VIRY.CZ

Docela často se mi stává, že mám poškozený některý DLL soubory (někdy i jiný; jednou to bylo dokonce přímo EXE od Opery nebo film v AVI).
Vždycky jsou na oddílu E:\ (tam mám programy a hry, tzn. nic systémovýho, spíš jsou poškozený třeba pluginy od Mirandy nebo nějaký knihovny ke hrám...) a jestli jsem to správně odpozoroval, tak to bývá po nepovedeným uspání počítače (asi jednou za 2 týdny se nepovede počítači uspat a po cca 15 minutách se sám natvrdo vypne, nevím proč; pak jsou na discích - podle chkdsk - chyby).

Takže se pokusím aspoň vyloučit (nebo zjistit), že jde o nějakýho červíka apod... Díky za kontrolu!

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jenda at 2010-12-28 12:50:22
Microsoft Windows 7 Professional
System drive C: has 3 GB (11%) free of 31 GB
Total RAM: 4094 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:47, on 28.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
E:\Programy\DAEMON Tools Lite\daemon.exe
C:\Users\Jenda\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Windows\SysWOW64\rundll32.exe
E:\Programy\Logitech\Logitech WebCam Software\LWS.exe
E:\Programy\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
E:\Programy\Opera\opera.exe
E:\Programy\Miranda IM\miranda32.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
I:\setup.exe
C:\Users\Jenda\AppData\Local\Temp\is-VQUA1.tmp\setup.tmp
C:\Users\Jenda\AppData\Local\Temp\is-FCLRJ.tmp\Unpack.dll
C:\Program Files\trend micro\Jenda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=217.91.70.238:8085
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programy\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [IR_SERVER] e:\Programy\Realtek\DVB-T USB DEVICE\IR_SERVER.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programy\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Programy\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Corel File Shell Monitor] e:\Programy\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Jenda\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: e:\programy\vmware\vsocklib.dll
O10 - Unknown file in Winsock LSP: e:\programy\vmware\vsocklib.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - e:\Programy\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\Programy\VMware\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Programy\VMware\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9948 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\CISVC.EXE
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe" -Embedding
"e:\Programy\Sandboxie\SbieSvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe"
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"E:\Programy\VMware\vmware-authd.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\vmnetdhcp.exe
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"E:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
"C:\Users\Jenda\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe"
"E:\Programy\Logitech\SetPoint\SetPoint.exe"
"C:\Windows\System32\rundll32.exe" P17RunE.dll,RunDLLEntry
"E:\Programy\Logitech\Logitech WebCam Software\LWS.exe" /hide
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"E:\Programy\Logitech\SetPoint\x86\SetPoint32.exe"
KHALMNPR.EXE /API
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-35ba2861-0189-438a-b59f-fffc6a94af42 -SystemEventPortName:HostProcess-94bfe9ee-c454-4350-b6f2-d3b4585a781d -IoCancelEventPortName:HostProcess-6752e133-0d31-4f0a-a847-dfde80d7e256 -NonStateChangingEventPortName:HostProcess-e145c506-491e-4a4b-b768-82bd8c30d68c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d9a9b2fc-8364-41e9-9752-72e74b3b6a98
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding
C:\Windows\System32\mobsync.exe -Embedding
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding
"E:\Programy\Opera\opera.exe"
"E:\Programy\7-Zip\7zFM.exe" "C:\Users\Jenda\AppData\Local\Opera\Opera\temporary_downloads\uniws.zip"
"taskhost.exe"
"E:\Programy\Miranda IM\miranda32.exe"
"C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -RESTART
"I:\setup.exe"
"C:\Users\Jenda\AppData\Local\Temp\is-VQUA1.tmp\setup.tmp" /SL5="$9075A,7861335,147456,I:\setup.exe"
"C:\Users\Jenda\AppData\Local\Temp\is-FCLRJ.tmp\Unpack.dll" x I:\data-a.bin -y -dp"E:\Hry\Rockstar Games\Grand Theft Auto IV - Episodes From Liberty City"
\??\C:\Windows\system32\conhost.exe
"C:\Users\Jenda\AppData\Local\Opera\Opera\temporary_downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Programy\Java\jre6\bin\jp2ssv.dll [2009-10-23 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 130576]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2716216]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-11-11 2345848]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"DAEMON Tools Lite"=E:\Programy\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"SansaDispatch"=C:\Users\Jenda\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2010-01-31 79872]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"=RunDll32 P17RunE.dll,RunDLLEntry []
"IR_SERVER"=e:\Programy\Realtek\DVB-T USB DEVICE\IR_SERVER.exe []
"SunJavaUpdateSched"=E:\Programy\Java\jre6\bin\jusched.exe [2009-10-23 149280]
"LogitechQuickCamRibbon"=E:\Programy\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
"Corel File Shell Monitor"=e:\Programy\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe []
"Standby"=C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [2010-04-14 105632]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - E:\Programy\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 76816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - C:\Windows\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-12-15 21:41:47 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 21:41:46 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-12-15 21:41:46 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 21:41:46 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 21:41:46 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 21:41:45 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-12-15 21:41:44 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-12-15 21:41:43 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-12-15 21:41:43 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 21:41:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-12-15 21:41:42 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-12-15 21:41:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2010-12-15 21:41:42 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-12-15 21:41:42 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2010-12-15 21:41:42 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-12-15 21:41:42 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-12-15 21:41:42 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-12-15 21:41:42 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 21:41:42 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 21:41:42 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 21:41:42 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 21:41:42 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 21:41:42 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 21:41:42 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 21:41:41 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-12-15 21:41:41 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2010-12-15 21:41:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-12-15 21:41:41 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 21:41:41 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 21:41:41 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 21:41:39 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 21:41:39 ----A---- C:\Windows\system32\win32k.sys
2010-12-15 21:41:39 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 21:41:39 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 21:41:39 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 21:41:38 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2010-12-15 21:41:38 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2010-12-15 21:41:38 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2010-12-15 21:41:38 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2010-12-15 21:41:38 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-12-15 21:41:38 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 21:41:38 ----A---- C:\Windows\system32\schtasks.exe
2010-12-15 21:41:38 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 21:41:37 ----A---- C:\Windows\SYSWOW64\webio.dll
2010-12-15 21:41:37 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-12-15 21:41:37 ----A---- C:\Windows\system32\webio.dll
2010-12-15 21:41:37 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 21:41:35 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-12-15 21:41:35 ----A---- C:\Windows\system32\tzres.dll
2010-12-15 21:41:29 ----A---- C:\Windows\system32\consent.exe
2010-12-13 20:47:04 ----D---- C:\Program Files\Adobe
2010-12-12 10:37:24 ----D---- C:\Program Files (x86)\Microsoft Office
2010-12-06 20:28:45 ----D---- C:\Program Files (x86)\Corel
2010-12-06 20:27:25 ----D---- C:\ProgramData\Corel
2010-12-06 20:21:03 ----D---- C:\ProgramData\Ulead Systems
2010-12-05 21:58:57 ----D---- C:\Users\Jenda\AppData\Roaming\PACE Anti-Piracy
2010-12-05 21:58:57 ----D---- C:\ProgramData\PACE Anti-Piracy
2010-12-05 21:58:57 ----D---- C:\Program Files\Common Files\PACE Anti-Piracy
2010-12-05 21:58:57 ----A---- C:\Windows\SurCode.INI
2010-12-05 21:57:32 ----D---- C:\Users\Jenda\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-12-05 21:47:28 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2010-12-05 21:43:35 ----D---- C:\Program Files (x86)\Adobe Media Player
2010-12-05 21:43:12 ----N---- C:\Windows\system32\drivers\PxHlpa64.sys
2010-12-05 21:43:12 ----N---- C:\Windows\system32\drivers\cdralw2k.sys
2010-12-05 21:43:12 ----N---- C:\Windows\system32\drivers\cdr4_xp.sys
2010-12-05 21:43:12 ----D---- C:\Program Files (x86)\My Company Name
2010-12-05 15:06:06 ----A---- C:\Windows\WA.INI
2010-12-02 18:26:38 ----SHD---- C:\ProgramData\SecuROM
2010-12-01 16:49:42 ----D---- C:\Users\Jenda\AppData\Roaming\gtk-2.0

======List of files/folders modified in the last 1 months======

2010-12-28 12:50:47 ----D---- C:\Program Files\trend micro
2010-12-28 12:50:17 ----D---- C:\Windows\Temp
2010-12-28 11:13:06 ----D---- C:\Windows\system32\config
2010-12-28 11:12:59 ----SHD---- C:\System Volume Information
2010-12-28 11:05:55 ----D---- C:\Windows\System32
2010-12-28 11:05:55 ----D---- C:\Windows\inf
2010-12-28 11:05:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-28 11:02:32 ----D---- C:\Windows
2010-12-28 11:01:53 ----D---- C:\ProgramData\VMware
2010-12-28 11:01:45 ----D---- C:\ProgramData\NVIDIA
2010-12-28 10:53:24 ----A---- C:\Windows\ntbtlog.txt
2010-12-27 20:21:56 ----D---- C:\Windows\system32\drivers
2010-12-27 20:21:55 ----D---- C:\Windows\system32\catroot
2010-12-27 20:21:54 ----D---- C:\Windows\system32\DriverStore
2010-12-27 16:50:57 ----D---- C:\Windows\SYSWOW64\drivers
2010-12-27 16:46:59 ----A---- C:\Windows\Sandboxie.ini
2010-12-27 13:46:05 ----SHD---- C:\Windows\Installer
2010-12-27 13:46:00 ----SHD---- C:\Config.Msi
2010-12-27 13:45:52 ----D---- C:\Program Files (x86)\Google
2010-12-27 13:38:15 ----D---- C:\Windows\Prefetch
2010-12-23 11:13:50 ----D---- C:\Program Files (x86)\Common Files
2010-12-21 20:18:39 ----D---- C:\Users\Jenda\AppData\Roaming\FileZilla
2010-12-21 18:23:23 ----D---- C:\Users\Jenda\AppData\Roaming\Mozilla
2010-12-19 12:05:18 ----ASD---- C:\ProgramData\Microsoft
2010-12-17 19:49:20 ----D---- C:\Windows\winsxs
2010-12-17 19:46:54 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-12-17 19:46:54 ----D---- C:\Windows\SysWOW64
2010-12-17 19:46:54 ----D---- C:\Windows\system32\cs-CZ
2010-12-17 19:46:53 ----D---- C:\Program Files\Windows Mail
2010-12-17 19:46:53 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-17 19:46:52 ----D---- C:\Windows\SYSWOW64\migration
2010-12-17 19:46:52 ----D---- C:\Windows\system32\migration
2010-12-17 19:46:52 ----D---- C:\Program Files\Internet Explorer
2010-12-17 19:46:52 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-15 21:42:37 ----A---- C:\Windows\system32\MRT.exe
2010-12-15 21:41:24 ----D---- C:\Windows\system32\catroot2
2010-12-14 20:18:28 ----AD---- C:\ProgramData\TEMP
2010-12-14 19:14:02 ----RSD---- C:\Windows\Fonts
2010-12-13 21:47:19 ----D---- C:\Users\Jenda\AppData\Roaming\Adobe
2010-12-13 20:50:13 ----D---- C:\Program Files\Common Files\Adobe
2010-12-13 20:47:33 ----SD---- C:\Users\Jenda\AppData\Roaming\Microsoft
2010-12-13 20:47:04 ----RD---- C:\Program Files
2010-12-13 20:46:07 ----D---- C:\ProgramData\Adobe
2010-12-13 20:37:09 ----D---- C:\Program Files (x86)\Adobe
2010-12-12 23:03:20 ----D---- C:\Users\Jenda\AppData\Roaming\VMware
2010-12-12 10:37:29 ----D---- C:\ProgramData\Microsoft Help
2010-12-12 10:37:29 ----A---- C:\Windows\win.ini
2010-12-12 10:37:24 ----RD---- C:\Program Files (x86)
2010-12-06 20:29:03 ----HD---- C:\Windows\msdownld.tmp
2010-12-06 20:27:25 ----HD---- C:\ProgramData
2010-12-06 20:20:43 ----RSD---- C:\Windows\assembly
2010-12-06 20:03:41 ----D---- C:\Windows\SYSWOW64\wbem
2010-12-06 19:54:54 ----D---- C:\Windows\SYSWOW64\Setup
2010-12-06 19:54:54 ----D---- C:\Windows\SYSWOW64\oobe
2010-12-06 19:54:54 ----D---- C:\Windows\SYSWOW64\MUI
2010-12-06 19:54:53 ----D---- C:\Windows\SYSWOW64\DriverStore
2010-12-06 19:54:53 ----D---- C:\Windows\SYSWOW64\config
2010-12-06 19:54:53 ----D---- C:\Windows\SYSWOW64\com
2010-12-06 19:52:31 ----D---- C:\Temp
2010-12-06 19:48:12 ----A---- C:\Windows\WDICT32.INI
2010-12-06 16:43:54 ----D---- C:\Windows\system32\Tasks
2010-12-05 21:58:57 ----D---- C:\Program Files\Common Files\System
2010-12-05 21:58:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-12-05 21:58:57 ----D---- C:\Program Files\Common Files
2010-12-05 21:28:48 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-12-02 18:24:21 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-09-27 871408]
R1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [2010-06-21 2793064]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2007-02-18 296816]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 145336]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-11-16 169080]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-11-16 44944]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2010-08-01 38448]
R2 vmci;VMware vmci; \??\C:\Windows\system32\drivers\vmci.sys [2010-08-01 80944]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2010-08-01 45104]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2010-08-01 30256]
R2 VMparport;VMware VMparport; \??\C:\Windows\system32\drivers\VMparport.sys [2010-08-01 18480]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2010-08-01 68656]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\E:\Programy\VMware\vstor2-ws60.sys [2010-04-27 32816]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-06-19 33608]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-26 21832]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 55312]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 57872]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2009-06-17 40976]
R3 lvpopf64;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]
R3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 P17;SB Live! 24-bit; C:\Windows\system32\drivers\P17.sys [2007-11-16 1276928]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 42912]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2010-07-01 224488]
R3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2010-07-01 39016]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
R3 SbieDrv;SbieDrv; \??\e:\Programy\Sandboxie\SbieDrv.sys [2010-02-03 134760]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2010-08-01 31792]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2010-08-01 20016]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 79760]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2009-06-17 30736]
S3 LVPr2Mon;LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 tapoas;TAP-Win32 Adapter OAS; C:\Windows\system32\DRIVERS\tapoas.sys [2010-07-11 30720]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2010-08-01 37680]
S3 WinUsb;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CISVC;@%systemroot%\system32\CISVC.EXE,-1; C:\Windows\system32\CISVC.EXE [2009-07-14 19456]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2009-11-16 735960]
R2 LVPrcS64;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 159336]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 SbieSvc;Sandboxie Service; e:\Programy\Sandboxie\SbieSvc.exe [2010-02-03 94440]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
R2 VMAuthdService;VMware Authorization Service; E:\Programy\VMware\vmware-authd.exe [2010-08-01 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\syswow64\vmnetdhcp.exe [2010-08-01 334384]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-08-01 539184]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\syswow64\vmnat.exe [2010-08-01 399920]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe [2010-06-21 538000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 23296]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-12 655624]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 160784]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 ufad-ws60;VMware Agent Service; E:\Programy\VMware\vmware-ufad.exe [2010-04-27 191024]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-22 1255736]

-----------------EOF-----------------

Dobrý večer

Já bych raději nejdřív zkontrolovala disk

stáhněte
http://www.slunecnice.cz/sw/crystaldiskinfo/
- spusťte ho a v nabídce zvolte Kopírovat.
-Data ze schránky sem pak vložte pomocí Ctrl+V

Jestli ten program jen kontroluje SMART, tak ten jsem už několikrát kontroloval v Everestu a je naprosto bez problémů. Na jiným fóru mi ještě poradili chkdsk s parametrem /r (kontrola povrchu disku), tak jsem ho nechal ty asi 4 hodiny běžet a taky nenašel žádný problémy (a pak už raději ani nikdo neradil

).

Nevím jestli jen SMART, ale zkuste ho, běží jen chviličku

Tak tady je ten CrystalDisk. Chyby se objevujou na disku Samsung, ale jenom na oddílu E: (pak na něm mám ještě C:, ale tam se nikdy žádnej problém neobjevil).

----------------------------------------------------------------------------
CrystalDiskInfo 3.9.4 (C) 2008-2010 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 [6.1 Build 7600] (x64)
Date : 2011/01/02 18:19:04

-- Controller Map ----------------------------------------------------------
- ATA Channel 3 (3) [ATA]
- ATA Channel 4 (4) [ATA]
- ATA Channel 5 (5) [ATA]
+ ATA Channel 0 (0) [ATA]
- TOSHIBA DVD-ROM SD-M1612 ATA Device
- HL-DT-ST DVDRRW GSA-4166B ATA Device
- ATA Channel 1 (1) [ATA]
+ Standardní řadič AHCI 1.0 s rozhraním Serial ATA [ATA]
+ ATA Channel 0 (0)
- SAMSUNG HD642JJ ATA Device
+ ATA Channel 1 (1)
- ST3200826AS ATA Device
- ATA Channel 2 (2)
- ATA Channel 3 (3)
- ATA Channel 4 (4)
- ATA Channel 5 (5)
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ ATA Channel 2 (2) [ATA]
- HL-DT-ST DVDRAM GH22LS50 ATA Device
+ AMRVUB2G IDE Controller [SCSI]
- GTO O5AF8LQ7 SCSI CdRom Device

-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HD642JJ : 640.1 GB [0-2-0, pd1]
(2) ST3200826AS : 200.0 GB [1-3-0, pd1]

----------------------------------------------------------------------------
(1) SAMSUNG HD642JJ
----------------------------------------------------------------------------
Model : SAMSUNG HD642JJ
Firmware : 1AA01113
Serial Number : S1AFJ9BQA01652
Disk Size : 640.1 GB (8.4/137.4/640.1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 1250261615
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ATA8-ACS version 3b
Transfer Mode : SATA/300
Power On Hours : 6145 hod.
Power On Count : 1805 krát
Temparature : 31 C (87 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : FE00h [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 _98 _51 000000000001 Počet chyb čtení
03 _85 _85 _11 000000001504 Čas na roztočení ploten
04 _98 _98 __0 000000000716 Počet spuštění/zastavení
05 100 100 _10 000000000000 Počet přemapovaných sektorů
07 100 100 _51 000000000000 Počet chybných hledání
08 100 100 _15 000000000000 Čas potřebný na vyhledání
09 _99 _99 __0 000000001801 Hodin v činnosti
0A 100 100 _51 000000000001 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _98 _98 __0 00000000070D Počet cyklů zapnutí zařízení
0D 100 100 __0 000000000000 Počet pokusů o softvérové opravení chyb při čtení programů z disku
B7 100 100 __0 000000000006 Neznámý
B8 100 100 __0 000000000000 Ukončovacích chyb
BB 100 100 __0 000000000001 Ohlášeno neopravitelných chyb
BC 100 100 __0 000000000000 Časový limit příkazu
BE _77 _38 __0 000017130017 Teplota toku vzduchu
C2 _69 _37 __0 0C4D1F13001F Teplota
C3 100 100 __0 000000013D6D Počet oprav chybného čtení
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 100 100 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 100 __0 000000000000 Počet chyb při zápisu sektorů
C9 253 253 __0 000000000000 Počet chyb při čtení programů z disku

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 40 00 FF 3F 37 C8 10 00 56 88 2A 02 3F 00 00 00
010: 00 00 00 00 31 53 46 41 39 4A 51 42 30 41 36 31
020: 32 35 20 20 20 20 20 20 03 00 00 80 04 00 41 31
030: 30 41 31 31 33 31 41 53 53 4D 4E 55 20 47 44 48
040: 34 36 4A 32 20 4A 20 20 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 10 80
060: 00 00 00 2F 00 40 00 02 00 02 07 00 FF 3F 10 00
070: 3F 00 10 FC FB 00 00 01 FF FF FF 0F 00 00 07 04
080: 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00 00
090: 00 00 00 00 00 00 1F 00 06 17 00 00 4C 00 40 00
0A0: F8 00 52 00 6B 74 69 7F 33 41 69 74 41 BC 23 41
0B0: FF 00 3A 00 3A 00 00 00 FE FF 00 00 00 FE 08 00
0C0: 05 00 5D 00 A0 86 01 00 6F 7A 85 4A 00 00 00 00
0D0: 64 00 00 00 00 00 00 00 00 50 00 0F 0A 07 25 61
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1C 40
0F0: 1C 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 3F 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 01 00 00 04 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A5 C1

----------------------------------------------------------------------------
(2) ST3200826AS
----------------------------------------------------------------------------
Model : ST3200826AS
Firmware : 3.03
Serial Number : 4ND0F4NZ
Disk Size : 200.0 GB (8.4/137.4/200.0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 390721968
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : SATA/150
Power On Hours : 14970 hod.
Power On Count : 5062 krát
Temparature : 39 C (102 F)
Health Status : Dobrý
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 _54 _46 __6 000006E2BE41 Počet chyb čtení
03 _98 _98 __0 000000000000 Čas na roztočení ploten
04 _96 _96 _20 0000000013A4 Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _90 _60 _30 0000385D753F Počet chybných hledání
09 _83 _83 __0 000000003A7A Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _96 _96 _20 0000000013C6 Počet cyklů zapnutí zařízení
C2 _39 _69 __0 000D00000027 Teplota
C3 _54 _46 __0 000006E2BE41 Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
CA 100 253 __0 000000000000 Počet chyb při směrování údajů

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 5A 0C FF 3F 37 C8 10 00 00 00 00 00 3F 00 00 00
010: 00 00 00 00 20 20 20 20 20 20 20 20 20 20 20 20
020: 4E 34 30 44 34 46 5A 4E 00 00 00 40 04 00 2E 33
030: 33 30 20 20 20 20 54 53 32 33 30 30 32 38 41 36
040: 20 53 20 20 20 20 20 20 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 10 80
060: 00 00 00 2F 00 40 00 02 00 02 07 00 FF 3F 10 00
070: 3F 00 10 FC FB 00 10 00 FF FF FF 0F 00 00 07 04
080: 03 00 78 00 78 00 F0 00 78 00 00 00 00 00 00 00
090: 00 00 00 00 00 00 1F 00 02 05 00 00 40 00 40 00
0A0: FE 00 00 00 6B 34 01 7D 23 40 69 34 01 3C 23 40
0B0: 7F 00 00 00 00 00 FE FE FE FF 00 00 00 80 00 00
0C0: 00 00 00 00 00 00 00 00 B0 F1 49 17 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 09 00 B0 F1 49 17 B0 F1 49 17 20 20 02 00 B6 42
110: 00 00 8A 00 06 3C 0A 3C 00 00 C6 07 00 01 00 08
120: 0F 0F 00 12 02 00 80 00 00 00 00 00 A0 00 02 02
130: 00 00 04 04 00 00 00 00 00 00 00 00 00 01 0B 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A5 F8

Já vidím chyby na obou discích, bohužel v tomto se až tak moc nevyznám, poprosím kolegu o kuk na logy

Můžete ještě udělat kontrolu disků přes program HD tune

Stahněte HD tune http://www.slunecnice.cz/sw/hd-tune/
-zvolete poslední záložku Error scan
-dejte skenovat, trvá to kolem hodiny.
-pak napište jestli jste měl nějaká políčka červená

Dobrý večer, nějaká malá chyba u toho Samsungu byla
BB 100 100 __0 000000000001 Ohlášeno neopravitelných chyb (při čtení z disku se nepovedlo dopočítat poškozená data)
Hodnota je však nízká a spíše bych to viděl na poškození souborového systému kvůli tomu restartu při uspávání.
Možnost poškozeného disku tu však je.
Mrkněte se do složky Windows\Minidump, zda tam nemáte nějaké soubory. Pokud ano, upněte je na http://www.leteckaposta.cz.
Popište mi také jak probíhá ten problém s uspáváním. (co se děje na obrazovce)
Dále vyexportujte a upněte systémový protokol:
Ovládací panely->Nástroje pro správu->Prohlížeč událostí->Protokoly systému Windows->klik pravým myšítkem na Systém->Uložit všechny události jako->uložte to jako .evtx a ten soubor upněte.

Kolegyně s vámi bude pokračovat v kontrole na výskyt malwaru.

Jinak Samsung má vlastní utilitu na testování disků http://www.samsung.com/global/business/ ... _Tool.html

motji: No, u žádný hodnoty není v tabulce nic jako že to je chyba, (u HDtune všude OK), stav dobrý...
Sken v HDtune na tom 640 GB disku trval přes 2 hodiny, ale žádná chyba se taky neobjevila.

MiliNess: Tý utility se trošku děsím, tam jsou takový warningy, že mám skoro strach, abych nemusel znova formátovat a instalovat systém

(hlavně nemám kam zálohovat :-/ )
Ve Windows\Minidump jsou jen dva soubory a ty jsou z minulýho února resp. dubna. Systém se špatně uspává daleko častěji a ty problémy se souborama mám až poslední cca půl rok.
//edit: ještě jsem přehlídl ten prostředek příspěvku (nebo tam nebyl?

)
Na obrazovce se nic neděje. Prostě dám "Režim spánku" (mám nastavenej hybridní, tzn. paměť nezůstává jen v RAM, ale uloží se i na disk, aby se systém obnovil i když vypadne elektrika), hned zhasne obrazovka jako normálně. Jenže počítač se neuspí a po delší době (5-15 minut?) se vypne. Obrazovka je celou dobu už vypnutá.
Ten log je tady, jen se omlouvám, ale nevím, kdy se takhle blbě uspal naposledy (posledních cca 5 dní ne). Každopádně jsem se tam už párkrát koukal a žádnej error ani warning okolo času uspání nebyl

Snad není problém, že je zabalený v 7zip.
http://leteckaposta.cz/481857648

A ty problémy s uspáváním trvají déle než půl roku?

Já myslím že ano, protože uspávám už několik roků a to, že se to občas nepovede, mi přijde celkem normální (občas se to nepovedlo ani na starších sestavách).

Koukneme ještě na viry

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

Tady je log...
Po restartu počítače mi to napsalo, že program PEV.cfxxe přestal pracovat. Když jsem kliknul na ukončit, tak to okno vyskočilo znova a to se ještě několikrát zopakovalo.
A taky by mě zajímalo, proč to smazalo ten soubor "e:\system\Documents\kmplayer 1435.reg" - tam jsem ukládal minulý týden zálohu nastavení KMPlayeru.

ComboFix 11-01-02.03 - Jenda 03.01.2011 9:56.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.4094.3114 [GMT 1:00]
Spuštěný z: c:\users\Jenda\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jenda\AppData\Roaming\avdrn.dat
c:\windows\TEMP\logishrd\LVPrcInj02.dll
c:\windows\XSxS
E:\install.exe
e:\system\Documents\kmplayer 1435.reg
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-03 do 2011-01-03 )))))))))))))))))))))))))))))))
.

2011-01-02 21:01 . 2011-01-02 21:01 -------- d-----w- c:\program files (x86)\HD Tune
2011-01-02 19:58 . 2011-01-02 19:58 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43C254C6-3CDB-4F2B-92FA-56DF3C876B93}\gapaengine.dll
2011-01-02 19:58 . 2010-11-09 20:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F240D665-F863-4717-B615-DFBB699EE603}\mpengine.dll
2011-01-02 19:54 . 2011-01-02 20:35 -------- d-----w- c:\programdata\Comodo
2011-01-02 19:54 . 2011-01-02 19:54 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-01-02 19:53 . 2011-01-02 19:54 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-02 17:18 . 2011-01-02 17:18 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2010-12-31 11:38 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17801419-F729-41C9-AD57-833B41CE1A8A}\mpengine.dll
2010-12-31 01:01 . 2010-12-31 01:01 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2010-12-31 01:00 . 2010-12-31 01:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-12-30 20:12 . 2010-12-30 20:12 -------- d-----w- c:\program files (x86)\DOOM 3
2010-12-30 11:13 . 2004-10-22 01:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2010-12-30 11:13 . 2004-10-22 01:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2010-12-30 11:13 . 2004-10-22 01:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2010-12-30 11:13 . 2004-10-22 01:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2010-12-30 11:13 . 2004-10-22 01:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2010-12-30 11:13 . 2010-12-30 11:13 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-12-30 11:13 . 2010-12-30 11:13 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-12-29 14:43 . 2010-12-29 14:43 -------- d-----w- c:\users\Jenda\AppData\Roaming\Ace
2010-12-29 14:22 . 2010-12-29 14:25 -------- d-----w- c:\users\Jenda\AppData\Roaming\Bioshock
2010-12-29 00:42 . 2010-12-29 00:42 285480 ----a-w- c:\windows\SysWow64\guard32.dll
2010-12-28 22:27 . 2010-12-28 22:27 -------- d-----w- c:\users\Jenda\AppData\Local\Targem
2010-12-28 10:24 . 2010-12-28 10:25 -------- d-----w- c:\users\Jenda\AppData\Local\NFS Underground 2
2010-12-24 16:20 . 2010-12-27 14:16 4096 ----a-w- C:\aaaa.bin
2010-12-23 10:13 . 2010-12-23 10:13 -------- d-----w- c:\program files (x86)\Common Files\DVBViewer Shared
2010-12-07 18:10 . 2010-12-07 18:10 -------- d-----w- c:\users\Jenda\AppData\Local\SKIDROW
2010-12-06 19:28 . 2010-12-06 19:28 -------- d-----w- c:\program files (x86)\Corel
2010-12-06 19:27 . 2010-12-06 19:27 -------- d-----w- c:\programdata\Corel
2010-12-06 19:25 . 2010-12-06 19:25 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2010-12-06 19:22 . 2010-12-06 19:25 -------- d-----w- c:\program files (x86)\Common Files\Corel
2010-12-06 19:21 . 2010-12-06 19:28 -------- d-----w- c:\programdata\Ulead Systems
2010-12-06 19:21 . 2010-12-06 19:21 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems
2010-12-06 19:03 . 2010-12-06 19:03 -------- d-----w- c:\windows\SysWow64\wbem\Logs
2010-12-06 18:51 . 2010-12-06 19:04 -------- d-----w- c:\users\Jenda\AppData\Local\NOS
2010-12-05 20:58 . 2010-12-05 20:58 -------- d-----w- c:\users\Jenda\AppData\Roaming\PACE Anti-Piracy
2010-12-05 20:58 . 2010-12-05 20:58 -------- d-----w- c:\users\Jenda\AppData\Local\PACE Anti-Piracy
2010-12-05 20:58 . 2010-12-05 20:58 -------- d-----w- c:\programdata\PACE Anti-Piracy
2010-12-05 20:58 . 2010-12-05 20:58 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-12-05 20:57 . 2010-12-05 20:57 -------- d-----w- c:\users\Jenda\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-12-05 20:47 . 2010-12-13 19:32 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-12-05 20:43 . 2010-12-05 20:43 -------- d-----w- c:\program files (x86)\Adobe Media Player
2010-12-05 20:43 . 2010-12-05 20:43 -------- d-----w- c:\program files (x86)\My Company Name
2010-12-05 20:43 . 2010-12-05 20:43 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2010-12-05 20:41 . 2010-12-05 20:41 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-03 00:32 . 2009-09-26 20:02 5954 --sha-w- c:\programdata\KGyGaAvL.sys
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="e:\programy\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SansaDispatch"="c:\users\Jenda\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-01-31 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="e:\programy\Java\jre6\bin\jusched.exe" [2009-10-23 149280]
"LogitechQuickCamRibbon"="e:\programy\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-04-14 105632]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - e:\programy\Logitech\SetPoint\SetPoint.exe [2008-12-25 1207312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-07-11 30720]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-22 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-26 871408]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2010-06-21 2793064]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-12-29 250008]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-12-29 39376]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-08-01 80944]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-08-01 539184]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 42912]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-07-01 224488]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2010-07-01 39016]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 2345848]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"COMODO Internet Security"="e:\programy\COMODO Internet Security\COMODO\COMODO Internet Security\cfp.exe" [2010-12-29 8862024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=217.91.70.238:8085
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download All Links with IDM
IE: Download with IDM
IE: E&xportovat do aplikace Microsoft Excel - e:\programy\MICROS~1\Office12\EXCEL.EXE/3000
LSP: e:\programy\VMware\vsocklib.dll
.
.
------- Asociace souborů -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Wow6432Node-HKLM-Run-P17RunE - P17RunE.dll
Wow6432Node-HKLM-Run-IR_SERVER - e:\programy\Realtek\DVB-T USB DEVICE\IR_SERVER.exe
Wow6432Node-HKLM-Run-Corel File Shell Monitor - e:\programy\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-MetaProducts Portable Download Manager - e:\programy\Portable Download Manager\pdownloadmanager.exe

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-958960618-1215407809-944795458-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n*$*" \OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:47,7c,2b,2e,2b,b1,93,d4,2d,65,b4,fd,89,c4,0e,d7,a8,20,f3,76,28,
3a,af,11,b0,5e,89,4f,8b,93,37,5a,65,3c,ed,45,c6,00,9e,d5,74,9f,1c,31,0e,b1,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:47,7c,2b,2e,2b,b1,93,d4,2d,65,b4,fd,89,c4,0e,d7,a8,20,f3,76,28,
3a,af,11,b0,5e,89,4f,8b,93,37,5a,65,3c,ed,45,c6,00,9e,d5,74,9f,1c,31,0e,b1,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\vmnat.exe
e:\programy\VMware\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\windows\SysWOW64\rundll32.exe
e:\programy\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Celkový čas: 2011-01-03 10:11:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-03 09:11

Před spuštěním: 2 187 632 640
Po spuštění: 2 636 279 808

- - End Of File - - 0B158D69E78CC2DE6DA5CABA5A5AFE44

Combofix má občas svoje bugy. Jdete do složky qoobox , je na disku Ca vytáhněte si ho odtud, jen mu umažte koncovku vir

.

Změnilo se něco u počítače?

Myslíte po tom proskenování ComboFixem? Ničeho jsem si nevšiml. Jestli máte na mysli ohledně těch problémů s uspáváním / poškozováním souborů, tak ty se dějí tak nepravidelně, že hned teď to neřeknu, to spíš až tak za týden nebo dva.

Dobře, byla bych ráda, kdyby jste pc pár dní sledoval a pak dal vědět. Můžete pc proskenovat ještě AVptoolem

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

VIRY.CZ

Často mám poškozené DLL apod.

Často mám poškozené DLL apod.

Re: Často mám poškozené DLL apod.

Re: Často mám poškozené DLL apod.

Re: Často mám poškozené DLL apod.

Re: Často mám poškozené DLL apod.

Re: Často mám poškozené DLL apod.

Re: Často mám poškozené DLL apod.

Re: Často mám poškozené DLL apod.

Re: Často mám poškozené DLL apod.

Re: Často mám poškozené DLL apod.

Re: Často mám poškozené DLL apod.

Re: Často mám poškozené DLL apod.

Re: Často mám poškozené DLL apod.

Re: Často mám poškozené DLL apod.

Re: Často mám poškozené DLL apod.