5E4-37F1-86D7-418871E45292}
Microsoft XNA Framework Redistributable 4.0 Refresh-->MsiExec.exe /I{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)-->MsiExec.exe /I{01C79EF3-DE84-4B56-B638-8BEA0D507506}
Microsoft XNA Game Studio 4.0 Refresh (ARP entry)-->MsiExec.exe /I{EE3A5B79-C147-4BD9-952A-E894298C2ACA}
Microsoft XNA Game Studio 4.0 Refresh (Redists)-->MsiExec.exe /I{6A7387C0-B74F-47D0-A217-B384E55FE0C9}
Microsoft XNA Game Studio 4.0 Refresh (Shared Components)-->MsiExec.exe /I{A240191E-4302-435E-86FC-A5717EF0CF38}
Microsoft XNA Game Studio 4.0 Refresh (Visual Studio)-->MsiExec.exe /I{05CDC06E-4C55-4EAE-9401-8EF62F60CB69}
Microsoft XNA Game Studio 4.0 Refresh-->C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Setup\Bootstrapper.exe en-US
Microsoft XNA Game Studio Platform Tools-->MsiExec.exe /I{89690B51-2E21-4E93-914E-F9CAC5B24A84}
Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}
Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Motorola Driver Installation 4.5.0-->MsiExec.exe /I{9E61C67F-DFEC-466D-9478-56F3E36D1F31}
Motorola Phone Tools-->C:\Program Files (x86)\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox 7.0.1 (x86 cs)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (7.0.1)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT Redists-->MsiExec.exe /I{7F801000-A1D5-11E0-9092-0013D3D69929}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mumble 1.2.3-->MsiExec.exe /I{62C68336-B969-4097-B0BD-A3A0FBFD59C1}
MySQL Server 5.5-->MsiExec.exe /I{277D0D5F-7086-4D20-BE4C-5202DC887112}
Nero 10 Menu TemplatePack Basic-->MsiExec.exe /X{63AA3EAB-23BB-48B2-9AD0-44F878075604}
Nero 10 Movie ThemePack Basic-->MsiExec.exe /X{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}
Nero Burning ROM 10-->MsiExec.exe /X{7A5D731D-B4B3-490E-B339-75685712BAAB}
Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38}
Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
Nero CoverDesigner 10-->MsiExec.exe /X{FCF00A6E-FB58-477A-ABE9-232907105521}
Nero Dolby Files 10-->MsiExec.exe /X{C3580AC4-C827-4332-B935-9A282ED5BB97}
Nero Express 10-->MsiExec.exe /X{70550193-1C22-445C-8FA4-564E155DB1A7}
Nero Multimedia Suite 10-->MsiExec.exe /I{277C1559-4CF7-44FF-8D07-98AA9C13AABD}
Nero Recode 10-->MsiExec.exe /X{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}
Nero RescueAgent 10-->MsiExec.exe /X{E337E787-CF61-4B7B-B84F-509202A54023}
Nero SoundTrax 10-->MsiExec.exe /X{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}
Nero StartSmart 10-->MsiExec.exe /X{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}
Nero Vision 10-->MsiExec.exe /X{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}
Nero WaveEditor 10-->MsiExec.exe /X{EDCDFAD5-DF80-4600-A493-E9DAD6810230}
Noise Reduction Plug-in 2.0i-->MsiExec.exe /X{520A8627-E1B7-4808-8F04-03A013CBBD10}
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
NVIDIA Ovladače grafiky 280.26-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
NVIDIA Systémový software PhysX 9.10.0514-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX
Odinstalace tiskárny EPSON SX210 Series-->C:\Windows\system32\spool\DRIVERS\x64\3\E_IINSFDE.EXE /R /APD /P:"EPSON SX210 Series"
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Pidgin-->C:\Program Files (x86)\Pidgin\pidgin-uninst.exe
PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Sandboxie 3.58 (64-bit)-->"C:\Windows\Installer\SandboxieInstall64.exe" /remove
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft Excel 2010 (KB2553070)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{D40ED475-5079-46A1-A80E-986E5F101921}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{527AC538-7A51-40A5-89D7-5C1FEBBEA4C3}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{C4BF81CC-3786-4CE4-9D9F-DD393678B9EC}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2584066)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{C4E07687-87FD-4539-BF06-66FD994E05B6}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2584066)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{C4E07687-87FD-4539-BF06-66FD994E05B6}" "1029" "0"
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{97C3086D-D78B-43ED-9E13-1ED4704298FB}" "1029" "0"
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{97C3086D-D78B-43ED-9E13-1ED4704298FB}" "1029" "0"
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2546951\ServicePack\setup.exe" /Action=RemovePatch /AllInstances
Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
Sound Forge Pro 10.0-->MsiExec.exe /X{B8A817D7-AE0F-42BA-AEB9-B5F1F3EFB7AF}
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}
TeamViewer 6-->C:\Program Files (x86)\TeamViewer\Version6\uninstall.exe
tools-freebsd-->MsiExec.exe /X{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}
tools-linux-->MsiExec.exe /X{D102611A-6466-4101-A51D-51069303AC65}
tools-netware-->MsiExec.exe /X{197597A7-AD33-4898-9D8E-73066818B464}
tools-solaris-->MsiExec.exe /X{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}
tools-windows-->MsiExec.exe /X{FFD9383C-01D5-4897-A954-43AF599AED30}
tools-winPre2k-->MsiExec.exe /X{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}
Trapcode Particular-->"C:\Program Files (x86)\InstallShield Installation Information\{E489BCB7-D57D-4751-AAB6-589AF66E2F7F}\setup.exe" -runfromtemp -l0x0409 -removeonly
Trapcode Particular-->MsiExec.exe /I{E489BCB7-D57D-4751-AAB6-589AF66E2F7F}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{428CB7A0-1068-4CE1-8835-39C7ECD297ED}" "1029" "0"
Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{57CEB66B-DD29-4883-92A2-671331657B52}" "1029" "0"
Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{E636FE63-842B-4F4B-9884-DA189ACC0B91}" "1029" "0"
Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0405-1000-0000000FF1CE}" "{E636FE63-842B-4F4B-9884-DA189ACC0B91}" "1029" "0"
Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{A6C194EA-C6CB-4314-9E43-AD1F4A1E9D74}" "1029" "0"
Update for Microsoft Outlook Social Connector (KB2583935)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{1FD215F3-AB16-4BC8-89A7-32457D45DE6D}" "1029" "0"
Update for Microsoft Outlook Social Connector (KB2583935)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-1000-0000000FF1CE}" "{E3C039D0-EC78-41E0-A08E-10A84A7CB297}" "1029" "0"
Vegas Pro 10.0 (64-bit)-->MsiExec.exe /X{7A92C561-A1D5-11E0-92E1-0013D3D69929}
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /X{112C23F2-C036-4D40-BED4-0CB47BF5555C}
VmciSockets-->MsiExec.exe /I{528E2373-AE49-4802-B4A8-326BBFDAD6A0}
VMware Workstation-->C:\ProgramData\VMware\VMware Workstation\Uninstaller\uninstall.exe -x -S "C:\ProgramData\VMware\VMware Workstation\Uninstaller\"
VMware Workstation-->MsiExec.exe /I{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}
WCF Data Services SDK for Windows Phone-->MsiExec.exe /X{6F33C2E2-5E02-4344-90BC-ED55C48341D2}
Windows 7 USB/DVD Download Tool-->MsiExec.exe /X{CCF298AF-9CE1-4B26-B251-486E98A34789}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{9B48B0AC-C813-4174-9042-476A887592C7}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile Device Updater Component-->MsiExec.exe /X{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}
Windows Phone Emulator x64 - ENU-->MsiExec.exe /X{C9AEABC2-1DD6-3280-9A1A-11E1E8D34AAD}
Windows Phone SDK 7.1 - ENU-->C:\Program Files (x86)\Microsoft Visual Studio 10.0\Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU\setup.exe
Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - ENU-->MsiExec.exe /X{A721BC43-E63E-3531-B1BF-6A405F9530BD}
Windows Phone SDK 7.1 Assemblies-->MsiExec.exe /X{9E2F2BAC-A9FD-35BC-B8E0-253FEBED0F9B}
Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0-->MsiExec.exe /I{A4CC18F6-DB05-4B03-B724-4128322FA85F}
WinRAR 4.01 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
WPF Toolkit February 2010 (Version 3.5.50211.1)-->MsiExec.exe /X{5EE6E987-1B79-4A93-832B-27472C7D1579}
Zend Server Community Edition-->"C:\Program Files (x86)\InstallShield Installation Information\{7787151A-776E-4D6A-9C76-0686E4AE03DF}\setup.exe" -runfromtemp -l0x0409 -removeonly
Zend Server Community Edition-->MsiExec.exe /I{7787151A-776E-4D6A-9C76-0686E4AE03DF}
Zoner Photo Studio 13-->"C:\Program Files\Zoner\Photo Studio 13\unins000.exe" /SILENT
Zune Language Pack (CSY)-->MsiExec.exe /X{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}
Zune Language Pack (DAN)-->MsiExec.exe /X{8B112338-2B08-4851-AF84-E7CAD74CEB32}
Zune Language Pack (DEU)-->MsiExec.exe /X{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}
Zune Language Pack (ELL)-->MsiExec.exe /X{3589A659-F732-4E65-A89A-5438C332E59D}
Zune Language Pack (ESP)-->MsiExec.exe /X{6B33492E-FBBC-4EC3-8738-09E16E395A10}
Zune Language Pack (FIN)-->MsiExec.exe /X{B4870774-5F3A-46D9-9DFE-06FB5599E26B}
Zune Language Pack (FRA)-->MsiExec.exe /X{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}
Zune Language Pack (HUN)-->MsiExec.exe /X{C6BE19C6-B102-4038-B2A6-1C313872DBB4}
Zune Language Pack (CHS)-->MsiExec.exe /X{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}
Zune Language Pack (CHT)-->MsiExec.exe /X{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}
Zune Language Pack (IND)-->MsiExec.exe /X{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}
Zune Language Pack (ITA)-->MsiExec.exe /X{C5D37FFA-7483-410B-982B-91E93FD3B7DA}
Zune Language Pack (JPN)-->MsiExec.exe /X{D8A781C9-3892-4E2E-9320-480CF896CFBB}
Zune Language Pack (KOR)-->MsiExec.exe /X{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}
Zune Language Pack (MSL)-->MsiExec.exe /X{76BA306B-2AA0-47C0-AB6B-F313AB56C136}
Zune Language Pack (NLD)-->MsiExec.exe /X{6740BCB0-5863-47F4-80F4-44F394DE4FE2}
Zune Language Pack (NOR)-->MsiExec.exe /X{5DEFD397-4012-46C3-B6DA-E8013E660772}
Zune Language Pack (PLK)-->MsiExec.exe /X{8960A0A1-BB5A-479E-92CF-65AB9D684B43}
Zune Language Pack (PTB)-->MsiExec.exe /X{07EEE598-5F21-4B57-B40B-46592625B3D9}
Zune Language Pack (PTG)-->MsiExec.exe /X{5C93E291-A1CC-4E51-85C6-E194209FCDB4}
Zune Language Pack (RUS)-->MsiExec.exe /X{57C51D56-B287-4C11-9192-EC3C46EF76A4}
Zune Language Pack (SVE)-->MsiExec.exe /X{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}
Zune-->C:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}

======System event log======

Computer Name: tHx-PC
Event Code: 7036
Message: Stav služby Microsoft .NET Framework NGEN v4.0.30319_X86 byl změněn na: Zastaveno
Record Number: 2340
Source Name: Service Control Manager
Time Written: 20110828084654.193017-000
Event Type: Informace
User:

Computer Name: tHx-PC
Event Code: 19
Message: Instalace dokončena: Instalování následující aktualizace bylo dokončeno úspěšně. Aktualizace pro rozhraní Microsoft .NET Framework 4 v systémech Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 a Windows Server 2008 R2 platformy x64 (KB2468871)
Record Number: 2339
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20110828084629.326574-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: tHx-PC
Event Code: 7036
Message: Stav služby Microsoft .NET Framework NGEN v4.0.30319_X86 byl změněn na: Spuštěno
Record Number: 2338
Source Name: Service Control Manager
Time Written: 20110828084515.944046-000
Event Type: Informace
User:

Computer Name: tHx-PC
Event Code: 7036
Message: Stav služby Stínová kopie svazku byl změněn na: Zastaveno
Record Number: 2337
Source Name: Service Control Manager
Time Written: 20110828084440.968785-000
Event Type: Informace
User:

Computer Name: tHx-PC
Event Code: 7036
Message: Stav služby Instalační služba modulů systému Windows byl změněn na: Zastaveno
Record Number: 2336
Source Name: Service Control Manager
Time Written: 20110828084424.869557-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 412
Message: Catalog Database (312) Catalog Database: Ze záhlaví souboru protokolu C:\Windows\system32\CatRoot2\edb.log nelze číst. Chyba -546
Record Number: 5
Source Name: ESENT
Time Written: 20110827205913.000000-000
Event Type: Chyba
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20110827205908.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20110827205904.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 2
Source Name: Microsoft-Windows-EventSystem
Time Written: 20110827205900.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110827205900.356088-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110827205837.455248-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110827205837.455248-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x31f39
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110827205836.753247-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110827205834.990444-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110827205834.865644-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn;c:\Program Files\Microsoft SQL Server\100\Tools\Binn;c:\Program Files\Microsoft SQL Server\100\DTS\Binn;C:\Program Files (x86)\Zend\ZendServer\bin;C:\Program Files (x86)\Zend\ZendServer\share\ZendFramework\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"VS100COMNTOOLS"=C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools\
"XNAGSShared"=C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\
"XNAGSv4"=C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

tHx · #13 Příspěvek od **tHx** » 08 lis 2011 14:40

RSIT log

Logfile of random's system information tool 1.09 (written by random/random)
Run by tHx at 2011-11-08 14:30:41
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 1352 GB (94%) free of 1431 GB
Total RAM: 5117 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:30:46, on 8.11.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\trend micro\tHx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Global Startup: Zend Controller.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7291 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
ctfmon.exe
"c:\PROGRA~1\MICROS~2\msseces.exe"
b.exe
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\tHx\AppData\Roaming\Mozilla\Firefox\Profiles\fgat0uxe.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\tHx\AppData\Roaming\Mozilla\Firefox\Profiles\fgat0uxe.default\extensions\
support@lastpass.com
{0b457cAA-602d-484a-8fe7-c1d894a011ba}
{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-08-09 12666984]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-11-05 2345848]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2011-08-05 163552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2011-08-27 638736]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"vmware-tray"=C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [2011-08-22 103536]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Zend Controller.lnk - C:\Program Files (x86)\Zend\ZendServer\bin\zendcontroller.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-08-28 249344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open -
.scr - install -
.scr - config -
.cpl - cplopen -

======List of files/folders created in the last 1 month======

2011-11-08 14:30:41 ----D---- C:\rsit
2011-11-08 14:30:41 ----D---- C:\Program Files\trend micro
2011-11-08 14:29:52 ----A---- C:\a.bat
2011-11-08 14:26:49 ----D---- C:\Windows\temp
2011-11-08 14:26:47 ----A---- C:\ComboFix.txt
2011-11-08 14:13:21 ----A---- C:\Windows\zip.exe
2011-11-08 14:13:21 ----A---- C:\Windows\SWSC.exe
2011-11-08 14:13:21 ----A---- C:\Windows\SWREG.exe
2011-11-08 14:13:21 ----A---- C:\Windows\sed.exe
2011-11-08 14:13:21 ----A---- C:\Windows\PEV.exe
2011-11-08 14:13:21 ----A---- C:\Windows\NIRCMD.exe
2011-11-08 14:13:21 ----A---- C:\Windows\MBR.exe
2011-11-08 14:13:21 ----A---- C:\Windows\grep.exe
2011-11-08 14:12:21 ----D---- C:\Windows\ERDNT
2011-11-08 09:29:17 ----D---- C:\Qoobox
2011-11-07 23:18:00 ----A---- C:\Windows\ntbtlog.txt
2011-11-06 12:37:48 ----D---- C:\Users\tHx\AppData\Roaming\EPSON
2011-10-29 13:12:13 ----D---- C:\Program Files (x86)\WPF Toolkit
2011-10-29 13:07:01 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-10-29 13:07:01 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-10-29 13:07:01 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-10-29 13:07:01 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-10-29 13:04:20 ----D---- C:\Windows\SYSWOW64\xlive
2011-10-29 13:04:18 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-10-29 13:03:48 ----D---- C:\Program Files (x86)\Microsoft XNA
2011-10-29 12:55:16 ----D---- C:\Program Files (x86)\Microsoft XDE
2011-10-29 12:54:58 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2011-10-29 12:54:58 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-10-26 22:40:40 ----D---- C:\ProgramData\VS
2011-10-26 22:30:56 ----A---- C:\Windows\SYSWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2011-10-26 22:30:56 ----A---- C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2011-10-26 22:28:08 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2011-10-26 22:24:21 ----D---- C:\Program Files\Microsoft.NET
2011-10-26 21:38:10 ----A---- C:\Windows\system32\shell32.dll
2011-10-26 21:38:09 ----A---- C:\Windows\SYSWOW64\shell32.dll
2011-10-24 20:42:09 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-10-24 20:42:09 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-10-24 20:42:09 ----A---- C:\Windows\SYSWOW64\java.exe
2011-10-23 19:46:00 ----D---- C:\QUO_VADIS
2011-10-19 18:31:11 ----A---- C:\Windows\SYSWOW64\x264vfw.dll
2011-10-19 18:31:11 ----A---- C:\Windows\SYSWOW64\vp7vfw.dll
2011-10-19 18:31:11 ----A---- C:\Windows\SYSWOW64\lagarith.dll
2011-10-19 18:31:11 ----A---- C:\Windows\SYSWOW64\huffyuv.dll
2011-10-19 18:31:11 ----A---- C:\Windows\SYSWOW64\DivXc32f.dll
2011-10-19 18:31:11 ----A---- C:\Windows\SYSWOW64\DivXc32.dll
2011-10-19 18:31:10 ----A---- C:\Windows\SYSWOW64\xvidvfw.dll
2011-10-19 18:31:10 ----A---- C:\Windows\SYSWOW64\xvidcore.dll
2011-10-19 18:31:10 ----A---- C:\Windows\SYSWOW64\ff_vfw.dll
2011-10-19 18:31:07 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2011-10-17 20:38:10 ----D---- C:\Program Files\Microsoft Mathematics
2011-10-13 20:47:51 ----D---- C:\Program Files\Zune
2011-10-12 19:11:41 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-10-12 19:11:41 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-12 19:11:40 ----A---- C:\Windows\system32\iertutil.dll
2011-10-12 19:11:39 ----A---- C:\Windows\SYSWOW64\url.dll
2011-10-12 19:11:39 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-10-12 19:11:39 ----A---- C:\Windows\system32\url.dll
2011-10-12 19:11:38 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-10-12 19:11:38 ----A---- C:\Windows\system32\urlmon.dll
2011-10-12 19:11:38 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-12 19:11:37 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-10-12 19:11:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-10-12 19:11:37 ----A---- C:\Windows\system32\wininet.dll
2011-10-12 19:11:36 ----A---- C:\Windows\system32\jscript9.dll
2011-10-12 19:11:36 ----A---- C:\Windows\system32\ieui.dll
2011-10-12 19:11:35 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-10-12 19:11:35 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-10-12 19:11:35 ----A---- C:\Windows\system32\jscript.dll
2011-10-12 19:11:34 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-10-12 19:11:33 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-10-12 19:11:32 ----A---- C:\Windows\system32\mshtml.dll
2011-10-12 19:11:30 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-10-12 19:11:29 ----A---- C:\Windows\system32\ieframe.dll
2011-10-12 18:56:31 ----A---- C:\Windows\system32\win32k.sys
2011-10-12 18:56:29 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-12 18:56:29 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-12 18:56:12 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-12 18:56:12 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-12 18:56:12 ----A---- C:\Windows\system32\oleacc.dll
2011-10-12 18:56:11 ----A---- C:\Windows\system32\oleaut32.dll

======List of files/folders modified in the last 1 month======

2011-11-08 14:30:41 ----RD---- C:\Program Files
2011-11-08 14:26:49 ----D---- C:\Windows\system32\drivers
2011-11-08 14:26:49 ----D---- C:\Windows
2011-11-08 14:24:39 ----A---- C:\Windows\system.ini
2011-11-08 14:24:34 ----D---- C:\Windows\system32\drivers\etc
2011-11-08 14:21:26 ----D---- C:\Windows\SYSWOW64\drivers
2011-11-08 14:21:26 ----D---- C:\Windows\SysWOW64
2011-11-08 14:21:26 ----D---- C:\Windows\System32
2011-11-08 14:21:26 ----D---- C:\Windows\AppPatch
2011-11-08 14:21:24 ----D---- C:\Program Files\Common Files
2011-11-08 14:21:24 ----D---- C:\Program Files (x86)\Common Files
2011-11-08 14:11:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-11-08 14:11:12 ----D---- C:\Windows\inf
2011-11-08 09:24:00 ----D---- C:\Windows\system32\config
2011-11-07 23:26:55 ----D---- C:\Windows\Prefetch
2011-11-07 23:26:18 ----D---- C:\ProgramData\VMware
2011-11-07 22:23:39 ----D---- C:\Users\tHx\AppData\Roaming\VMware
2011-11-07 22:22:09 ----D---- C:\Users\tHx\AppData\Roaming\.purple
2011-11-07 22:15:49 ----D---- C:\Windows\system32\FxsTmp
2011-11-06 22:09:59 ----SD---- C:\Users\tHx\AppData\Roaming\Microsoft
2011-11-06 10:53:53 ----SHD---- C:\System Volume Information
2011-11-05 21:38:54 ----D---- C:\Users\tHx\AppData\Roaming\FileZilla
2011-11-05 15:10:31 ----D---- C:\Program Files (x86)\JDownloader
2011-11-04 23:41:16 ----D---- C:\Users\tHx\AppData\Roaming\Skype
2011-11-04 21:20:11 ----SHD---- C:\Windows\Installer
2011-11-04 21:20:10 ----D---- C:\Windows\system32\Tasks
2011-11-04 21:20:09 ----RD---- C:\Program Files (x86)\Skype
2011-11-03 17:33:48 ----D---- C:\Users\tHx\AppData\Roaming\gtk-2.0
2011-11-02 22:49:35 ----A---- C:\Windows\Sandboxie.ini
2011-10-30 00:48:27 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-10-29 20:41:04 ----D---- C:\mkvtoolnix
2011-10-29 13:25:29 ----D---- C:\Windows\Microsoft.NET
2011-10-29 13:25:04 ----RSD---- C:\Windows\assembly
2011-10-29 13:12:25 ----RSD---- C:\Windows\Fonts
2011-10-29 13:12:18 ----D---- C:\Program Files (x86)\Microsoft Expression
2011-10-29 13:12:13 ----RD---- C:\Program Files (x86)
2011-10-29 13:11:23 ----D---- C:\Program Files (x86)\Microsoft SDKs
2011-10-29 13:04:45 ----D---- C:\Windows\system32\catroot2
2011-10-29 13:02:32 ----SD---- C:\ProgramData\Microsoft
2011-10-29 13:01:31 ----D---- C:\Program Files (x86)\MSBuild
2011-10-29 13:01:19 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2011-10-29 12:57:06 ----D---- C:\Windows\winsxs
2011-10-28 15:02:48 ----D---- C:\Users\tHx\AppData\Roaming\Adobe
2011-10-26 22:40:40 ----D---- C:\ProgramData
2011-10-26 22:24:21 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-10-26 22:20:33 ----D---- C:\Program Files\Microsoft SQL Server
2011-10-26 22:20:33 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2011-10-26 21:37:16 ----D---- C:\Windows\system32\catroot
2011-10-25 20:01:36 ----D---- C:\Users\tHx\AppData\Roaming\BitTorrent
2011-10-24 20:42:06 ----D---- C:\Program Files (x86)\Java
2011-10-22 19:33:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-10-18 18:59:33 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2011-10-13 20:52:07 ----D---- C:\Windows\system32\drivers\UMDF
2011-10-13 20:49:19 ----D---- C:\Windows\system32\DriverStore
2011-10-13 07:43:55 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-10-12 23:59:40 ----D---- C:\Program Files (x86)\Internet Explorer
2011-10-12 23:59:38 ----D---- C:\Windows\SYSWOW64\migration
2011-10-12 23:59:38 ----D---- C:\Program Files\Internet Explorer
2011-10-12 23:59:36 ----D---- C:\Windows\system32\migration
2011-10-12 23:59:31 ----D---- C:\Windows\ehome
2011-10-12 19:19:23 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-01 535656]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2011-08-22 32880]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2011-08-22 20080]
S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
S1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2011-07-19 295272]
S2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2011-08-21 39024]
S2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2011-08-22 45680]
S2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2011-08-22 30320]
S2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2011-08-22 62064]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared); C:\Windows\SysWOW64\drivers\vstor2-mntapi10-shared.sys [2011-07-08 33392]
S3 catchme;catchme; \??\C:\c\catchme.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-12 3053160]
S3 IT9135BDA;IT9135 BDA Devices; C:\Windows\System32\Drivers\IT9135BDA.sys [2010-02-03 113280]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2009-10-27 30208]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2011-08-27 156288]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S4 RsFx0105;RsFx0105 Driver; C:\Windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2011-09-22 58345832]
S2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.5\my.ini MySQL []
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-08-03 980072]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2011-08-27 94992]
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2011-09-22 154984]
S2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [2011-08-22 79872]
S2 VMnetDHCP;VMware DHCP Service; C:\Windows\syswow64\vmnetdhcp.exe [2011-08-22 354416]
S2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-21 846448]
S2 VMware NAT Service;VMware NAT Service; C:\Windows\syswow64\vmnat.exe [2011-08-22 432752]
S2 VMwareHostd;VMware Workstation Server; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
S2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 306400]
S3 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2011-08-05 8277728]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\Program Files\Zune\ZuneWlanCfgSvc.exe [2011-08-05 467680]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2011-09-22 255336]

-----------------EOF-----------------

#14 Příspěvek od **cernohous13** » 08 lis 2011 16:08

Stáhni "System Look" - http://jpshortstuff.247fixes.com/SystemLook.exe
Spusť jej a do okna zkopíruj

Kód: Vybrat vše

:filefind
b.exe

Klik na "Look" a po scanu sem zkopíruj výsledek hledání

Stáhni TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe . Pak použij tento návod od kolegy:

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

tHx · #15 Příspěvek od **tHx** » 08 lis 2011 16:30

Jen bych ještě dovysvětlil nějaké detaily - AV jsem vypnul (i když to hlásilo, že je stále zaplý) - ochranu v reálném čase i v msconfig. Sám AV hlásil, že je vypnutý a že bych ho měl zapnout.
Soubor a.bat byl script na spuštění okna cmd, b.exe byl RSIT a c.exe byl ComboFix. CashCounter.exe je mnou vytvořená aplikace a ta s napadením systému vážně neměla nic společného

Co se týče spouštění, tak stále systém běží od rána bez restartu a nyní jdou aplikace spouštět. Možná to nějak ComboFix (něbo něco jiného?) opravil.

--------------------------------
system look

SystemLook 30.07.11 by jpshortstuff
Log created at 16:24 on 08/11/2011 by tHx
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "b.exe"
C:\Users\tHx\Desktop\b.exe --a---- 935175 bytes [08:23 08/11/2011] [08:24 08/11/2011] 662C39FC1E27131551D557862CEC47F0

-= EOF =-
--------------------------------

TDS
16:24:55.0038 1368 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
16:24:55.0397 1368 ============================================================
16:24:55.0397 1368 Current date / time: 2011/11/08 16:24:55.0397
16:24:55.0397 1368 SystemInfo:
16:24:55.0397 1368
16:24:55.0397 1368 OS Version: 6.1.7601 ServicePack: 1.0
16:24:55.0397 1368 Product type: Workstation
16:24:55.0397 1368 ComputerName: THX-PC
16:24:55.0397 1368 UserName: tHx
16:24:55.0397 1368 Windows directory: C:\Windows
16:24:55.0397 1368 System windows directory: C:\Windows
16:24:55.0397 1368 Running under WOW64
16:24:55.0397 1368 Processor architecture: Intel x64
16:24:55.0397 1368 Number of processors: 2
16:24:55.0397 1368 Page size: 0x1000
16:24:55.0397 1368 Boot type: Safe boot with network
16:24:55.0397 1368 ============================================================
16:24:56.0551 1368 Initialize success
16:25:30.0559 1188 ============================================================
16:25:30.0559 1188 Scan started
16:25:30.0559 1188 Mode: Manual;
16:25:30.0559 1188 ============================================================
16:25:31.0105 1188 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:25:31.0105 1188 1394ohci - ok
16:25:31.0136 1188 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:25:31.0136 1188 ACPI - ok
16:25:31.0152 1188 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:25:31.0152 1188 AcpiPmi - ok
16:25:31.0214 1188 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:25:31.0214 1188 adp94xx - ok
16:25:31.0230 1188 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:25:31.0230 1188 adpahci - ok
16:25:31.0245 1188 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:25:31.0245 1188 adpu320 - ok
16:25:31.0292 1188 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:25:31.0292 1188 AFD - ok
16:25:31.0308 1188 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:25:31.0308 1188 agp440 - ok
16:25:31.0339 1188 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:25:31.0339 1188 aliide - ok
16:25:31.0355 1188 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:25:31.0355 1188 amdide - ok
16:25:31.0386 1188 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:25:31.0386 1188 AmdK8 - ok
16:25:31.0401 1188 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:25:31.0401 1188 AmdPPM - ok
16:25:31.0433 1188 amdsata (12a5062c06e03ff70db47800f91c7a13) C:\Windows\system32\DRIVERS\amdsata.sys
16:25:31.0433 1188 amdsata - ok
16:25:31.0464 1188 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:25:31.0464 1188 amdsbs - ok
16:25:31.0479 1188 amdxata (8a7f289b45ceacac761e14d5fac59eb9) C:\Windows\system32\drivers\amdxata.sys
16:25:31.0479 1188 amdxata - ok
16:25:31.0589 1188 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:25:31.0589 1188 AppID - ok
16:25:31.0620 1188 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:25:31.0620 1188 arc - ok
16:25:31.0620 1188 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:25:31.0635 1188 arcsas - ok
16:25:31.0667 1188 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:25:31.0667 1188 AsyncMac - ok
16:25:31.0682 1188 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:25:31.0682 1188 atapi - ok
16:25:31.0729 1188 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
16:25:31.0729 1188 AtiPcie - ok
16:25:31.0791 1188 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:25:31.0791 1188 b06bdrv - ok
16:25:31.0807 1188 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:25:31.0807 1188 b57nd60a - ok
16:25:31.0854 1188 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:25:31.0854 1188 Beep - ok
16:25:31.0901 1188 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:25:31.0901 1188 blbdrive - ok
16:25:31.0932 1188 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:25:31.0932 1188 bowser - ok
16:25:31.0947 1188 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:25:31.0947 1188 BrFiltLo - ok
16:25:31.0963 1188 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:25:31.0963 1188 BrFiltUp - ok
16:25:31.0979 1188 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:25:31.0979 1188 Brserid - ok
16:25:31.0979 1188 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:25:31.0979 1188 BrSerWdm - ok
16:25:31.0994 1188 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:25:31.0994 1188 BrUsbMdm - ok
16:25:32.0010 1188 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:25:32.0010 1188 BrUsbSer - ok
16:25:32.0010 1188 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:25:32.0010 1188 BTHMODEM - ok
16:25:32.0041 1188 catchme - ok
16:25:32.0072 1188 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:25:32.0072 1188 cdfs - ok
16:25:32.0088 1188 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:25:32.0088 1188 cdrom - ok
16:25:32.0088 1188 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:25:32.0103 1188 circlass - ok
16:25:32.0135 1188 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:25:32.0135 1188 CLFS - ok
16:25:32.0166 1188 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:25:32.0166 1188 CmBatt - ok
16:25:32.0181 1188 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:25:32.0181 1188 cmdide - ok
16:25:32.0213 1188 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:25:32.0213 1188 CNG - ok
16:25:32.0244 1188 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:25:32.0244 1188 Compbatt - ok
16:25:32.0259 1188 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:25:32.0259 1188 CompositeBus - ok
16:25:32.0275 1188 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:25:32.0275 1188 crcdisk - ok
16:25:32.0322 1188 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:25:32.0322 1188 CSC - ok
16:25:32.0369 1188 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:25:32.0369 1188 DfsC - ok
16:25:32.0384 1188 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:25:32.0384 1188 discache - ok
16:25:32.0400 1188 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:25:32.0415 1188 Disk - ok
16:25:32.0462 1188 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:25:32.0462 1188 drmkaud - ok
16:25:32.0493 1188 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:25:32.0493 1188 DXGKrnl - ok
16:25:32.0571 1188 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:25:32.0587 1188 ebdrv - ok
16:25:32.0634 1188 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:25:32.0634 1188 elxstor - ok
16:25:32.0649 1188 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:25:32.0665 1188 ErrDev - ok
16:25:32.0681 1188 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:25:32.0681 1188 exfat - ok
16:25:32.0696 1188 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:25:32.0696 1188 fastfat - ok
16:25:32.0727 1188 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:25:32.0727 1188 fdc - ok
16:25:32.0743 1188 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:25:32.0743 1188 FileInfo - ok
16:25:32.0774 1188 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:25:32.0774 1188 Filetrace - ok
16:25:32.0790 1188 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:25:32.0790 1188 flpydisk - ok
16:25:32.0821 1188 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:25:32.0821 1188 FltMgr - ok
16:25:32.0852 1188 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:25:32.0852 1188 FsDepends - ok
16:25:32.0868 1188 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:25:32.0868 1188 Fs_Rec - ok
16:25:32.0899 1188 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:25:32.0899 1188 fvevol - ok
16:25:32.0915 1188 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:25:32.0915 1188 gagp30kx - ok
16:25:32.0961 1188 hcmon (5bf776abedea06b0779c82e9d54b58d7) C:\Windows\system32\drivers\hcmon.sys
16:25:32.0961 1188 hcmon - ok
16:25:32.0977 1188 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:25:32.0977 1188 hcw85cir - ok
16:25:33.0024 1188 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:25:33.0024 1188 HdAudAddService - ok
16:25:33.0039 1188 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:25:33.0039 1188 HDAudBus - ok
16:25:33.0055 1188 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:25:33.0055 1188 HidBatt - ok
16:25:33.0071 1188 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:25:33.0071 1188 HidBth - ok
16:25:33.0071 1188 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:25:33.0086 1188 HidIr - ok
16:25:33.0149 1188 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:25:33.0149 1188 HidUsb - ok
16:25:33.0180 1188 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:25:33.0180 1188 HpSAMD - ok
16:25:33.0242 1188 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:25:33.0242 1188 HTTP - ok
16:25:33.0273 1188 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:25:33.0273 1188 hwpolicy - ok
16:25:33.0289 1188 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:25:33.0289 1188 i8042prt - ok
16:25:33.0320 1188 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:25:33.0320 1188 iaStorV - ok
16:25:33.0351 1188 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:25:33.0351 1188 iirsp - ok
16:25:33.0429 1188 IntcAzAudAddService (4bbb5a55eeb5ec11b20fcbb4cbb49357) C:\Windows\system32\drivers\RTKVHD64.sys
16:25:33.0445 1188 IntcAzAudAddService - ok
16:25:33.0461 1188 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:25:33.0461 1188 intelide - ok
16:25:33.0507 1188 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:25:33.0507 1188 intelppm - ok
16:25:33.0523 1188 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:25:33.0523 1188 IpFilterDriver - ok
16:25:33.0554 1188 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:25:33.0554 1188 IPMIDRV - ok
16:25:33.0554 1188 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:25:33.0554 1188 IPNAT - ok
16:25:33.0585 1188 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:25:33.0585 1188 IRENUM - ok
16:25:33.0617 1188 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:25:33.0617 1188 isapnp - ok
16:25:33.0648 1188 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:25:33.0648 1188 iScsiPrt - ok
16:25:33.0695 1188 IT9135BDA (0c6635413077e415ca31ad2f4e648fc1) C:\Windows\system32\Drivers\IT9135BDA.sys
16:25:33.0695 1188 IT9135BDA - ok
16:25:33.0726 1188 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:25:33.0726 1188 kbdclass - ok
16:25:33.0741 1188 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:25:33.0741 1188 kbdhid - ok
16:25:33.0788 1188 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:25:33.0804 1188 KSecDD - ok
16:25:33.0819 1188 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:25:33.0819 1188 KSecPkg - ok
16:25:33.0851 1188 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:25:33.0851 1188 ksthunk - ok
16:25:33.0913 1188 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:25:33.0913 1188 lltdio - ok
16:25:33.0944 1188 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:25:33.0944 1188 LSI_FC - ok
16:25:33.0960 1188 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:25:33.0960 1188 LSI_SAS - ok
16:25:33.0975 1188 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:25:33.0975 1188 LSI_SAS2 - ok
16:25:34.0022 1188 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:25:34.0022 1188 LSI_SCSI - ok
16:25:34.0038 1188 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:25:34.0038 1188 luafv - ok
16:25:34.0053 1188 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:25:34.0053 1188 megasas - ok
16:25:34.0069 1188 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:25:34.0069 1188 MegaSR - ok
16:25:34.0100 1188 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:25:34.0100 1188 Modem - ok
16:25:34.0147 1188 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:25:34.0147 1188 monitor - ok
16:25:34.0194 1188 motmodem (e90aba3c6f01be2c456c4aa857b28646) C:\Windows\system32\DRIVERS\motmodem.sys
16:25:34.0194 1188 motmodem - ok
16:25:34.0209 1188 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:25:34.0209 1188 mouclass - ok
16:25:34.0225 1188 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:25:34.0225 1188 mouhid - ok
16:25:34.0256 1188 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:25:34.0256 1188 mountmgr - ok
16:25:34.0287 1188 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
16:25:34.0287 1188 MpFilter - ok
16:25:34.0303 1188 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:25:34.0303 1188 mpio - ok
16:25:34.0319 1188 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:25:34.0319 1188 MpNWMon - ok
16:25:34.0334 1188 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:25:34.0334 1188 mpsdrv - ok
16:25:34.0365 1188 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:25:34.0365 1188 MRxDAV - ok
16:25:34.0397 1188 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:25:34.0397 1188 mrxsmb - ok
16:25:34.0428 1188 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:25:34.0428 1188 mrxsmb10 - ok
16:25:34.0428 1188 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:25:34.0428 1188 mrxsmb20 - ok
16:25:34.0459 1188 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:25:34.0459 1188 msahci - ok
16:25:34.0475 1188 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:25:34.0475 1188 msdsm - ok
16:25:34.0490 1188 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:25:34.0490 1188 Msfs - ok
16:25:34.0506 1188 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:25:34.0506 1188 mshidkmdf - ok
16:25:34.0537 1188 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:25:34.0537 1188 msisadrv - ok
16:25:34.0553 1188 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:25:34.0553 1188 MSKSSRV - ok
16:25:34.0584 1188 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:25:34.0584 1188 MSPCLOCK - ok
16:25:34.0599 1188 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:25:34.0599 1188 MSPQM - ok
16:25:34.0662 1188 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:25:34.0662 1188 MsRPC - ok
16:25:34.0677 1188 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:25:34.0677 1188 mssmbios - ok
16:25:34.0724 1188 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:25:34.0724 1188 MSTEE - ok
16:25:34.0724 1188 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:25:34.0724 1188 MTConfig - ok
16:25:34.0771 1188 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:25:34.0771 1188 Mup - ok
16:25:34.0818 1188 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:25:34.0818 1188 NativeWifiP - ok
16:25:34.0865 1188 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:25:34.0865 1188 NDIS - ok
16:25:34.0896 1188 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:25:34.0896 1188 NdisCap - ok
16:25:34.0911 1188 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:25:34.0911 1188 NdisTapi - ok
16:25:34.0943 1188 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:25:34.0943 1188 Ndisuio - ok
16:25:34.0974 1188 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:25:34.0974 1188 NdisWan - ok
16:25:34.0989 1188 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:25:34.0989 1188 NDProxy - ok
16:25:35.0005 1188 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:25:35.0005 1188 NetBIOS - ok
16:25:35.0036 1188 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:25:35.0036 1188 NetBT - ok
16:25:35.0083 1188 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:25:35.0083 1188 nfrd960 - ok
16:25:35.0114 1188 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:25:35.0114 1188 NisDrv - ok
16:25:35.0130 1188 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:25:35.0145 1188 Npfs - ok
16:25:35.0145 1188 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:25:35.0145 1188 nsiproxy - ok
16:25:35.0192 1188 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:25:35.0208 1188 Ntfs - ok
16:25:35.0223 1188 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:25:35.0223 1188 Null - ok
16:25:35.0426 1188 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:25:35.0489 1188 nvlddmkm - ok
16:25:35.0535 1188 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:25:35.0551 1188 nvraid - ok
16:25:35.0567 1188 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:25:35.0567 1188 nvstor - ok
16:25:35.0613 1188 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:25:35.0613 1188 nv_agp - ok
16:25:35.0645 1188 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:25:35.0645 1188 ohci1394 - ok
16:25:35.0676 1188 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:25:35.0676 1188 Parport - ok
16:25:35.0707 1188 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:25:35.0707 1188 partmgr - ok
16:25:35.0723 1188 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:25:35.0723 1188 pci - ok
16:25:35.0738 1188 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:25:35.0738 1188 pciide - ok
16:25:35.0785 1188 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:25:35.0785 1188 pcmcia - ok
16:25:35.0816 1188 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:25:35.0816 1188 pcw - ok
16:25:35.0832 1188 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:25:35.0847 1188 PEAUTH - ok
16:25:35.0910 1188 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:25:35.0910 1188 PptpMiniport - ok
16:25:35.0941 1188 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:25:35.0941 1188 Processor - ok
16:25:35.0972 1188 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:25:35.0972 1188 Psched - ok
16:25:36.0019 1188 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:25:36.0019 1188 ql2300 - ok
16:25:36.0035 1188 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:25:36.0035 1188 ql40xx - ok
16:25:36.0050 1188 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:25:36.0050 1188 QWAVEdrv - ok
16:25:36.0066 1188 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:25:36.0066 1188 RasAcd - ok
16:25:36.0097 1188 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:25:36.0097 1188 RasAgileVpn - ok
16:25:36.0128 1188 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:25:36.0128 1188 Rasl2tp - ok
16:25:36.0144 1188 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:25:36.0159 1188 RasPppoe - ok
16:25:36.0175 1188 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:25:36.0175 1188 RasSstp - ok
16:25:36.0206 1188 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:25:36.0206 1188 rdbss - ok
16:25:36.0222 1188 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:25:36.0222 1188 rdpbus - ok
16:25:36.0237 1188 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:25:36.0237 1188 RDPCDD - ok
16:25:36.0269 1188 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:25:36.0269 1188 RDPDR - ok
16:25:36.0300 1188 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:25:36.0300 1188 RDPENCDD - ok
16:25:36.0315 1188 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:25:36.0315 1188 RDPREFMP - ok
16:25:36.0362 1188 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:25:36.0362 1188 RdpVideoMiniport - ok
16:25:36.0378 1188 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:25:36.0378 1188 RDPWD - ok
16:25:36.0409 1188 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:25:36.0425 1188 rdyboost - ok
16:25:36.0503 1188 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys
16:25:36.0503 1188 RsFx0105 - ok
16:25:36.0518 1188 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:25:36.0518 1188 rspndr - ok
16:25:36.0565 1188 RTL8167 (0039de6a0a1293889a3f21ecc473263d) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:25:36.0565 1188 RTL8167 - ok
16:25:36.0596 1188 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:25:36.0596 1188 s3cap - ok
16:25:36.0690 1188 SbieDrv (742112ce7abb11dc17a561b4291be9c6) C:\Program Files\Sandboxie\SbieDrv.sys
16:25:36.0690 1188 SbieDrv - ok
16:25:36.0705 1188 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:25:36.0705 1188 sbp2port - ok
16:25:36.0752 1188 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:25:36.0752 1188 scfilter - ok
16:25:36.0783 1188 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:25:36.0783 1188 secdrv - ok
16:25:36.0815 1188 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:25:36.0815 1188 Serenum - ok
16:25:36.0846 1188 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:25:36.0846 1188 Serial - ok
16:25:36.0861 1188 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:25:36.0861 1188 sermouse - ok
16:25:36.0893 1188 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:25:36.0893 1188 sffdisk - ok
16:25:36.0924 1188 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:25:36.0924 1188 sffp_mmc - ok
16:25:36.0939 1188 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:25:36.0939 1188 sffp_sd - ok
16:25:36.0939 1188 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:25:36.0939 1188 sfloppy - ok
16:25:36.0986 1188 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:25:36.0986 1188 SiSRaid2 - ok
16:25:37.0002 1188 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:25:37.0002 1188 SiSRaid4 - ok
16:25:37.0002 1188 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:25:37.0002 1188 Smb - ok
16:25:37.0049 1188 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:25:37.0049 1188 spldr - ok
16:25:37.0095 1188 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:25:37.0095 1188 srv - ok
16:25:37.0111 1188 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:25:37.0127 1188 srv2 - ok
16:25:37.0127 1188 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:25:37.0127 1188 srvnet - ok
16:25:37.0173 1188 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:25:37.0173 1188 stexstor - ok
16:25:37.0189 1188 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:25:37.0189 1188 storflt - ok
16:25:37.0205 1188 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:25:37.0205 1188 storvsc - ok
16:25:37.0220 1188 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:25:37.0220 1188 swenum - ok
16:25:37.0251 1188 Synth3dVsc - ok
16:25:37.0314 1188 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
16:25:37.0329 1188 Tcpip - ok
16:25:37.0376 1188 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
16:25:37.0392 1188 TCPIP6 - ok
16:25:37.0407 1188 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:25:37.0423 1188 tcpipreg - ok
16:25:37.0439 1188 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:25:37.0439 1188 TDPIPE - ok
16:25:37.0454 1188 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:25:37.0454 1188 TDTCP - ok
16:25:37.0485 1188 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:25:37.0485 1188 tdx - ok
16:25:37.0517 1188 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:25:37.0517 1188 TermDD - ok
16:25:37.0563 1188 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:25:37.0563 1188 tssecsrv - ok
16:25:37.0595 1188 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:25:37.0595 1188 TsUsbFlt - ok
16:25:37.0610 1188 tsusbhub - ok
16:25:37.0641 1188 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:25:37.0641 1188 tunnel - ok
16:25:37.0657 1188 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:25:37.0657 1188 uagp35 - ok
16:25:37.0688 1188 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:25:37.0704 1188 udfs - ok
16:25:37.0719 1188 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:25:37.0719 1188 uliagpkx - ok
16:25:37.0751 1188 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:25:37.0751 1188 umbus - ok
16:25:37.0766 1188 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:25:37.0766 1188 UmPass - ok
16:25:37.0797 1188 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:25:37.0797 1188 usbccgp - ok
16:25:37.0813 1188 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:25:37.0813 1188 usbcir - ok
16:25:37.0844 1188 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:25:37.0844 1188 usbehci - ok
16:25:37.0875 1188 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
16:25:37.0875 1188 usbfilter - ok
16:25:37.0891 1188 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:25:37.0891 1188 usbhub - ok
16:25:37.0907 1188 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:25:37.0907 1188 usbohci - ok
16:25:37.0922 1188 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:25:37.0922 1188 usbprint - ok
16:25:37.0953 1188 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:25:37.0953 1188 usbscan - ok
16:25:37.0985 1188 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:25:37.0985 1188 USBSTOR - ok
16:25:38.0000 1188 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:25:38.0000 1188 usbuhci - ok
16:25:38.0031 1188 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:25:38.0031 1188 vdrvroot - ok
16:25:38.0047 1188 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:25:38.0047 1188 vga - ok
16:25:38.0063 1188 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:25:38.0063 1188 VgaSave - ok
16:25:38.0078 1188 VGPU - ok
16:25:38.0094 1188 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:25:38.0094 1188 vhdmp - ok
16:25:38.0109 1188 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:25:38.0109 1188 viaide - ok
16:25:38.0141 1188 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:25:38.0141 1188 vmbus - ok
16:25:38.0172 1188 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:25:38.0172 1188 VMBusHID - ok
16:25:38.0219 1188 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
16:25:38.0219 1188 vmci - ok
16:25:38.0250 1188 vmkbd (76306d9523bc16baf01f1b71e3e174a9) C:\Windows\system32\drivers\VMkbd.sys
16:25:38.0250 1188 vmkbd - ok
16:25:38.0297 1188 vmm (21c96aa588d3993191761a08dbaabb15) C:\Windows\system32\Drivers\vmm.sys
16:25:38.0297 1188 vmm - ok
16:25:38.0328 1188 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
16:25:38.0328 1188 VMnetAdapter - ok
16:25:38.0343 1188 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
16:25:38.0343 1188 VMnetBridge - ok
16:25:38.0375 1188 VMnetuserif (227982e986c02b710630d7fc570caa77) C:\Windows\system32\drivers\vmnetuserif.sys
16:25:38.0375 1188 VMnetuserif - ok
16:25:38.0421 1188 vmx86 (86aa5eae57e2eaef3b6f5c16b27e0ec4) C:\Windows\system32\drivers\vmx86.sys
16:25:38.0421 1188 vmx86 - ok
16:25:38.0437 1188 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:25:38.0437 1188 volmgr - ok
16:25:38.0468 1188 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:25:38.0468 1188 volmgrx - ok
16:25:38.0484 1188 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:25:38.0484 1188 volsnap - ok
16:25:38.0515 1188 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:25:38.0515 1188 vsmraid - ok
16:25:38.0531 1188 vstor2-mntapi10-shared - ok
16:25:38.0546 1188 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:25:38.0546 1188 vwifibus - ok
16:25:38.0562 1188 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:25:38.0562 1188 WacomPen - ok
16:25:38.0577 1188 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:25:38.0577 1188 WANARP - ok
16:25:38.0577 1188 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:25:38.0577 1188 Wanarpv6 - ok
16:25:38.0609 1188 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:25:38.0609 1188 Wd - ok
16:25:38.0640 1188 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:25:38.0640 1188 Wdf01000 - ok
16:25:38.0671 1188 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:25:38.0671 1188 WfpLwf - ok
16:25:38.0671 1188 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:25:38.0687 1188 WIMMount - ok
16:25:38.0733 1188 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:25:38.0733 1188 WmiAcpi - ok
16:25:38.0765 1188 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:25:38.0765 1188 ws2ifsl - ok
16:25:38.0811 1188 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:25:38.0827 1188 WudfPf - ok
16:25:38.0843 1188 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:25:38.0843 1188 WUDFRd - ok
16:25:38.0889 1188 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:25:38.0905 1188 \Device\Harddisk0\DR0 - ok
16:25:38.0905 1188 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk1\DR1
16:25:38.0905 1188 \Device\Harddisk1\DR1 - ok
16:25:38.0921 1188 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
16:25:38.0921 1188 \Device\Harddisk2\DR2 - ok
16:25:38.0921 1188 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR8
16:25:38.0936 1188 \Device\Harddisk3\DR8 - ok
16:25:38.0936 1188 Boot (0x1200) (6927ecfb21b23214d8b5b7a12ff5abdc) \Device\Harddisk0\DR0\Partition0
16:25:38.0936 1188 \Device\Harddisk0\DR0\Partition0 - ok
16:25:38.0952 1188 Boot (0x1200) (74070a8e13f628eb17fd9d1ec2e2650c) \Device\Harddisk0\DR0\Partition1
16:25:38.0952 1188 \Device\Harddisk0\DR0\Partition1 - ok
16:25:38.0952 1188 Boot (0x1200) (0fe9a73f61c992d03feecd6b98e4be70) \Device\Harddisk1\DR1\Partition0
16:25:38.0952 1188 \Device\Harddisk1\DR1\Partition0 - ok
16:25:38.0967 1188 Boot (0x1200) (bbd8f32c366ccfd92996d28df4d21c4a) \Device\Harddisk2\DR2\Partition0
16:25:38.0967 1188 \Device\Harddisk2\DR2\Partition0 - ok
16:25:38.0967 1188 Boot (0x1200) (f8f37515ff2741ae767fa94d83d4b2e1) \Device\Harddisk3\DR8\Partition0
16:25:38.0967 1188 \Device\Harddisk3\DR8\Partition0 - ok
16:25:38.0967 1188 ============================================================
16:25:38.0967 1188 Scan finished
16:25:38.0967 1188 ============================================================
16:25:38.0983 1888 Detected object count: 0
16:25:38.0983 1888 Actual detected object count: 0
16:26:00.0558 1488 Deinitialize success

VIRY.CZ

Nelze spustit .exe Win7

Nelze spustit .exe Win7

Re: Nelze spustit .exe Win7

Re: Nelze spustit .exe Win7

Re: Nelze spustit .exe Win7

Re: Nelze spustit .exe Win7

Re: Nelze spustit .exe Win7

Re: Nelze spustit .exe Win7

Re: Nelze spustit .exe Win7

Re: Nelze spustit .exe Win7

Re: Nelze spustit .exe Win7

Re: Nelze spustit .exe Win7

Re: Nelze spustit .exe Win7

Re: Nelze spustit .exe Win7

Re: Nelze spustit .exe Win7

Re: Nelze spustit .exe Win7