svchost.exe nonstop plne zatezuje jadro a zapisuje na disk

[dak]

zdravim, kamarad mi doporucil toto forum pro vycisteni svinciku
jak rika nazev, svchost mi porad plne zatezuje jedno jadro, neprijde mi, ze by pod nim bezela sluzba, co nema, tak jestli muzu poprosit o prohlednuti logu, dik
PS avira porad odchytava pokusy pres autorun.inf
PPS nasel jsem podobny problem tady na foru, ale nevim, zda jsou priciny stejne

Logfile of random's system information tool 1.06 (written by random/random)
Run by dak at 2010-04-12 12:59:39
Microsoft Windows 7 Professional Service Pack 3
System drive C: has 931 MB (3%) free of 31 GB
Total RAM: 3067 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:40, on 12.4.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
E:\soft\Fraps\fraps.exe
E:\soft\PerfectDisk_10\PDAgentS1.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Program DJ\Green Charger\GCTray.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files\Program DJ\Wireless Switch\wlss.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
E:\soft\Avira\AntiVir Desktop\avgnt.exe
E:\soft\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
E:\soft\totalcmd7.50a\TOTALCMD.EXE
H:\_\Miranda_0.8.1\miranda32.exe
E:\soft\Thunderbird\thunderbird.exe
E:\soft\Firefox3\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskeng.exe
E:\soft\PSPad editor\PSPad.exe
E:\soft\RSIT.exe
C:\Program Files\trend micro\dak.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GCTray] C:\Program Files\Program DJ\Green Charger\GCTray.exe
O4 - HKLM\..\Run: [WLSS] C:\Program Files\Program DJ\Wireless Switch\WLSS.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [avgnt] "E:\soft\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\soft\DAEMON Tools Lite\DTLite.exe" -autorun
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\soft\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\soft\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - E:\soft\PerfectDisk_10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:\soft\PerfectDisk_10\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

--
End of file - 4292 bytes

======Scheduled tasks folder======

C:\Windows\tasks\ASOService.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3266397383-775854498-48628368-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3266397383-775854498-48628368-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-24 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"=C:\Program Files\Protector Suite\launcher.exe [2009-08-13 55048]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-28 1557800]
"GCTray"=C:\Program Files\Program DJ\Green Charger\GCTray.exe [2008-06-10 548864]
"WLSS"=C:\Program Files\Program DJ\Wireless Switch\WLSS.exe [2008-05-09 951592]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2009-05-21 1202448]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-10-06 7772704]
"avgnt"=E:\soft\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2010-03-20 13683816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=E:\soft\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
E:\soft\AcrobatReader9\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
E:\SOFT\FRAPS\FRAPS.EXE [2009-11-21 2377648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\dak\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTuner]
E:\soft\RivaTuner2.2\RivaTunerWrapper.exe [2009-08-22 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
E:\soft\RivaTuner2.2\RivaTunerWrapper.exe [2009-08-22 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fraps.exe]
C:\Users\dak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fraps.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\Protector Suite\psqlpwd.dll [2009-08-13 100616]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-04-12 12:40:54 ----D---- C:\rsit
2010-04-12 12:40:54 ----D---- C:\Program Files\trend micro
2010-04-11 13:14:24 ----A---- C:\Windows\ntbtlog.txt
2010-04-06 12:17:14 ----D---- C:\Windows\temp
2010-04-06 12:17:13 ----A---- C:\ComboFix.txt
2010-04-06 12:12:07 ----D---- C:\$RECYCLE.BIN
2010-04-06 12:03:08 ----A---- C:\Windows\NIRCMD.exe
2010-04-06 12:03:08 ----A---- C:\Windows\MBR.exe
2010-04-06 12:03:07 ----A---- C:\Windows\SWSC.exe
2010-04-06 12:03:07 ----A---- C:\Windows\SWREG.exe
2010-04-06 12:03:07 ----A---- C:\Windows\PEV.exe
2010-04-06 12:03:07 ----A---- C:\Windows\grep.exe
2010-04-06 12:02:59 ----D---- C:\Windows\ERDNT
2010-04-06 12:00:43 ----D---- C:\ComboFix
2010-04-06 12:00:20 ----D---- C:\Qoobox
2010-04-06 12:00:06 ----A---- C:\Windows\SWXCACLS.exe
2010-04-05 21:39:43 ----D---- C:\Users\dak\AppData\Roaming\NVIDIA
2010-04-05 21:10:11 ----A---- C:\Windows\system32\OpenCL.dll
2010-04-05 21:10:11 ----A---- C:\Windows\system32\nvwgf2um.dll
2010-04-05 21:10:11 ----A---- C:\Windows\system32\nvoglv32.dll
2010-04-05 21:10:11 ----A---- C:\Windows\system32\nvencodemft.dll
2010-04-05 21:10:11 ----A---- C:\Windows\system32\nvdecodemft.dll
2010-04-05 21:10:11 ----A---- C:\Windows\system32\nvd3dum.dll
2010-04-05 21:10:11 ----A---- C:\Windows\system32\nvcuvid.dll
2010-04-05 21:10:11 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-04-05 21:10:11 ----A---- C:\Windows\system32\nvcuda.dll
2010-04-05 21:10:10 ----A---- C:\Windows\system32\nvcompiler.dll
2010-04-05 21:10:10 ----A---- C:\Windows\system32\nvcod1910.dll
2010-04-05 21:10:10 ----A---- C:\Windows\system32\nvcod.dll
2010-04-05 21:10:10 ----A---- C:\Windows\system32\nvapi.dll
2010-04-05 01:31:42 ----D---- C:\Users\dak\AppData\Roaming\Avira
2010-04-05 01:29:16 ----D---- C:\ProgramData\Avira
2010-04-03 22:50:02 ----A---- C:\Windows\system32\nvhdap32.dll
2010-04-03 22:50:02 ----A---- C:\Windows\system32\nvapo32v.dll
2010-04-03 22:48:39 ----D---- C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
2010-04-03 22:35:22 ----D---- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-04-03 21:12:17 ----D---- C:\NVIDIA
2010-03-26 00:15:52 ----D---- C:\Users\dak\AppData\Roaming\OpenOffice.org
2010-03-25 12:13:50 ----D---- C:\ProgramData\Systweak
2010-03-24 20:06:13 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-03-24 20:06:13 ----A---- C:\Windows\system32\PnkBstrA.exe
2010-03-24 20:06:12 ----A---- C:\Windows\system32\pbsvc_heroes.exe
2010-03-24 00:37:05 ----A---- C:\Windows\IsUninstR.Exe
2010-03-24 00:34:09 ----A---- C:\Windows\IsUninst.exe
2010-03-20 15:39:00 ----A---- C:\Windows\system32\nvvsvc.exe
2010-03-20 15:39:00 ----A---- C:\Windows\system32\nvsvcr.dll
2010-03-20 15:39:00 ----A---- C:\Windows\system32\nvsvc.dll
2010-03-20 15:39:00 ----A---- C:\Windows\system32\nvshext.dll
2010-03-20 15:39:00 ----A---- C:\Windows\system32\nvmctray.dll
2010-03-20 15:39:00 ----A---- C:\Windows\system32\nvcpl.dll
2010-03-20 15:33:18 ----A---- C:\Windows\runservice.exe
2010-03-20 15:33:18 ----A---- C:\Windows\mmfs.dll
2010-03-20 15:33:17 ----A---- C:\Windows\msvcr71.dll
2010-03-16 18:15:06 ----A---- C:\Windows\system32\nvcohda.dll
2010-03-16 17:13:00 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-03-16 17:13:00 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-03-16 17:13:00 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-03-16 17:13:00 ----A---- C:\Windows\system32\X3DAudio1_7.dll

======List of files/folders modified in the last 1 months======

2010-04-12 12:58:25 ----D---- C:\Windows\system32\DriverStore
2010-04-12 12:40:54 ----RD---- C:\Program Files
2010-04-12 12:31:50 ----D---- C:\Windows\System32
2010-04-12 12:31:50 ----D---- C:\Windows\inf
2010-04-12 12:31:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-12 12:30:12 ----SHD---- C:\Windows\Installer
2010-04-12 12:27:04 ----D---- C:\Windows\system32\Tasks
2010-04-12 00:06:20 ----D---- C:\Users\dak\AppData\Roaming\gtk-2.0
2010-04-11 13:14:24 ----D---- C:\Windows
2010-04-11 13:11:47 ----D---- C:\Windows\system32\config
2010-04-11 13:09:07 ----SHD---- C:\System Volume Information
2010-04-08 20:37:02 ----D---- C:\Windows\system32\NDF
2010-04-08 13:53:25 ----D---- C:\Users\dak\AppData\Roaming\WinEdt
2010-04-08 10:34:01 ----D---- C:\ProgramData\NVIDIA
2010-04-06 15:15:56 ----D---- C:\Users\dak\AppData\Roaming\vlc
2010-04-06 15:04:38 ----D---- C:\Windows\Minidump
2010-04-06 12:17:15 ----D---- C:\Windows\system32\drivers
2010-04-06 12:16:41 ----D---- C:\Windows\Tasks
2010-04-06 12:12:12 ----A---- C:\Windows\system.ini
2010-04-06 12:07:36 ----D---- C:\Windows\AppPatch
2010-04-06 12:07:35 ----D---- C:\Program Files\Common Files
2010-04-05 21:57:23 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-05 21:57:13 ----D---- C:\Program Files\NVIDIA Corporation
2010-04-05 21:35:43 ----D---- C:\Windows\system32\catroot
2010-04-05 21:30:23 ----D---- C:\Windows\winsxs
2010-04-05 21:25:43 ----D---- C:\Program Files\Windows Media Player
2010-04-05 21:25:41 ----D---- C:\Windows\system32\pt-PT
2010-04-05 21:25:41 ----D---- C:\Windows\system32\pt-BR
2010-04-05 21:25:41 ----D---- C:\Windows\system32\pl-PL
2010-04-05 21:25:41 ----D---- C:\Windows\system32\ko-KR
2010-04-05 21:25:41 ----D---- C:\Windows\system32\it-IT
2010-04-05 21:25:41 ----D---- C:\Windows\system32\hu-HU
2010-04-05 21:25:41 ----D---- C:\Windows\system32\he-IL
2010-04-05 21:25:41 ----D---- C:\Windows\PolicyDefinitions
2010-04-05 21:25:40 ----D---- C:\Windows\system32\zh-TW
2010-04-05 21:25:40 ----D---- C:\Windows\system32\zh-CN
2010-04-05 21:25:40 ----D---- C:\Windows\system32\wbem
2010-04-05 21:25:40 ----D---- C:\Windows\system32\tr-TR
2010-04-05 21:25:40 ----D---- C:\Windows\system32\th-TH
2010-04-05 21:25:40 ----D---- C:\Windows\system32\sv-SE
2010-04-05 21:25:40 ----D---- C:\Windows\system32\ru-RU
2010-04-05 21:25:40 ----D---- C:\Windows\system32\ro-RO
2010-04-05 21:25:40 ----D---- C:\Windows\system32\nl-NL
2010-04-05 21:25:40 ----D---- C:\Windows\system32\nb-NO
2010-04-05 21:25:40 ----D---- C:\Windows\system32\ja-JP
2010-04-05 21:25:40 ----D---- C:\Windows\system32\fr-FR
2010-04-05 21:25:40 ----D---- C:\Windows\system32\fi-FI
2010-04-05 21:25:40 ----D---- C:\Windows\system32\es-ES
2010-04-05 21:25:40 ----D---- C:\Windows\system32\en-US
2010-04-05 21:25:40 ----D---- C:\Windows\system32\el-GR
2010-04-05 21:25:40 ----D---- C:\Windows\system32\de-DE
2010-04-05 21:25:40 ----D---- C:\Windows\system32\da-DK
2010-04-05 21:25:40 ----D---- C:\Windows\system32\cs-CZ
2010-04-05 21:25:40 ----D---- C:\Windows\system32\ar-SA
2010-04-05 21:20:18 ----D---- C:\Windows\system32\catroot2
2010-04-05 01:29:16 ----D---- C:\ProgramData
2010-04-03 22:35:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-01 15:44:05 ----D---- C:\Windows\Prefetch
2010-03-26 00:15:07 ----RSD---- C:\Windows\assembly
2010-03-26 00:14:49 ----RSD---- C:\Windows\Fonts
2010-03-25 23:46:58 ----D---- C:\Users\dak\AppData\Roaming\OpenOffice.org2
2010-03-24 20:06:12 ----D---- C:\Windows\system32\LogFiles
2010-03-16 19:05:19 ----D---- C:\Windows\Help
2010-03-16 18:20:08 ----D---- C:\Program Files\AGEIA Technologies

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [2009-07-14 35328]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [2009-07-14 78336]
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-14 32256]
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys [2009-07-14 16896]
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2009-07-14 74240]
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys [2009-07-14 63488]
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 9728]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys [2009-08-20 73232]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [2009-07-14 48128]
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys [2009-07-14 86528]
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2009-07-14 586752]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [2009-07-14 60928]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2009-07-14 34816]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys [2009-07-14 69632]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-07-14 14080]
R3 CompositeBus;Ovladač rozpoznávacího modulu složené sběrnice; C:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 31232]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2009-10-02 728648]
R3 HDAudBus;Ovladač sběrnice Microsoft UAA pro zvuk High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [2009-07-14 108544]
R3 HidUsb;Ovladač třídy standardu HID Microsoft; C:\Windows\system32\DRIVERS\hidusb.sys [2009-07-14 24064]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-10-06 2779104]
R3 intelppm;Ovladač procesoru Intel; C:\Windows\system32\DRIVERS\intelppm.sys [2009-07-14 53760]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft; C:\Windows\system32\DRIVERS\monitor.sys [2009-07-14 23552]
R3 mouhid;Ovladač myši standardu HID; C:\Windows\system32\DRIVERS\mouhid.sys [2009-07-14 26112]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2009-07-14 60416]
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2010-01-08 221184]
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2009-07-14 95744]
R3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver; C:\Windows\system32\DRIVERS\mux.sys [2009-02-18 30768]
R3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys [2009-07-14 267264]
R3 netw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-05-28 4233728]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-03-20 11573704]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM; C:\Windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 49152]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2009-07-14 75264]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys [2009-07-14 306688]
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2009-12-08 113664]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-28 228784]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys [2009-07-14 108544]
R3 umbus;Ovladač sběrnice UMBus Enumerator; C:\Windows\system32\DRIVERS\umbus.sys [2009-07-14 39936]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\Windows\system32\DRIVERS\usbccgp.sys [2009-07-14 75264]
R3 usbehci;Ovladač miniportu vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\Windows\system32\DRIVERS\usbehci.sys [2009-07-14 41472]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\Windows\system32\DRIVERS\usbhub.sys [2009-07-14 258560]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\Windows\system32\DRIVERS\USBSTOR.SYS [2009-07-14 74752]
R3 usbuhci;Ovladač miniportu univerzálního hostitelského řadiče Microsoft USB; C:\Windows\system32\DRIVERS\usbuhci.sys [2009-07-14 24064]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2009-07-14 146176]
R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 34944]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
R3 WUDFRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-14 163328]
S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-14 9728]
S3 ADASPROT;SYSTWEAKASO; \??\E:\soft\Advanced System Optimizer 3\adasprot32.sys [2009-08-17 6656]
S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [2009-07-14 146512]
S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\DRIVERS\agp440.sys [2009-07-14 53312]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys [2009-07-14 14912]
S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys [2009-07-14 55296]
S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 52736]
S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [2009-07-14 79952]
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2009-07-14 50176]
S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys [2009-07-14 76368]
S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
S3 aumdfug1;aumdfug1; C:\Windows\system32\drivers\aumdfug1.sys []
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbdx.sys [2009-07-14 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys [2009-07-14 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys [2009-07-14 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys [2009-07-14 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys [2009-07-14 12160]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys [2009-07-14 11904]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BTHMODEM;Ovladač pro komunikaci pomocí modemu Bluetooth; C:\Windows\system32\DRIVERS\bthmodem.sys [2009-07-14 56320]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 catchme;catchme; \??\C:\Users\dak\AppData\Local\Temp\catchme.sys []
S3 CdaC15BA;CdaC15BA; \??\C:\Windows\system32\drivers\CDAC15BA.SYS [2010-01-05 8864]
S3 circlass;Consumer IR Devices; C:\Windows\system32\DRIVERS\circlass.sys [2009-07-14 37888]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbdx.sys [2009-07-14 3100160]
S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [2009-07-14 7168]
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2009-07-14 142336]
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys [2009-07-14 28160]
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-14 46160]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys [2009-07-14 57936]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [2009-07-14 26624]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-07-14 304128]
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 21504]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\DRIVERS\hidbth.sys [2009-07-14 91136]
S3 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\DRIVERS\hidir.sys [2009-07-14 37888]
S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]
S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [2009-07-14 332352]
S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [2009-07-14 41040]
S3 intelide;intelide; C:\Windows\system32\DRIVERS\intelide.sys [2009-07-14 15424]
S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [2009-07-14 65536]
S3 isapnp;isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [2009-07-14 46656]
S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys [2009-07-14 186960]
S3 kbdhid;Keyboard HID Driver; C:\Windows\system32\DRIVERS\kbdhid.sys [2009-07-14 28160]
S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 235584]
S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys [2009-07-14 130624]
S3 msahci;msahci; C:\Windows\system32\DRIVERS\msahci.sys [2009-07-14 27712]
S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [2009-07-14 115792]
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 4096]
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2009-07-14 162896]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2009-07-14 6144]
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 12288]
S3 MUXP;My WiFi PAN Mux-IM Protocol Driver; C:\Windows\system32\DRIVERS\mux.sys [2009-02-18 30768]
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 27136]
S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys [2009-07-14 105024]
S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [2009-07-14 117312]
S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [2009-07-14 142416]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys [2009-07-14 62464]
S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys [2009-07-14 31744]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RivaTuner32;RivaTuner32; \??\E:\soft\RivaTuner2.2\RivaTuner32.sys [2009-08-22 9088]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [2009-07-14 85568]
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2009-07-14 26624]
S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys [2009-07-14 19968]
S3 sffdisk;SFF Storage Class Driver; C:\Windows\system32\DRIVERS\sffdisk.sys [2009-07-14 11264]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys [2009-07-14 12288]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys [2009-07-14 12800]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [2009-07-14 40016]
S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [2009-07-14 71168]
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2009-07-14 1285712]
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys [2009-07-14 30208]
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys [2009-07-14 55888]
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys [2009-07-14 57424]
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 8192]
S3 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys [2009-07-14 86016]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbohci.sys [2009-07-14 20480]
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\DRIVERS\usbprint.sys [2009-07-14 19968]
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [2009-07-14 26112]
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-14 159824]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 165376]
S3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 78336]
S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
S3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys [2009-07-14 19968]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys [2009-07-14 21632]
S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WinDriver6;WinDriver6; C:\Windows\system32\drivers\windrvr6.sys []
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-07-14 11264]
S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys [2009-07-14 22096]
S4 ws2ifsl;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\Windows\system32\drivers\ws2ifsl.sys [2009-07-14 16384]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; E:\soft\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; E:\soft\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-05-21 874768]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET); E:\Games\DragonAgeOrigins\tools\toolssql\MSSQL.2\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 nTuneService;Performance Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2009-11-06 191080]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-03-20 129640]
R2 PDAgent;PDAgent; E:\soft\PerfectDisk_10\PDAgent.exe [2010-01-26 939272]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-04-05 75064]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-05-21 473360]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42856]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2009-07-14 22528]
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
R3 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 PDEngine;PDEngine; E:\soft\PerfectDisk_10\PDEngine.exe [2010-01-26 1033480]
R3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2009-07-14 22528]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2009-07-14 3179520]
S3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 878416]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-05-21 211216]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [2009-07-14 12800]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 204800]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2009-07-14 35840]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2009-07-14 452608]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-07-14 1202688]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 ASO3DiskOptimizer;ASO3DiskOptimizer; E:\soft\Advanced System Optimizer 3\ASO3DefragSrv.exe [2009-11-07 239336]
S4 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\Windows\system32\drivers\CDAC11BA.EXE [2010-01-05 39936]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater; E:\Games\DragonAgeOrigins\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S4 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2009-07-14 22528]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-30 135664]
S4 LicCtrlService;LicCtrl Service; C:\Windows\runservice.exe [2010-03-20 16384]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 45408]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; E:\soft\school\VisualStudio2008\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-25 239968]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-20 240232]
S4 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

EDIT: odstranen[code, doufal jsem, ze se to bude cist lepe

[motji]

Dobrý večer
Prosím odstrante log z code, špatně se to čte. děkuji

Poprosím o tento log
C:\ComboFix.txt

[dak]

ComboFix 10-04-12.01 - dak 12.04.2010 20:11:23.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3067.2051 [GMT 2:00]
Spuštěný z: e:\soft\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-12 do 2010-04-12 )))))))))))))))))))))))))))))))
.

2010-04-12 18:15 . 2010-04-12 18:18 -------- d-----w- c:\users\dak\AppData\Local\temp
2010-04-12 18:15 . 2010-04-12 18:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-12 18:15 . 2010-04-12 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-12 10:40 . 2010-04-12 10:59 -------- d-----w- c:\program files\trend micro
2010-04-12 10:40 . 2010-04-12 10:41 -------- d-----w- C:\rsit
2010-04-09 18:19 . 2010-04-09 18:19 -------- d-----w- c:\users\dak\AppData\Local\SourceServer
2010-04-05 19:39 . 2010-04-05 19:39 -------- d-----w- c:\users\dak\AppData\Roaming\NVIDIA
2010-04-04 23:31 . 2010-04-04 23:31 -------- d-----w- c:\users\dak\AppData\Roaming\Avira
2010-04-04 23:29 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-04 23:29 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-04 23:29 . 2009-05-11 09:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-04 23:29 . 2009-05-11 09:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-04 23:29 . 2010-04-04 23:29 -------- d-----w- c:\programdata\Avira
2010-04-03 20:50 . 2010-01-28 14:25 68200 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-04-03 20:50 . 2010-01-28 14:24 57344 ----a-w- c:\windows\system32\nvapo32v.dll
2010-04-03 20:50 . 2010-01-28 14:24 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2010-04-03 20:48 . 2010-04-03 20:48 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2010-04-03 20:35 . 2010-04-03 20:35 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-04-03 19:12 . 2010-04-03 20:35 -------- d-----w- C:\NVIDIA
2010-03-25 22:15 . 2010-04-08 20:02 1 ----a-w- c:\users\dak\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-25 22:15 . 2010-03-25 22:15 -------- d-----w- c:\users\dak\AppData\Roaming\OpenOffice.org
2010-03-25 10:13 . 2010-03-25 10:13 -------- d-----w- c:\programdata\Systweak
2010-03-24 19:30 . 2010-03-24 19:30 -------- d-----w- c:\users\dak\AppData\Local\PunkBuster
2010-03-24 18:06 . 2010-04-11 23:00 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-24 18:06 . 2010-04-05 20:20 138056 ----a-w- c:\users\dak\AppData\Roaming\PnkBstrK.sys
2010-03-24 18:06 . 2010-04-11 23:00 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-24 18:06 . 2010-04-05 20:19 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-24 18:06 . 2010-04-05 20:19 2407792 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-03-24 17:55 . 2010-02-26 12:00 724992 ----a-w- c:\users\dak\AppData\Roaming\Mozilla\Firefox\Profiles\izx0dwx5.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-03-24 17:55 . 2010-02-26 12:00 1291640 ----a-w- c:\users\dak\AppData\Roaming\Mozilla\Firefox\Profiles\izx0dwx5.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-03-23 22:37 . 2004-06-04 16:33 314368 ----a-w- c:\windows\IsUninstR.Exe
2010-03-23 22:34 . 1997-03-24 15:42 314368 ----a-w- c:\windows\IsUninst.exe
2010-03-22 02:53 . 2010-03-22 02:53 -------- d-----w- c:\users\dak\AppData\Local\Activision
2010-03-20 13:39 . 2010-03-20 13:39 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-03-20 13:39 . 2010-03-20 13:39 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-03-20 13:39 . 2010-03-20 13:39 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-03-20 13:39 . 2010-03-20 13:39 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-20 13:39 . 2010-03-20 13:39 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-03-20 13:39 . 2010-03-20 13:39 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-20 13:33 . 2010-04-08 08:33 1865 --sha-w- c:\windows\system32\mmf.sys
2010-03-20 13:33 . 2010-03-20 13:33 48640 ----a-w- c:\windows\mmfs.dll
2010-03-20 13:33 . 2010-03-20 13:33 16384 ----a-w- c:\windows\runservice.exe
2010-03-20 13:33 . 2010-03-20 13:33 348160 ----a-w- c:\windows\msvcr71.dll
2010-03-16 17:14 . 2010-03-16 17:14 -------- d-----w- c:\users\dak\AppData\Local\4A Games
2010-03-16 16:15 . 2010-01-27 04:07 219752 ----a-w- c:\windows\system32\nvcohda.dll
2010-03-16 15:13 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-03-16 15:13 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-03-16 15:13 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-03-16 15:13 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 18:14 . 2009-07-14 08:44 762660 ----a-w- c:\windows\system32\perfh005.dat
2010-04-12 18:14 . 2009-07-14 08:44 175234 ----a-w- c:\windows\system32\perfc005.dat
2010-04-11 22:06 . 2009-12-04 23:41 -------- d-----w- c:\users\dak\AppData\Roaming\gtk-2.0
2010-04-08 11:53 . 2010-03-01 12:08 -------- d-----w- c:\users\dak\AppData\Roaming\WinEdt
2010-04-08 08:34 . 2009-10-19 10:10 -------- d-----w- c:\programdata\NVIDIA
2010-04-06 13:15 . 2010-02-16 15:41 -------- d-----w- c:\users\dak\AppData\Roaming\vlc
2010-04-05 19:57 . 2009-10-19 10:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 19:57 . 2010-02-17 18:07 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-03 20:35 . 2009-10-19 10:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-26 10:16 . 2009-10-19 10:14 67040 ----a-w- c:\users\dak\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-25 21:47 . 2009-10-20 20:10 1 ----a-w- c:\users\dak\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-03-25 21:46 . 2009-10-20 20:10 -------- d-----w- c:\users\dak\AppData\Roaming\OpenOffice.org2
2010-03-16 16:20 . 2009-10-19 10:09 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-04 17:55 . 2010-03-04 17:55 -------- d-----w- c:\program files\Ubisoft
2010-03-04 12:42 . 2010-03-04 12:42 277536 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-03-02 18:58 . 2010-03-02 18:58 249856 ------w- c:\windows\Setup1.exe
2010-03-02 18:58 . 2010-03-02 18:58 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-01 12:20 . 2010-03-01 12:20 -------- d-----w- c:\users\dak\AppData\Roaming\MiKTeX
2010-03-01 11:46 . 2010-03-01 11:46 -------- d-----w- c:\programdata\MiKTeX
2010-02-28 15:41 . 2010-02-28 15:41 -------- d-----w- c:\program files\DFX
2010-02-25 21:44 . 2010-02-25 21:44 -------- d-----w- c:\program files\Xvid
2010-02-24 23:04 . 2010-02-14 02:03 -------- d-----w- c:\users\dak\AppData\Roaming\skypePM
2010-02-24 17:22 . 2010-02-24 17:22 -------- d-----w- c:\program files\Common Files\Java
2010-02-24 17:16 . 2010-02-24 17:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-24 17:16 . 2010-02-24 17:16 -------- d-----w- c:\program files\Java
2010-02-24 12:26 . 2009-10-19 15:59 -------- d-----w- c:\users\dak\AppData\Roaming\Skype
2010-02-24 09:16 . 2009-10-19 11:22 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 23:34 . 2010-02-23 23:30 30534 ----a-w- c:\windows\DIIUnin.dat
2010-02-23 23:30 . 2010-02-23 23:30 2829 ----a-w- c:\windows\DIIUnin.pif
2010-02-23 23:30 . 2010-02-23 23:30 94208 ----a-w- c:\windows\DIIUnin.exe
2010-02-17 04:00 . 2010-02-15 12:17 -------- d-----w- c:\users\dak\AppData\Roaming\Tropico 3
2010-02-14 02:03 . 2010-02-14 02:03 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-02-14 02:03 . 2010-02-14 02:03 -------- d-----w- c:\program files\Common Files\Skype
2010-02-14 02:03 . 2010-02-14 02:03 -------- d-----w- c:\programdata\Skype
2010-02-13 13:41 . 2010-02-13 13:41 -------- d-----w- c:\users\dak\AppData\Roaming\Systweak
2010-02-11 07:10 . 2010-03-06 12:54 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-03 11:24 . 2009-12-03 08:27 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-02-02 07:45 . 2010-02-24 12:04 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-28 03:10 . 2010-01-28 03:10 91 ----a-w- c:\users\dak\AppData\Local\fusioncache.dat
2010-01-26 11:46 . 2010-01-26 11:46 232712 ----a-w- c:\windows\system32\PDBoot.exe
2010-01-21 23:39 . 2010-01-21 23:39 8854 ----a-r- c:\users\dak\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Uninstall_Fahrenheit_8C2B6FBDC8D14FA595F7B3231B7D8CBC.exe
2010-01-21 23:39 . 2010-01-21 23:39 4286 ----a-r- c:\users\dak\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Fahrenheit.exe_B11493A1D18C4B5FAD8D53D777C9C16A.exe
2010-01-21 23:39 . 2010-01-21 23:39 10134 ----a-r- c:\users\dak\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\ARPPRODUCTICON.exe
2010-01-18 23:29 . 2010-02-16 11:35 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-16 11:35 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-16 11:35 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-16 11:35 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-16 11:35 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-16 11:35 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-16 11:35 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-16 11:35 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-12-09 16:00 . 2009-12-09 16:00 20 --sh--w- c:\windows\WINPROD.DLL
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-08-13 10:44 5062920 ----a-w- c:\program files\Protector Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-08-13 10:44 5062920 ----a-w- c:\program files\Protector Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\soft\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-08-13 55048]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"GCTray"="c:\program files\Program DJ\Green Charger\GCTray.exe" [2008-06-10 548864]
"WLSS"="c:\program files\Program DJ\Wireless Switch\WLSS.exe" [2008-05-09 951592]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-06 7772704]
"avgnt"="e:\soft\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-20 13683816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-08-13 10:18 100616 ----a-w- c:\program files\Protector Suite\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0sasnative32

[HKLM\~\startupfolder\C:^Users^dak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fraps.exe]
path=c:\users\dak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fraps.exe
backup=c:\windows\pss\fraps.exe.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- e:\soft\AcrobatReader9\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
2009-11-21 08:21 2377648 ----a-w- e:\soft\Fraps\fraps.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 10:50 136176 ----atw- c:\users\dak\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTuner]
2009-08-22 18:25 24576 ----a-w- e:\soft\RivaTuner2.2\RivaTunerWrapper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2009-08-22 18:25 24576 ----a-w- e:\soft\RivaTuner2.2\RivaTunerWrapper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

R3 ADASPROT;SYSTWEAKASO;e:\soft\Advanced System Optimizer 3\adasprot32.sys [2009-08-17 6656]
R3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-18 30768]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-05-21 211216]
R4 ASO3DiskOptimizer;ASO3DiskOptimizer;e:\soft\Advanced System Optimizer 3\ASO3DefragSrv.exe [2009-11-07 239336]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\DragonAgeOrigins\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-30 135664]
R4 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2010-03-20 16384]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-20 240232]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2007-04-19 9856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-28 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\soft\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);e:\games\DragonAgeOrigins\tools\toolssql\MSSQL.2\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-06 85136]
S3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-18 30768]
S3 netw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-28 4233728]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-04-09 c:\windows\Tasks\ASOService.job
- e:\soft\Advanced System Optimizer 3\ASO3.exe [2010-02-13 14:57]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-30 17:39]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-30 17:39]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266397383-775854498-48628368-1000Core.job
- c:\users\dak\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-22 10:50]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266397383-775854498-48628368-1000UA.job
- c:\users\dak\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-22 10:50]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
FF - ProfilePath - c:\users\dak\AppData\Roaming\Mozilla\Firefox\Profiles\izx0dwx5.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\users\dak\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\dak\AppData\Roaming\Mozilla\Firefox\Profiles\izx0dwx5.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: e:\soft\AcrobatReader9\Reader\browser\nppdf32.dll
FF - plugin: e:\soft\VLC_1.0.5\npvlc.dll

---- NASTAVENÍ FIREFOXU ----
e:\soft\Firefox3\greprefs\all.js - pref("ui.use_native_colors", true);
e:\soft\Firefox3\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\soft\Firefox3\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\soft\Firefox3\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\soft\Firefox3\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\soft\Firefox3\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\soft\Firefox3\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\soft\Firefox3\greprefs\all.js - pref("svg.smil.enabled", false);
e:\soft\Firefox3\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\soft\Firefox3\greprefs\all.js - pref("browser.formfill.debug", false);
e:\soft\Firefox3\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\soft\Firefox3\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\soft\Firefox3\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\soft\Firefox3\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\soft\Firefox3\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\soft\Firefox3\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\soft\Firefox3\greprefs\all.js - pref("html5.enable", false);
e:\soft\Firefox3\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\soft\Firefox3\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\soft\Firefox3\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\soft\Firefox3\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\soft\Firefox3\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\soft\Firefox3\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\soft\Firefox3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\soft\Firefox3\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
e:\soft\Firefox3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\soft\Firefox3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\soft\Firefox3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\soft\Firefox3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\soft\Firefox3\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\soft\Firefox3\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\soft\Firefox3\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\soft\Firefox3\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\soft\Firefox3\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\soft\Firefox3\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\soft\Firefox3\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\soft\Firefox3\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x845DB1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84610800
QueryNameProcedure -> 0x84610990
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(5960)
c:\program files\Protector Suite\farchns.dll
c:\program files\Protector Suite\infql2.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Protector Suite\upeksvr.exe
e:\soft\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
e:\soft\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
e:\soft\PerfectDisk_10\PDAgent.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
e:\soft\PerfectDisk_10\PDEngine.exe
e:\soft\PerfectDisk_10\PDAgentS1.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Protector Suite\psqltray.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2010-04-12 20:22:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-12 18:22
ComboFix2.txt 2010-04-06 10:17

Před spuštěním: 6 713 344
Po spuštění: 991 416 320

- - End Of File - - 6D7E9FA7BCE9683C9E2D2F8D3C7E0844

[motji]

Když už combofix použijete bez doporučení rádce, tak se spouští z plochy z disku, kde je nainstalovaný systém .
A my jsme tu zvyklí číst logy bez citace a code, takže v code se nám to špatně čte, bolí z toho oči .


odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer


Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

[dak]

dobry vecer, omlouvam se za zpozdeni, tady jsou logy:

//////////GMER1/////////////
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-14 18:57:44
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\dak\AppData\Local\Temp\fwryrpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
//////////////////////////////
//////////GMER2/////////////
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-14 19:05:21
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\dak\AppData\Local\Temp\fwryrpow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E052D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E04898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 81E7C5C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EA1052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9BF69C9D 28 Bytes [DE, D0, 89, 1B, 3D, 78, 1E, ...]
.text peauth.sys 9BF69CC1 28 Bytes [DE, D0, 89, 1B, 3D, 78, 1E, ...]
PAGE peauth.sys 9BF6FE20 101 Bytes [E6, 71, D8, 46, 2C, BF, 57, ...]
PAGE peauth.sys 9BF7002C 102 Bytes [81, 29, 62, 9D, 3B, 2B, 3D, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9ED01000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9ED01123 32 Bytes [C5, CF, 9E, FE, 05, 34, C5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50D4 9ED01144 596 Bytes [CF, 9E, A0, 34, C5, CF, 9E, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 9ED01399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 9ED013FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text E:\soft\Firefox3\firefox.exe[4912] ntdll.dll!LdrLoadDll 770CF585 5 Bytes JMP 003F13F0 E:\soft\Firefox3\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2060] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2060] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2060] @ C:\Windows\system32\ole32.dll [ntdll.dll!EtwRegisterTraceGuidsW] [700EB0C6] C:\Windows\AppPatch\AcXtrnal.dll (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad2c9bc
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad2c9bc@00092d289873 0x54 0x36 0xD9 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad2c9bc@0022981b65d0 0x1E 0x8B 0x75 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC1 0x4C 0x5C 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad2c9bc (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad2c9bc@00092d289873 0x54 0x36 0xD9 0xD5 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad2c9bc@0022981b65d0 0x1E 0x8B 0x75 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC1 0x4C 0x5C 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

---- EOF - GMER 1.0.15 ----
//////////////////////////////
////////////MBR//////////////
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys intelppm.sys dxgmms1.sys watchdog.sys dxgkrnl.sys nvlddmkm.sys nvlddmkm.sys
kernel: MBR read successfully
user & kernel MBR OK
//////////////////////////////

[motji]

Jak to ted vypadá s počítačem?

[dak]

zpocatku vypadala situace slibne, ale chvili po nabootovani svchost.exe opet zamestnava jedno jadro a zapisuje na disk zhruba 3MB/s - az desitky GB za odpoledne! - maximum, ktere jsem zaznamenal, bylo asi 45GB (muj systemovy oddil ma 30GB)
kdyz proces ukoncim, situace se na chvili uklidni, nekdy opet zacne, nekdy ne. nemluve ovsem o chovani systemu bez ukoncenych (nerestartovanych) sluzeb

[motji]

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[dak]

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3993

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.4.2010 15:46:56
mbam-log-2010-04-16 (15-46-56).txt

Scan type: Full scan (C:\|D:\|E:\|H:\|)
Objects scanned: 423212
Time elapsed: 3 hour(s), 18 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[motji]

Prosím Vás, můžete mi popsat problém pořádně, případně dát screen. Nějka tomu nerozumím . A v lozích nic špatného nevidím.

[dak]

Tohle lze videt po nekolika hodinach (+-3) behu (vsimnete si zapsanych bajtu). Kombinace vytizeneho jadra a disku zaroven znacne prodluzuje jakoukoliv aktivitu. Obvykle se s odvsivenim nezatezuji a proste cely systemovy oddil obnovim z ciste zalohy, ale tentokrat si alepson 2 mesice nemohu dovolit zmenu konfigurace sw, ktera je rozeseta vsude mozne po registrech.
Nez jsem napsal sem, zkousel jsem vsechna reseni, ktere se mi podarilo nalezt - vymena nVidia ovladacu, vypnuti sluzby Microsoft Update apod. Bohuzel zadny z techto postupu mi nepomohl. Hadam, ze je za to zodpovedna nejaka sluzba. Zkousel jsem metodou pokus/omyl vypinat sluzby patrici k procesu svchost.exe, ale nikam to nevedlo. Proces jde ukoncit, po chvili avsak vytizeni znovu naskoci, ale nektere sluzby se nerestartuji. Pod procesem bezi tyto sluzby: (modre zvyraznene)

Snazim se hledat reseni, ale momentalne mam dulezitejsi veci na praci, proto jsem ze zeptal zde, jestli nekdo nevi o nejakem reseni...

[motji]

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
- otevře se okno, v něm zaškrtněte Scan All Users , File Scan,
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c

-klikněte na tlačítko Run scan.
-proběhne sken a objeví se dva logy, obsah obou vložte zde

[dak]

Nevim, jestli je to puvodne ceskyy software, nebo je prelozeny do cestiny, ale zadny checkbox odpovidajici polozce "File Scan" jsem nenasel.
I preklad Scan All Users -> Pro vsechny uzivatele?

[motji]

Omlouvám se, on byl teprve nedávno počeštěný


Scan All Users - pro všechny uživatele
"File Scan" - prohledat

[dak]

OTL logfile created on: 18.4.2010 23:37:09 - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\dak\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30,00 Gb Total Space | 7,51 Gb Free Space | 25,04% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 0,17 Gb Free Space | 1,74% Space Free | Partition Type: NTFS
Drive E: | 250,09 Gb Total Space | 22,92 Gb Free Space | 9,16% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 982,97 Mb Total Space | 825,44 Mb Free Space | 83,97% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: A02-0339A
Current User Name: dak
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.17 22:41:16 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\dak\Desktop\OTL.exe
PRC - [2010.04.01 19:59:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- E:\soft\Firefox3\firefox.exe
PRC - [2010.03.16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) -- E:\soft\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- E:\soft\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- E:\soft\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.26 13:46:14 | 000,939,272 | ---- | M] (Raxco Software, Inc.) -- E:\soft\PerfectDisk_10\PDAgent.exe
PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- E:\soft\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.06 13:13:20 | 000,191,080 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2009.11.06 13:13:16 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.06 20:08:16 | 007,772,704 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.09.27 16:02:32 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- E:\soft\totalcmd7.50a\TOTALCMD.EXE
PRC - [2009.08.13 12:20:46 | 000,057,096 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite\upeksvr.exe
PRC - [2009.08.13 10:54:28 | 000,438,024 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite\psqltray.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.06.10 23:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
PRC - [2009.05.21 15:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009.05.21 14:06:22 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009.05.21 14:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.11.25 06:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- E:\games\DragonAgeOrigins\tools\toolssql\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2008.06.10 16:58:22 | 000,548,864 | ---- | M] (Compal Electronics, Inc.) -- C:\Program Files\Program DJ\Green Charger\GCTray.exe
PRC - [2008.05.09 16:05:10 | 000,951,592 | ---- | M] (Compal Electronics, Inc.) -- C:\Program Files\Program DJ\Wireless Switch\wlss.exe
PRC - [2007.02.10 15:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2010.04.17 22:41:16 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\dak\Desktop\OTL.exe
MOD - [2009.08.13 12:44:56 | 005,062,920 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite\farchns.dll
MOD - [2009.08.13 09:25:34 | 000,432,392 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite\infql2.dll
MOD - [2009.07.14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009.07.14 03:16:19 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
MOD - [2009.07.14 03:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2009.07.14 03:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
MOD - [2009.07.14 03:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.07.14 03:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2009.07.14 03:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
MOD - [2009.07.14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
MOD - [2009.07.14 03:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
MOD - [2009.07.14 03:16:12 | 002,504,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
MOD - [2009.07.14 03:16:12 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
MOD - [2009.07.14 03:16:12 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2009.07.14 03:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
MOD - [2009.07.14 03:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
MOD - [2009.07.14 03:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.07.14 03:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:08 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2009.07.14 03:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davhlpr.dll
MOD - [2009.07.14 03:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009.07.14 03:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
MOD - [2009.06.10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.03.20 15:33:18 | 000,016,384 | ---- | M] () [Disabled | Stopped] -- C:\Windows\runservice.exe -- (LicCtrlService)
SRV - [2010.03.20 14:18:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\soft\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\soft\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.26 13:46:16 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- E:\soft\PerfectDisk_10\PDEngine.exe -- (PDEngine)
SRV - [2010.01.26 13:46:14 | 000,939,272 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- E:\soft\PerfectDisk_10\PDAgent.exe -- (PDAgent)
SRV - [2010.01.05 01:08:18 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Disabled | Stopped] -- C:\Windows\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- E:\games\DragonAgeOrigins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.11.07 16:57:40 | 000,239,336 | ---- | M] (Systweak Inc.) [Disabled | Stopped] -- E:\soft\Advanced System Optimizer 3\ASO3DefragSrv.exe -- (ASO3DiskOptimizer)
SRV - [2009.11.06 13:13:20 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) Protokol PNRP (Peer Name Resolution Protocol)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalační program ovládacích prvků ActiveX (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.06.10 23:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.06.10 23:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2009.06.10 23:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2009.06.10 23:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009.05.21 15:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009.05.21 15:26:58 | 000,211,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2009.05.21 14:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2008.11.25 06:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Games\DragonAgeOrigins\tools\toolssql\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2008.11.25 06:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.25 06:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007.11.07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\soft\school\VisualStudio2008\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007.02.10 15:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)


========== Driver Services (SafeList) ==========

DRV - [2010.03.23 02:53:18 | 000,120,432 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010.03.20 22:16:51 | 011,573,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.03.04 14:42:58 | 000,277,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010.03.01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.01.28 16:25:03 | 000,068,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.01.05 01:08:09 | 000,008,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2009.10.06 19:52:50 | 002,779,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.09.15 13:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009.08.28 10:33:50 | 000,228,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009.08.22 20:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\soft\RivaTuner2.2\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009.08.20 12:11:30 | 000,073,232 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009.08.17 21:19:22 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\soft\Advanced System Optimizer 3\adasprot32.sys -- (ADASPROT)
DRV - [2009.07.27 04:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.05.28 23:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Ovladač adaptéru Intel(R)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.18 07:08:26 | 000,030,768 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mux.sys -- (MUXP)
DRV - [2009.02.18 07:08:26 | 000,030,768 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mux.sys -- (MUXMP)
DRV - [2007.04.19 15:21:14 | 000,009,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\EMSC.SYS -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========







IE - HKU\S-1-5-21-3266397383-775854498-48628368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3266397383-775854498-48628368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: viewsourceintab@piro.sakura.ne.jp:0.3.2010032902
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\soft\Firefox3\components [2010.04.02 10:33:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\soft\Firefox3\plugins [2010.04.17 13:43:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: E:\soft\Thunderbird\components [2010.03.18 12:22:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: E:\soft\Thunderbird\plugins

[2009.10.19 13:23:59 | 000,000,000 | ---D | M] -- C:\Users\dak\AppData\Roaming\Mozilla\Extensions
[2010.04.06 15:05:12 | 000,000,000 | ---D | M] -- C:\Users\dak\AppData\Roaming\Mozilla\Firefox\Profiles\izx0dwx5.default\extensions
[2010.04.05 11:15:42 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\dak\AppData\Roaming\Mozilla\Firefox\Profiles\izx0dwx5.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.12.13 14:12:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\dak\AppData\Roaming\Mozilla\Firefox\Profiles\izx0dwx5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.24 19:55:33 | 000,000,000 | ---D | M] -- C:\Users\dak\AppData\Roaming\Mozilla\Firefox\Profiles\izx0dwx5.default\extensions\battlefieldheroespatcher@ea.com
[2010.04.06 12:30:21 | 000,000,000 | ---D | M] -- C:\Users\dak\AppData\Roaming\Mozilla\Firefox\Profiles\izx0dwx5.default\extensions\firebug@software.joehewitt.com
[2010.04.04 13:27:15 | 000,000,000 | ---D | M] -- C:\Users\dak\AppData\Roaming\Mozilla\Firefox\Profiles\izx0dwx5.default\extensions\viewsourceintab@piro.sakura.ne.jp

O1 HOSTS File: ([2010.04.18 23:14:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] E:\soft\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GCTray] C:\Program Files\Program DJ\Green Charger\GCTray.exe (Compal Electronics, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WLSS] C:\Program Files\Program DJ\Wireless Switch\wlss.exe (Compal Electronics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3266397383-775854498-48628368-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3266397383-775854498-48628368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 147.229.208.2 147.229.191.135 147.229.3.10
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\Protector Suite\psqlpwd.dll - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.10.04 13:53:53 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.09.23 16:21:09 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.04.12 12:45:17 | 000,000,000 | ---D | M] - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{a056c061-bcaf-11de-9414-001eec50fd60}\Shell - "" = AutoRun
O33 - MountPoints2\{a056c061-bcaf-11de-9414-001eec50fd60}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - C:\Windows\System32\sasnative32.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3266397383-775854498-48628368-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-3266397383-775854498-48628368-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010.04.17 22:48:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.04.17 22:41:15 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\dak\Desktop\OTL.exe
[2010.04.15 21:56:45 | 000,000,000 | ---D | C] -- C:\Users\dak\AppData\Roaming\Malwarebytes
[2010.04.15 21:56:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.15 21:56:16 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.15 21:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.15 21:54:56 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\dak\Desktop\mbam-setup-1.45.exe
[2010.04.12 21:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010.04.12 21:03:26 | 000,000,000 | ---D | C] -- C:\Users\dak\AppData\Roaming\Ubisoft
[2010.04.12 21:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2010.04.12 20:22:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.04.12 20:22:46 | 000,000,000 | ---D | C] -- C:\Users\dak\AppData\Local\temp
[2010.04.12 20:18:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010.04.12 20:04:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.04.12 20:04:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.04.12 12:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.12 12:40:54 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.09 20:19:07 | 000,000,000 | ---D | C] -- C:\Users\dak\AppData\Local\SourceServer
[2010.04.06 12:03:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.04.06 12:03:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.04.06 12:03:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.04.06 12:02:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.04.06 12:00:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.05 21:39:43 | 000,000,000 | ---D | C] -- C:\Users\dak\AppData\Roaming\NVIDIA
[2010.04.05 21:10:11 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.04.05 21:10:11 | 011,573,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.04.05 21:10:11 | 009,386,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010.04.05 21:10:11 | 004,503,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.04.05 21:10:11 | 004,029,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.04.05 21:10:11 | 002,907,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll
[2010.04.05 21:10:11 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.04.05 21:10:11 | 002,009,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.04.05 21:10:11 | 000,316,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010.04.05 21:10:11 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.04.05 21:10:10 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.04.05 21:10:10 | 001,296,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010.04.05 21:10:10 | 000,215,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1910.dll
[2010.04.05 21:10:10 | 000,215,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.04.05 21:10:08 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.04.05 01:31:42 | 000,000,000 | ---D | C] -- C:\Users\dak\AppData\Roaming\Avira
[2010.04.05 01:29:17 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.04.05 01:29:17 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.04.05 01:29:17 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.05 01:29:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.05 01:29:17 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.05 01:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.03 22:50:02 | 000,068,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2010.04.03 22:50:02 | 000,057,344 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\nvapo32v.dll
[2010.04.03 22:50:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nvhdap32.dll
[2010.04.03 22:48:39 | 000,000,000 | ---D | C] -- C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
[2010.04.03 22:35:22 | 000,000,000 | ---D | C] -- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
[2010.04.03 21:12:17 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010.03.26 21:36:05 | 000,000,000 | ---D | C] -- E:\Dokumenty\Square Enix
[2010.03.26 00:15:52 | 000,000,000 | ---D | C] -- C:\Users\dak\AppData\Roaming\OpenOffice.org
[2010.03.25 12:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2010.03.24 21:30:58 | 000,000,000 | ---D | C] -- C:\Users\dak\AppData\Local\PunkBuster
[2010.03.24 20:17:50 | 000,000,000 | ---D | C] -- E:\Dokumenty\Battlefield Heroes
[2010.03.24 00:37:05 | 000,314,368 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninstR.Exe
[2010.03.24 00:34:09 | 000,314,368 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.03.23 02:53:18 | 000,120,432 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\System32\drivers\jmcr.sys
[2010.03.22 19:54:14 | 000,000,000 | ---D | C] -- E:\Dokumenty\Downloads
[2010.03.22 04:53:56 | 000,000,000 | ---D | C] -- C:\Users\dak\AppData\Local\Activision
[2010.03.20 15:39:00 | 013,683,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2010.03.20 15:39:00 | 001,515,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2010.03.20 15:39:00 | 000,985,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2010.03.20 15:39:00 | 000,110,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2010.03.20 15:39:00 | 000,066,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2010.03.20 15:33:17 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcr71.dll
[2009.11.10 20:57:44 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\sbcrreag.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]