BSOD

[Geneiken]

Zdravim, uz jsem tady tusim jednou tenhle problem chtel resit ale bohuzel mi nevysel cas, ted mam par dni volno, tak bych byl rad kdyby mi s tim nekdo pomohl.
O co jde? Proste a jednoduse ten PC dostava BSOD, nevim proc ale dela to. Dneska uz to udelal 4x, mohl by mi nekdo pomoct? (omlouvam se jestli je to spatne subforum do ktereho to vkladam)

[Roli]

Zdravím, použij, WhoCrashed

po spuštění klikni na Analyze,

aplikace po chvilce vytvoří zprávu o příčině pádu, kterou mi sem nakopíruj.


Ještě by nebylo od věci dát mi sem také log.txt z Rsit.

[Geneiken]

WhoCrashed

System Information (local)
--------------------------------------------------------------------------------

computer name: TRISTRAM
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
CPU: AuthenticAMD AMD Phenom(tm) 9650 Quad-Core Processor AMD586, level: 16
4 logical processors, active mask: 15
RAM: 4294500352 total
VM: 2147352576, free: 1983029248
--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.


On Mon 22.8.2011 13:32:38 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082211-19624-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0xA (0x28, 0x2, 0x0, 0xFFFFF80002CDBBD0)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Mon 22.8.2011 13:32:38 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0xA (0x28, 0x2, 0x0, 0xFFFFF80002CDBBD0)
Error: IRQL_NOT_LESS_OR_EQUAL
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Mon 22.8.2011 12:38:15 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082211-22105-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0x109 (0xA3A039D8962947ED, 0xB3B7465EE8A61743, 0xFFFFF80002F7E294, 0x1)
Error: CRITICAL_STRUCTURE_CORRUPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Mon 22.8.2011 11:37:24 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082211-20841-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0x109 (0xA3A039D89A0B65A0, 0xB3B7465EEC8834F6, 0xFFFFF80002CE2265, 0x1)
Error: CRITICAL_STRUCTURE_CORRUPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sun 21.8.2011 17:10:50 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082111-20545-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0x4E (0x99, 0x104708, 0x0, 0xB0208)
Error: PFN_LIST_CORRUPT
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the page frame number (PFN) list is corrupted.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sun 21.8.2011 15:46:00 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082111-21184-01.dmp
This was probably caused by the following module: dxgmms1.sys (dxgmms1+0x5EE3)
Bugcheck code: 0x19 (0x20, 0xFFFFF8A002E3E7A0, 0xFFFFF8A002E3EBD0, 0x5430109)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\dxgmms1.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: DirectX Graphics MMS
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Sat 20.8.2011 10:08:16 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082011-20202-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0xA (0x28, 0x2, 0x0, 0xFFFFF80002CD3BD0)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Thu 18.8.2011 19:37:35 GMT your computer crashed
crash dump file: C:\Windows\Minidump\081811-21996-01.dmp
This was probably caused by the following module: win32k.sys (win32k+0x20CC1C)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF9600026CC1C, 0xFFFFF88003799230, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\win32k.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Sun 14.8.2011 23:21:20 GMT your computer crashed
crash dump file: C:\Windows\Minidump\081511-21793-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0x9F (0x3, 0xFFFFFA80039B8190, 0xFFFFF80000BA2748, 0xFFFFFA8004609330)
Error: DRIVER_POWER_STATE_FAILURE
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sun 14.8.2011 21:15:27 GMT your computer crashed
crash dump file: C:\Windows\Minidump\081411-23914-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0x50 (0xFFFFF6800202DF80, 0x0, 0xFFFFF80002C9EB18, 0x2)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Wed 10.8.2011 15:10:04 GMT your computer crashed
crash dump file: C:\Windows\Minidump\081011-22074-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7FD00)
Bugcheck code: 0xA (0x28, 0x2, 0x0, 0xFFFFF80002CDFBF8)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Wed 3.8.2011 8:35:02 GMT your computer crashed
crash dump file: C:\Windows\Minidump\080311-23228-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7FD00)
Bugcheck code: 0x109 (0xA3A039D8997B27C2, 0xB3B7465EEBF7F718, 0xFFFFF80002CE2050, 0x1)
Error: CRITICAL_STRUCTURE_CORRUPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Mon 1.8.2011 9:51:00 GMT your computer crashed
crash dump file: C:\Windows\Minidump\080111-21356-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x70700)
Bugcheck code: 0xA (0x28, 0x2, 0x0, 0xFFFFF80002CCB5A8)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sat 30.7.2011 19:56:00 GMT your computer crashed
crash dump file: C:\Windows\Minidump\073011-20794-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x70700)
Bugcheck code: 0x109 (0xA3A039D896303511, 0xB3B7465EE8AD0707, 0xFFFFF80002CE2060, 0x1)
Error: CRITICAL_STRUCTURE_CORRUPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Fri 29.7.2011 11:47:07 GMT your computer crashed
crash dump file: C:\Windows\Minidump\072911-28392-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x70700)
Bugcheck code: 0x50 (0xFFFFF08005832FE0, 0x1, 0xFFFFF80002CE2283, 0x7)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.



--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

49 crash dumps have been found and analyzed. Only 15 are included in this report.
Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.


RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2011-08-23 20:03:46
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 115 GB (42%) free of 277 GB
Total RAM: 4096 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:03:50, on 23.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Auzentech\X-Fi Forte 7.1\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
D:\Valve\Steam.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Users\Admin\Desktop\hax\GarenaMaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Garena\Garena.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 67.221.174.30 tagged.com
O1 - Hosts: 204.9.178.11 typepad.com
O1 - Hosts: 74.113.152.32 istockphoto.com
O1 - Hosts: 208.94.0.38 yfrog.com
O1 - Hosts: 63.309.5.102 virustotal.com
O1 - Hosts: 123.125.50.22 126.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 213.238.60.190 xing.com
O1 - Hosts: 59.106.98.139 seesaa.net
O1 - Hosts: 184.72.253.170 hootsuite.com
O1 - Hosts: 211.151.146.16 soku.com
O1 - Hosts: 72.32.120.222 metacafe.com
O1 - Hosts: 9.105.6.98 bitdefender.com
O1 - Hosts: 204.11.109.133 tribalfusion.com
O1 - Hosts: 207.154.14.31tripadvisor.com
O1 - Hosts: 216.52.240.133 ustream.tv
O1 - Hosts: 174.36.244.132 linkwithin.com
O1 - Hosts: 121.67.203.61 scan.novirusthanks.org
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 103.67.101.13 trendmicro.com
O1 - Hosts: 208.85.40.80 pandora.com
O1 - Hosts: 194.116.241.57 softonic.com
O1 - Hosts: 208.83.243.15 match.com
O1 - Hosts: 202.57.69.84 nwt.com
O1 - Hosts: 65.11.53.80 nttnavi.com
O1 - Hosts: 72.51.41.235 nrk.no
O1 - Hosts: 110.16.19.157 nozonedata.com
O1 - Hosts: 76.106.43.251 nachtagenten.com
O1 - Hosts: 195.82.124.124 musicmatch.com
O1 - Hosts: 70.52.56.163 moscowtimes.com
O1 - Hosts: 124.217.235.76 gsn.com
O1 - Hosts: 61.178.63.198 mgd.com
O1 - Hosts: 174.142.24.205 mediastorm.hu
O1 - Hosts: 38.113.207.59 media-servers.com
O1 - Hosts: 116.66.206.161 m5prod.com
O1 - Hosts: 74.175.65.66 lupa.com
O1 - Hosts: 207.200.66.53 liveintercom.com
O1 - Hosts: 71.96.135.20 keenspace.com
O1 - Hosts: 202.51.107.37 jetsoftware.com
O1 - Hosts: 60.251.54.208 jamba.com
O1 - Hosts: 222.161.3.133 ir.com
O1 - Hosts: 200.24.227.170 investopedia.com
O1 - Hosts: 202.149.24.216 choiceradio.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 141.76.45.18 chip.com
O1 - Hosts: 128.006.192.15 redv.net
O1 - Hosts: 194.42.17.124 cgi.com
O1 - Hosts: 199.26.254.66 centcomm.com
O1 - Hosts: 202.149.24.216 digitallook.com
O1 - Hosts: 60.251.189.134 domainfactory.com
O1 - Hosts: 222.161.3.133 dvdfocomm.nu
O1 - Hosts: 157.95.56.15 e-kolay.com
O1 - Hosts: 85.249.23.115 eurosport.com
O1 - Hosts: 189.104.149.61 f1cd.com
O1 - Hosts: 125.162.92.234 free6.com
O1 - Hosts: 80.81.159.20 cdmworldsoftware.com
O1 - Hosts: 117.102.101.219 grafika.com
O1 - Hosts: 85.249.23.115 adware-delete.com
O1 - Hosts: 69.89.22.135 hbv.com
O1 - Hosts: 92.48.201.39 protectorsuite.com
O1 - Hosts: 128.31.1.16 howstuffworks.com
O1 - Hosts: 132.239.17.2 gns.com
O1 - Hosts: 85.249.23.117 hyena.com
O1 - Hosts: 219.139.158.59 iinfo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Auzentech\X-Fi Forte 7.1\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11623 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k LocalService
Ati2evxx.exe -Client
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1860
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Auzentech\X-Fi Forte 7.1\Volume Panel\VolPanlu.exe" /r
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"C:\Windows\SysWOW64\CTXFISPI.EXE" -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"D:\Valve\Steam.exe"
"C:\Program Files (x86)\Pidgin\pidgin.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\wuauclt.exe"
"C:\Users\Admin\Desktop\hax\GarenaMaster.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5000.bd891f0.1538266645 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.6.0 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 5000 "\\.\pipe\gecko-crash-server-pipe.5000" plugin
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files\Garena\Garena.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Admin\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-14 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-01-12 2918656]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"=C:\Program Files (x86)\Auzentech\X-Fi Forte 7.1\Volume Panel\VolPanlu.exe [2009-05-04 241789]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-04-17 98616]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-08-23 20:02:07 ----D---- C:\Program Files\WhoCrashed
2011-08-21 13:37:29 ----D---- C:\Program Files\Garena
2011-08-11 13:44:55 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-08-11 13:44:55 ----A---- C:\Windows\system32\xmllite.dll
2011-08-11 13:44:54 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-11 13:44:54 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-11 13:44:54 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-11 13:44:53 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-11 13:44:53 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-11 13:44:53 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-11 13:44:53 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-11 13:44:53 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-11 13:44:52 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-11 13:44:50 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-11 13:44:44 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-11 13:44:44 ----A---- C:\Windows\system32\wow64.dll
2011-08-11 13:44:44 ----A---- C:\Windows\system32\winsrv.dll
2011-08-11 13:44:44 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-11 13:44:44 ----A---- C:\Windows\system32\kernel32.dll
2011-08-11 13:44:44 ----A---- C:\Windows\system32\conhost.exe
2011-08-11 13:44:43 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-11 13:44:43 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-11 13:44:43 ----A---- C:\Windows\system32\wow64win.dll
2011-08-11 13:44:43 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-11 13:44:43 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 13:44:42 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 13:44:42 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-11 13:44:42 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 13:44:41 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 13:44:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-11 13:44:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 13:44:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-11 13:44:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 13:44:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 13:44:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 13:44:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 13:44:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 13:44:40 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 13:44:40 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 13:44:40 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 13:44:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 13:44:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-11 13:44:39 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 13:44:39 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-11 13:44:39 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-11 13:44:39 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-11 13:44:37 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-11 13:44:34 ----A---- C:\Windows\system32\mshtml.dll
2011-08-11 13:44:31 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-11 13:44:31 ----A---- C:\Windows\system32\iertutil.dll
2011-08-11 13:44:28 ----A---- C:\Windows\system32\ieframe.dll
2011-08-11 13:44:24 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-11 13:44:21 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-11 13:44:18 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-11 13:44:18 ----A---- C:\Windows\system32\urlmon.dll
2011-08-11 13:44:17 ----A---- C:\Windows\system32\wininet.dll
2011-08-11 13:44:17 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-11 13:44:16 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-11 13:44:16 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-08-11 13:44:15 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-11 13:44:15 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-11 13:44:15 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-11 13:44:15 ----A---- C:\Windows\system32\url.dll
2011-08-11 13:44:15 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-11 13:44:15 ----A---- C:\Windows\system32\ieui.dll
2011-08-11 13:44:14 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-11 13:44:14 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-11 13:44:08 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-08-11 13:44:07 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-11 13:44:05 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-08-05 03:01:15 ----D---- C:\Windows\CheckSur
2011-08-03 09:47:01 ----D---- C:\Windows\system32\SPReview
2011-08-03 09:45:58 ----D---- C:\Windows\system32\EventProviders
2011-07-25 21:34:26 ----A---- C:\Windows\SYSWOW64\npptNT2.sys
2011-07-25 21:18:56 ----D---- C:\Users\Admin\AppData\Roaming\InstallShield
2011-07-25 19:59:14 ----RD---- C:\Program Files (x86)\Skype

======List of files/folders modified in the last 1 months======

2011-08-23 20:03:50 ----D---- C:\Windows\Prefetch
2011-08-23 20:03:49 ----D---- C:\Windows\Temp
2011-08-23 20:03:49 ----D---- C:\Program Files\trend micro
2011-08-23 20:02:07 ----RD---- C:\Program Files
2011-08-23 19:54:04 ----D---- C:\ProgramData\Easybits GO
2011-08-23 19:49:52 ----D---- C:\Users\Admin\AppData\Roaming\.purple
2011-08-23 19:47:02 ----D---- C:\Users\Admin\AppData\Roaming\Skype
2011-08-23 16:04:04 ----D---- C:\Users\Admin\AppData\Roaming\go
2011-08-23 11:46:28 ----SHD---- C:\System Volume Information
2011-08-23 11:44:22 ----D---- C:\Windows\system32\config
2011-08-22 15:33:45 ----D---- C:\Windows\Minidump
2011-08-22 15:33:43 ----D---- C:\Windows
2011-08-21 19:12:53 ----D---- C:\Windows\system32\catroot2
2011-08-18 11:42:31 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-08-17 16:26:19 ----D---- C:\ProgramData\Blizzard Entertainment
2011-08-16 22:46:14 ----D---- C:\Windows\winsxs
2011-08-16 22:36:12 ----SHD---- C:\Windows\Installer
2011-08-16 22:35:14 ----RD---- C:\Program Files (x86)
2011-08-16 22:35:14 ----D---- C:\Windows\SysWOW64
2011-08-16 21:16:45 ----SD---- C:\ProgramData\Microsoft
2011-08-15 12:40:54 ----D---- C:\Users\Admin\AppData\Roaming\uTorrent
2011-08-15 12:38:03 ----D---- C:\Program Files (x86)\The KMPlayer
2011-08-15 09:36:21 ----D---- C:\Windows\system32\Tasks
2011-08-13 17:38:00 ----D---- C:\Windows\Microsoft.NET
2011-08-13 17:37:58 ----RSD---- C:\Windows\assembly
2011-08-13 17:09:31 ----D---- C:\Users\Admin\AppData\Roaming\Creative
2011-08-12 11:57:54 ----D---- C:\Windows\System32
2011-08-12 11:57:50 ----D---- C:\Windows\system32\drivers
2011-08-12 11:57:48 ----D---- C:\Windows\SYSWOW64\migration
2011-08-12 11:57:48 ----D---- C:\Windows\system32\migration
2011-08-12 11:57:48 ----D---- C:\Windows\AppPatch
2011-08-12 11:57:48 ----D---- C:\Program Files\Internet Explorer
2011-08-12 11:57:48 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-11 23:54:15 ----D---- C:\ProgramData\Microsoft Help
2011-08-11 23:53:41 ----D---- C:\Windows\system32\catroot
2011-08-11 23:51:37 ----A---- C:\Windows\system32\MRT.exe
2011-08-11 23:48:05 ----D---- C:\Windows\inf
2011-08-11 23:48:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-03 17:31:28 ----D---- C:\Windows\rescache
2011-08-03 10:11:47 ----D---- C:\Windows\system32\DriverStore
2011-08-03 10:03:53 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-08-03 10:03:53 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-08-03 10:03:53 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-08-03 10:03:53 ----D---- C:\Program Files (x86)\Windows Media Player
2011-08-03 10:03:53 ----D---- C:\Program Files (x86)\Windows Mail
2011-08-03 10:03:52 ----D---- C:\Windows\servicing
2011-08-03 10:03:52 ----D---- C:\Windows\ehome
2011-08-03 10:03:52 ----D---- C:\Program Files\Windows Sidebar
2011-08-03 10:03:52 ----D---- C:\Program Files\Windows Portable Devices
2011-08-03 10:03:52 ----D---- C:\Program Files\Windows Photo Viewer
2011-08-03 10:03:52 ----D---- C:\Program Files\Windows Media Player
2011-08-03 10:03:52 ----D---- C:\Program Files\Windows Mail
2011-08-03 10:03:52 ----D---- C:\Program Files\Windows Journal
2011-08-03 10:03:52 ----D---- C:\Program Files\Windows Defender
2011-08-03 10:03:52 ----D---- C:\Program Files\DVD Maker
2011-08-03 10:03:47 ----SHD---- C:\Windows\BitLockerDiscoveryVolumeContents
2011-08-03 10:03:47 ----D---- C:\Windows\SYSWOW64\Setup
2011-08-03 10:03:47 ----D---- C:\Windows\SYSWOW64\oobe
2011-08-03 10:03:47 ----D---- C:\Windows\SYSWOW64\manifeststore
2011-08-03 10:03:47 ----D---- C:\Windows\SYSWOW64\da-DK
2011-08-03 10:03:47 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-03 10:03:47 ----D---- C:\Windows\SYSWOW64\cs
2011-08-03 10:03:47 ----D---- C:\Windows\SYSWOW64\AdvancedInstallers
2011-08-03 10:03:46 ----D---- C:\Windows\SYSWOW64\wbem
2011-08-03 10:03:46 ----D---- C:\Windows\SYSWOW64\sppui
2011-08-03 10:03:46 ----D---- C:\Windows\SYSWOW64\migwiz
2011-08-03 10:03:46 ----D---- C:\Windows\SYSWOW64\es-ES
2011-08-03 10:03:46 ----D---- C:\Windows\SYSWOW64\Dism
2011-08-03 10:03:30 ----D---- C:\Windows\system32\Setup
2011-08-03 10:03:30 ----D---- C:\Windows\system32\oobe
2011-08-03 10:03:30 ----D---- C:\Windows\system32\en-US
2011-08-03 10:03:30 ----D---- C:\Windows\system32\da-DK
2011-08-03 10:03:30 ----D---- C:\Windows\system32\cs
2011-08-03 10:03:30 ----D---- C:\Windows\system32\AdvancedInstallers
2011-08-03 10:03:30 ----D---- C:\Windows\PolicyDefinitions
2011-08-03 10:03:29 ----D---- C:\Windows\system32\cs-CZ
2011-08-03 10:03:28 ----D---- C:\Windows\system32\wbem
2011-08-03 10:03:28 ----D---- C:\Windows\system32\sppui
2011-08-03 10:03:28 ----D---- C:\Windows\system32\migwiz
2011-08-03 10:03:28 ----D---- C:\Windows\system32\manifeststore
2011-08-03 10:03:28 ----D---- C:\Windows\system32\es-ES
2011-08-03 10:03:28 ----D---- C:\Windows\system32\drivers\UMDF
2011-08-03 10:03:28 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-08-03 10:03:28 ----D---- C:\Windows\system32\Dism
2011-08-03 10:03:11 ----RSD---- C:\Windows\Fonts
2011-08-03 10:03:02 ----D---- C:\Windows\system32\Boot
2011-08-03 09:59:41 ----D---- C:\Windows\Logs
2011-08-03 09:57:16 ----A---- C:\Windows\SYSWOW64\msclmd.dll
2011-08-03 09:57:15 ----A---- C:\Windows\system32\msclmd.dll
2011-07-25 21:25:24 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-07-25 19:59:16 ----D---- C:\Program Files (x86)\Common Files
2011-07-25 19:59:13 ----D---- C:\ProgramData\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-12-21 170640]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 50624]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-11 5352960]
R3 CT20XUT.SYS;CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [2009-07-22 230488]
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2009-07-22 695384]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS [2009-07-22 1494104]
R3 CTHWIUT.SYS;CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS [2009-07-22 95320]
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2009-07-22 15960]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2009-07-22 213080]
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2009-07-22 118360]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-12-21 34144]
R3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
R3 ha20x22k;Creative 20X2 HAL Driver; C:\Windows\system32\drivers\ha20x22k.sys [2009-07-22 1646680]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-05-13 33344]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2009-07-22 179800]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver; C:\Windows\system32\DRIVERS\RTL85n64.sys [2009-06-10 378368]
S3 CT20XUT;CT20XUT; C:\Windows\system32\drivers\CT20XUT.SYS [2009-07-22 230488]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2009-07-22 580696]
S3 CTEXFIFX;CTEXFIFX; C:\Windows\system32\drivers\CTEXFIFX.SYS [2009-07-22 1494104]
S3 CTHWIUT;CTHWIUT; C:\Windows\system32\drivers\CTHWIUT.SYS [2009-07-22 95320]
S3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2009-07-22 1602136]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2010-02-11 952320]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2009-02-23 307200]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-12 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-12 79360]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 42360]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-17 1431888]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-12 1255736]

-----------------EOF-----------------

[Roli]

No tak tohle nebude tak jednoduché.


Nejdříve v HJT fixni :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
O1 - Hosts: 67.221.174.30 tagged.com
O1 - Hosts: 204.9.178.11 typepad.com
O1 - Hosts: 74.113.152.32 istockphoto.com
O1 - Hosts: 208.94.0.38 yfrog.com
O1 - Hosts: 63.309.5.102 virustotal.com
O1 - Hosts: 123.125.50.22 126.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 213.238.60.190 xing.com
O1 - Hosts: 59.106.98.139 seesaa.net
O1 - Hosts: 184.72.253.170 hootsuite.com
O1 - Hosts: 211.151.146.16 soku.com
O1 - Hosts: 72.32.120.222 metacafe.com
O1 - Hosts: 9.105.6.98 bitdefender.com
O1 - Hosts: 204.11.109.133 tribalfusion.com
O1 - Hosts: 207.154.14.31tripadvisor.com
O1 - Hosts: 216.52.240.133 ustream.tv
O1 - Hosts: 174.36.244.132 linkwithin.com
O1 - Hosts: 121.67.203.61 scan.novirusthanks.org
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 103.67.101.13 trendmicro.com
O1 - Hosts: 208.85.40.80 pandora.com
O1 - Hosts: 194.116.241.57 softonic.com
O1 - Hosts: 208.83.243.15 match.com
O1 - Hosts: 202.57.69.84 nwt.com
O1 - Hosts: 65.11.53.80 nttnavi.com
O1 - Hosts: 72.51.41.235 nrk.no
O1 - Hosts: 110.16.19.157 nozonedata.com
O1 - Hosts: 76.106.43.251 nachtagenten.com
O1 - Hosts: 195.82.124.124 musicmatch.com
O1 - Hosts: 70.52.56.163 moscowtimes.com
O1 - Hosts: 124.217.235.76 gsn.com
O1 - Hosts: 61.178.63.198 mgd.com
O1 - Hosts: 174.142.24.205 mediastorm.hu
O1 - Hosts: 38.113.207.59 media-servers.com
O1 - Hosts: 116.66.206.161 m5prod.com
O1 - Hosts: 74.175.65.66 lupa.com
O1 - Hosts: 207.200.66.53 liveintercom.com
O1 - Hosts: 71.96.135.20 keenspace.com
O1 - Hosts: 202.51.107.37 jetsoftware.com
O1 - Hosts: 60.251.54.208 jamba.com
O1 - Hosts: 222.161.3.133 ir.com
O1 - Hosts: 200.24.227.170 investopedia.com
O1 - Hosts: 202.149.24.216 choiceradio.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 141.76.45.18 chip.com
O1 - Hosts: 128.006.192.15 redv.net
O1 - Hosts: 194.42.17.124 cgi.com
O1 - Hosts: 199.26.254.66 centcomm.com
O1 - Hosts: 202.149.24.216 digitallook.com
O1 - Hosts: 60.251.189.134 domainfactory.com
O1 - Hosts: 222.161.3.133 dvdfocomm.nu
O1 - Hosts: 157.95.56.15 e-kolay.com
O1 - Hosts: 85.249.23.115 eurosport.com
O1 - Hosts: 189.104.149.61 f1cd.com
O1 - Hosts: 125.162.92.234 free6.com
O1 - Hosts: 80.81.159.20 cdmworldsoftware.com
O1 - Hosts: 117.102.101.219 grafika.com
O1 - Hosts: 85.249.23.115 adware-delete.com
O1 - Hosts: 69.89.22.135 hbv.com
O1 - Hosts: 92.48.201.39 protectorsuite.com
O1 - Hosts: 128.31.1.16 howstuffworks.com
O1 - Hosts: 132.239.17.2 gns.com
O1 - Hosts: 85.249.23.117 hyena.com
O1 - Hosts: 219.139.158.59 iinfo.com
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

HJT najdeš zde :

C:\Program Files\trend micro\Admin.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

Adobe Acrobat Update Service

Ati External Event Utility

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Dále jako první bych zkusil dát buď novější nebo starší ovladače od grafiky.


Pak dej vědět jaký je stav PC.

[Geneiken]

Diky moc, vsechno hotovo, zatim nebyl zadny pad, akorad se pokazde kdyz pc zapnu tak na 2-3 minutky freezne. Kdybych dostal dalsi BSOD tak dam vedet.

[Geneiken]

On Wed 24.8.2011 9:33:55 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082411-21668-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0x109 (0xA3A039D899DED58F, 0xB3B7465EEC5BA4E5, 0xFFFFF80002CE1CC0, 0x1)
Error: CRITICAL_STRUCTURE_CORRUPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Wed 24.8.2011 9:33:55 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x109 (0xA3A039D899DED58F, 0xB3B7465EEC5BA4E5, 0xFFFFF80002CE1CC0, 0x1)
Error: CRITICAL_STRUCTURE_CORRUPTION
Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.

[Roli]

Pořád stejná chyba, tohle fakt může dělat cokoliv, jak ovladač od hardware tak klidně nějaká kolize se software.

Tak že se pro jistotu nejdříve koukneme na RAMky i když

Stáhni Memtest,

soubor rozbal a vypal jako z image CD nikoliv jako data na CD

V Bios Setup do kterého se dostaneš při restartu mačkáním klávesy :

* DEL
* F2
* F1
* F10

záleží na PC, ale vždy je to na monitoru napsáno,

otevři nabídku ADVANCED BIOS FEATURES a vyhledej Boot Devices 0 až 4 nebo Boot Sequence.

Na první místo nastav CD-ROM,

na druhé pevný disk HDD, u obou položek bývá napsán i výrobce.

Stisknutím Save většinou je to F10 a potvrzením Entrem uložíš nastavení,

pak ještě stisknutím Save and Exit se dostaneš z Biosu.

Vlož CD s Memtestem do mechaniky a nech nabootovat.


Test poběží tak dlouho jak ho necháš, ale doporučuji nějakou tu hoďku ideálně přes noc.


Pak dej vědět jak to dopadlo.

[Geneiken]

Omlouvam se za zpozdeni, drive to bohuzel neslo. Stazeny iso soubor jsem vypalil na CD, nastavil jsem bootovani 1.CDROM 2.HDD ale spustil se jenom windows

[Roli]

A vypálil jsi to jako z image CD ?

Nemáš to pouze jako data ?

[Geneiken]

Udelal jsem to presne podle tveho navodu, ale stalo se to co jsem psal

[Roli]

Tak zkus TUHLE verzi Memtestu.

[Geneiken]

Znova stejny problem, mohl bys mi doporucit nejaky program na vypalovani? Kdyz to delam tim co uz nejspis je ve windowsu tak se to nikdy nespusti :-/

[Roli]

No na vypalování je dobré staré NERO 6, ale není free, občas ho dávali k mechanikám ve full verzi tak se zkus u někoho poptat.

Z těch free nejsou špatné CDburner a Ashampoo Burning Studio Free


Zkusil bych postupně odebrat jednu RAMku, samozřejmě s vypnutým PC.

Po znovu najetí uvidíš co to provádí a tím bychom viděli zda je problém v nich.