VIRY.CZ

Takze vsechny zdravim, dost dlouho jsem otalel nez sem napisu ale jak tak koukam uz to je v bodu kdy mne to celkem dost stve, zprvu jsem myslel ze jde o ovladace, pote sem vsak zjistil ze se mylim Vsechny testy HDD se zdaji byt ok, pomoci HDD Regeneratoru,zadny vadny sektor ostatni hdd sem netestoval , 2x sem udelal test pameti nic to neznamena po nekolika hodinach v memtestu, system mam Win 7x64 z duvodu vymeny desky sem musel preinstalovat doufam v to ze se nejedna o problem se zakladni deskou to by byl faktr hodne spatne,uplne nova a vadna no,muze to byt i tou ramkou zprvu sem myslel ze slo o prach, tudiz pisiu sem jako posledni moznost a diky , omlouvam se za cestinu ale neni to moje silna stranka jinak sem si tady jako radu co sem nasel od nekoho kdo mnel taky bsody, jen chci podotknout ze se jedna o pravidelne jako by necim spoustene modre obrazovky smrti,a hlaska se pokazde lisi, tudiz by mohlo jit i o vir jenze ani koontrola v safe modu se mi nezdarila vzsdy mi to zmrzne po nekolika hodinach, at malware bytes nebo adaaware jsem zoufaly PS: poslednich par logu z whocrashed

windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
CPU: AuthenticAMD AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ AMD586, level: 15
2 logical processors, active mask: 3
RAM: 2146754560 total
VM: 2147352576, free: 1958498304



--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.


On Thu 15.12.2011 19:40:06 GMT your computer crashed
crash dump file: C:\Windows\Minidump\121511-157671-01.dmp
This was probably caused by the following module: win32k.sys (win32k+0x7F62C)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF9600009F62C, 0xFFFFF88005FF4D80, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\win32k.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Thu 15.12.2011 19:40:06 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: wow64cpu.sys (wow64cpu!TurboDispatchJumpAddressEnd+0x6C0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF9600009F62C, 0xFFFFF88005FF4D80, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: wow64cpu.sys .
Google query: wow64cpu.sys SYSTEM_SERVICE_EXCEPTION




On Thu 15.12.2011 17:25:20 GMT your computer crashed
crash dump file: C:\Windows\Minidump\121511-166859-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002AAB19C, 0xFFFFF880070F5CD0, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Wed 14.12.2011 14:45:42 GMT your computer crashed
crash dump file: C:\Windows\Minidump\121411-192921-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0x3D (0xFFFFF8800311AEE0, 0x0, 0x0, 0xFFFFF8800F47EA31)
Error: INTERRUPT_EXCEPTION_NOT_HANDLED
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check appears very infrequently.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Tue 13.12.2011 14:35:14 GMT your computer crashed
crash dump file: C:\Windows\Minidump\121311-162437-01.dmp
This was probably caused by the following module: win32k.sys (win32k+0x225300)
Bugcheck code: 0xC2 (0x7, 0x109B, 0xA918, 0xFFFFF900C0C03E50)
Error: BAD_POOL_CALLER
file path: C:\Windows\system32\win32k.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
Bug check description: This indicates that the current thread is making a bad pool request.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Tue 13.12.2011 4:36:32 GMT your computer crashed
crash dump file: C:\Windows\Minidump\121311-184000-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0xA (0x7FFFFFD8000, 0x2, 0x1, 0xFFFFF80002AE9D32)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sun 11.12.2011 23:05:27 GMT your computer crashed
crash dump file: C:\Windows\Minidump\121211-177609-01.dmp
This was probably caused by the following module: nvlddmkm.sys (nvlddmkm+0x267F6A)
Bugcheck code: 0xD1 (0x9, 0x8, 0x1, 0xFFFFF8800F474F6A)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\nvlddmkm.sys
product: NVIDIA Windows Kernel Mode Driver, Version 285.62
company: NVIDIA Corporation
description: NVIDIA Windows Kernel Mode Driver, Version 285.62
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 285.62 , NVIDIA Corporation).
Google query: nvlddmkm.sys NVIDIA Corporation DRIVER_IRQL_NOT_LESS_OR_EQUAL




On Sun 11.12.2011 16:24:15 GMT your computer crashed
crash dump file: C:\Windows\Minidump\121111-189296-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0xA (0xE57, 0x2, 0x0, 0xFFFFF80002A9EDEC)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sun 11.12.2011 16:11:21 GMT your computer crashed
crash dump file: C:\Windows\Minidump\121111-184187-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC10)
Bugcheck code: 0x1E (0x0, 0x0, 0x0, 0x0)
Error: KMODE_EXCEPTION_NOT_HANDLED
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sun 11.12.2011 15:37:48 GMT your computer crashed
crash dump file: C:\Windows\Minidump\121111-229328-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0x1A (0x41287, 0x0, 0x0, 0x0)
Error: MEMORY_MANAGEMENT
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a severe memory management error occurred.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sun 11.12.2011 12:13:21 GMT your computer crashed
crash dump file: C:\Windows\Minidump\121111-189453-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0x19 (0x21, 0xFFFFFA8005486000, 0x4290, 0x4090)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sun 11.12.2011 6:25:33 GMT your computer crashed
crash dump file: C:\Windows\Minidump\121111-219109-01.dmp
This was probably caused by the following module: afd.sys (afd+0x2733)
Bugcheck code: 0x1E (0x0, 0x0, 0x0, 0x0)
Error: KMODE_EXCEPTION_NOT_HANDLED
file path: C:\Windows\system32\drivers\afd.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Ancillary Function Driver for WinSock
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Thu 8.12.2011 17:42:09 GMT your computer crashed
crash dump file: C:\Windows\Minidump\120811-165890-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC10)
Bugcheck code: 0x1E (0x0, 0x0, 0x0, 0x0)
Error: KMODE_EXCEPTION_NOT_HANDLED
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Thu 8.12.2011 15:18:31 GMT your computer crashed
crash dump file: C:\Windows\Minidump\120811-212671-01.dmp
This was probably caused by the following module: unknown_module_00000000`00000000.sys (Unloaded_Unknown_Module_00000000`00000000+0xA)
Bugcheck code: 0xD1 (0x0, 0x8, 0x0, 0xFFFFF8800F4BFADB)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: unknown_module_00000000`00000000.sys .
Google query: unknown_module_00000000`00000000.sys DRIVER_IRQL_NOT_LESS_OR_EQUAL




On Mon 5.12.2011 3:37:46 GMT your computer crashed
crash dump file: C:\Windows\Minidump\120511-175921-01.dmp
This was probably caused by the following module: usbport.sys (USBPORT+0x2D23D)
Bugcheck code: 0xFE (0x6, 0xFFFFFA800426DD20, 0x50456368, 0x0)
Error: BUGCODE_USB_DRIVER
file path: C:\Windows\system32\drivers\usbport.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: USB 1.1 & 2.0 Port Driver
Bug check description: This indicates that an error has occurred in a Universal Serial Bus (USB) driver.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.

Moc dekuji za pomoc , ja si totiz vzdy s chybami pc poradil ale ted sem uz nekolik tydnu bezradny, zoufaly a kdyz uz doslo k nepravidelnemu zamrzavani je to myslim alarmujici.
Dekuji moc vsem za pomoc.

Jeste chci dodat ze k zamrzani nebo bsodum dochazi pri pokusu sledovat nejake video z internetu(krome Youtube tam zda se jedou).
Nevedel sem do ktere sekce to dat dal jsem to jsem.Pokzud spatne zadam o presunuti a omlouvam se.

Tohle mi napsalo jako
conclusion Whocrashed: No mozna to pomuze.
nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 285.62 , NVIDIA Corporation)

wow64cpu.sys

unknown_module_00000000`00000000.sys


Tady prikladam Log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by AMD2 at 2011-12-15 22:28:32
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 35 GB (18%) free of 187 GB
Total RAM: 2047 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:29:05, on 15.12.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
H:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\QIP 2012\qip.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
H:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x86\LCDMedia.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\AMD2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\AMD\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~2\IDA\idaiehlp.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMVU Inc - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\AMD\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "H:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'DefaultAppPool')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'DefaultAppPool')
O4 - Startup: Logitech . Registrace produktu.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
O4 - Global Startup: WD Quick View.lnk = C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files (x86)\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files (x86)\IDA\ida.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QipGuard - QIP.ru - C:\Program Files (x86)\QipGuard\QipGuard.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
O23 - Service: WDFMEService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
O23 - Service: WDRulesService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10929 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe"
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"taskhost.exe"
"C:\Program Files (x86)\QipGuard\QipGuard.exe"
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\system32\svchost.exe -k iissvcs
"C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe"
"C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe"
taskmgr.exe /3
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe"
"C:\Program Files\Western Digital\WD SmartWare\WDFME.exe"
WLIDSvcM.exe 2408
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"H:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
"C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe"
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"H:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
"C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
KHALMNPR.EXE /API
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Logitech\SetPointG\SetPointII.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x64\LCDClock.exe"
"C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x64\LCDCountdown.exe"
"C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x64\LCDRSS.exe"
"C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x86\LCDMedia.exe"
"C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x64\LCDPop3.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4428.11af3c60.445736873 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.8.0 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 4428 "\\.\pipe\gecko-crash-server-pipe.4428" plugin
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:6052 CREDAT:145409
c:\windows\system32\inetsrv\w3wp.exe -ap "DefaultAppPool" -v "v2.0" -l "webengine4.dll" -a \\.\pipe\iisipm4f989aef-3465-4c30-ba45-b86e4fa3bb50 -h "C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config" -w "" -m 0 -t 20
C:\Windows\system32\AUDIODG.EXE 0x7c4
"C:\Users\AMD2\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\OpenCandy Download Manager.job

=========Mozilla firefox=========

ProfilePath - C:\Users\AMD2\AppData\Roaming\Mozilla\Firefox\Profiles\pjawyg1x.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.katedrala.cz/anonym/nph-agen ... =3fpng=3d4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ogplanet.com/npOGPPlugin]
"Description"=OGPlanet Game Plugin
"Path"=C:\Windows\system32\npOGPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
McSiteAdvisor.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\AMD2\AppData\Roaming\Mozilla\Firefox\Profiles\pjawyg1x.default\extensions\
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{90b49673-5506-483e-b92b-ca0265bd9ca8}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Users\AMD2\AppData\Roaming\Mozilla\Firefox\Profiles\pjawyg1x.default\searchplugins\
google-peklada.xml
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A646672-9C3A-4C28-9A7A-1FB0F63F28B6}]
IE 4.x-6.x BHO for Internet Download Accelerator - C:\PROGRA~2\IDA\idaiehlp.dll [2011-03-11 165184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
IMVU Inc Toolbar - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\AMD\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2011-10-06 142288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-12-02 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{90b49673-5506-483e-b92b-ca0265bd9ca8} - IMVU Inc Toolbar - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll [2011-05-09 176936]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe [2011-07-28 110360]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1744152]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-08 4030008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"uTorrent"=H:\Program Files (x86)\uTorrent\uTorrent.exe [2011-11-14 640376]
"Infium"=C:\Program Files (x86)\QIP 2012\qip.exe [2011-10-06 7096272]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Display"=C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [2011-08-24 284024]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2011-09-13 4958320]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"CloneCDTray"=H:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
WD Quick View.lnk - C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe

C:\Users\AMD2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Logitech . Registrace produktu.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 68376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.ac3filter"=ac3filter64.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-12-15 22:28:33 ----D---- C:\Program Files\trend micro
2011-12-15 22:28:32 ----D---- C:\rsit
2011-12-14 18:53:35 ----A---- C:\Windows\system32\easyupdatusapiu64.dll
2011-12-14 18:51:31 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2011-12-14 18:51:31 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2011-12-14 18:51:31 ----A---- C:\Windows\system32\OpenCL.dll
2011-12-14 18:51:31 ----A---- C:\Windows\system32\nvwgf2umx.dll
2011-12-14 18:51:31 ----A---- C:\Windows\system32\nvoglv64.dll
2011-12-14 18:51:30 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2011-12-14 18:51:30 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2011-12-14 18:51:30 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2011-12-14 18:51:30 ----A---- C:\Windows\system32\nvd3dumx.dll
2011-12-14 18:51:30 ----A---- C:\Windows\system32\nvcuvid.dll
2011-12-14 18:51:30 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-12-14 18:51:29 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2011-12-14 18:51:29 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2011-12-14 18:51:29 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2011-12-14 18:51:29 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2011-12-14 18:51:29 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-12-14 18:51:29 ----A---- C:\Windows\system32\nvcuda.dll
2011-12-14 18:51:29 ----A---- C:\Windows\system32\nvcompiler.dll
2011-12-14 18:19:29 ----A---- C:\Windows\ntbtlog.txt
2011-12-14 16:03:53 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-12-14 16:03:53 ----A---- C:\Windows\system32\tzres.dll
2011-12-14 16:03:21 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-12-14 16:03:21 ----A---- C:\Windows\system32\EncDec.dll
2011-12-13 15:09:43 ----D---- C:\Windows\$regcmp$
2011-12-13 14:59:09 ----D---- C:\Users\AMD2\AppData\Roaming\CleanMyPC Software
2011-12-13 14:49:14 ----A---- C:\Windows\ScanReg.exe
2011-12-07 15:57:29 ----D---- C:\Program Files (x86)\Avextinct Defragment
2011-12-06 19:06:43 ----D---- C:\Windows\SYSWOW64\directx
2011-12-02 16:02:25 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-12-02 16:02:25 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-12-02 16:02:25 ----A---- C:\Windows\SYSWOW64\java.exe
2011-12-02 16:01:39 ----D---- C:\Program Files (x86)\Java
2011-12-02 15:27:33 ----A---- C:\Windows\system32\FNTCACHE.DAT
2011-12-02 13:30:14 ----D---- C:\Program Files\CCleaner
2011-12-02 13:28:08 ----D---- C:\Program Files (x86)\Google
2011-12-01 15:00:59 ----D---- C:\Users\AMD2\AppData\Roaming\FreeArc
2011-11-28 21:37:16 ----D---- C:\Program Files\Western Digital
2011-11-28 13:37:20 ----D---- C:\Temp
2011-11-28 00:29:29 ----D---- C:\ProgramData\ESET
2011-11-28 00:29:29 ----D---- C:\Program Files\ESET
2011-11-27 18:56:39 ----A---- C:\Windows\SYSWOW64\VMAPO32.DLL
2011-11-27 18:56:39 ----A---- C:\Windows\system32\VMAPO64.DLL
2011-11-27 18:56:39 ----A---- C:\Windows\system32\VIASysFx.dll
2011-11-27 18:56:39 ----A---- C:\Windows\system32\VIAPropPageExt.dll
2011-11-27 18:56:39 ----A---- C:\Windows\system32\ViaMicArrayAPO.dll
2011-11-27 18:56:39 ----A---- C:\Windows\system32\ViakaraokeSrv.exe
2011-11-27 18:56:39 ----A---- C:\Windows\system32\nQPropPageExt.dll
2011-11-27 18:56:39 ----A---- C:\Windows\system32\nQAPO.dll
2011-11-27 18:56:38 ----A---- C:\Windows\system32\VMPPLD64.DLL
2011-11-27 18:56:38 ----A---- C:\Windows\system32\VMPPCN64.DLL
2011-11-27 18:56:38 ----A---- C:\Windows\system32\ViaMicArrayPropPageExt.dll
2011-11-27 18:56:38 ----A---- C:\Windows\system32\ViaKaraokePropPageExt.dll
2011-11-27 18:56:38 ----A---- C:\Windows\system32\ViaKaraokeApo.dll
2011-11-27 18:56:38 ----A---- C:\Windows\system32\drivers\viahduaa.sys
2011-11-27 18:12:48 ----A---- C:\Windows\system32\VMWRP64.DLL
2011-11-27 17:11:08 ----N---- C:\Windows\difxapi.dll
2011-11-27 16:32:13 ----D---- C:\Users\AMD2\AppData\Roaming\DriverFinder
2011-11-26 23:09:02 ----A---- C:\Windows\system32\cohelper.dll
2011-11-26 23:08:48 ----A---- C:\Windows\system32\NVUNINST.EXE
2011-11-26 23:07:57 ----A---- C:\Windows\system32\nvunrm.exe
2011-11-26 23:07:57 ----A---- C:\Windows\system32\nvconrm.dll
2011-11-26 23:07:56 ----A---- C:\Windows\system32\fdco1.dll
2011-11-26 01:57:19 ----D---- C:\Program Files (x86)\Reference Assemblies
2011-11-26 01:57:12 ----D---- C:\Windows\SYSWOW64\XPSViewer
2011-11-26 01:57:11 ----D---- C:\Windows\SYSWOW64\BestPractices
2011-11-26 01:57:05 ----D---- C:\Windows\system32\BestPractices
2011-11-26 01:57:02 ----D---- C:\Program Files\Reference Assemblies
2011-11-26 01:57:02 ----D---- C:\Program Files\MSBuild
2011-11-26 01:57:01 ----D---- C:\inetpub
2011-11-25 21:07:54 ----D---- C:\Users\AMD2\AppData\Roaming\Malwarebytes
2011-11-25 21:07:54 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-11-24 19:55:03 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-11-24 19:42:21 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-11-24 15:33:20 ----D---- C:\Program Files (x86)\Windsty
2011-11-24 15:16:32 ----A---- C:\Windows\reimage.ini
2011-11-22 23:13:16 ----D---- C:\ProgramData\Kaspersky Lab
2011-11-21 20:15:08 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-11-21 20:14:51 ----D---- C:\Users\AMD2\AppData\Roaming\DAEMON Tools Lite
2011-11-21 19:40:32 ----D---- C:\Program Files (x86)\Haali
2011-11-21 19:02:34 ----D---- C:\Users\AMD2\AppData\Roaming\BSplayer PRO
2011-11-21 19:00:42 ----D---- C:\Users\AMD2\AppData\Roaming\WinRAR
2011-11-21 17:56:47 ----D---- C:\Users\AMD2\AppData\Roaming\ImgBurn
2011-11-21 17:17:50 ----D---- C:\Users\AMD2\AppData\Roaming\uTorrent
2011-11-21 17:12:24 ----D---- C:\Users\AMD2\AppData\Roaming\Leadertech
2011-11-21 16:36:35 ----D---- C:\Program Files\Logitech
2011-11-21 16:35:54 ----D---- C:\Users\AMD2\AppData\Roaming\QIP
2011-11-21 16:33:57 ----D---- C:\Users\AMD2\AppData\Roaming\Logishrd
2011-11-21 16:33:23 ----D---- C:\Users\AMD2\AppData\Roaming\Mozilla
2011-11-21 16:32:42 ----D---- C:\Users\AMD2\AppData\Roaming\Opera
2011-11-21 16:31:11 ----D---- C:\Users\AMD2\AppData\Roaming\Western Digital
2011-11-21 16:30:20 ----D---- C:\Users\AMD2\AppData\Roaming\NVIDIA
2011-11-21 16:29:14 ----D---- C:\Users\AMD2\AppData\Roaming\Adobe
2011-11-21 16:29:07 ----D---- C:\Users\AMD2\AppData\Roaming\Logitech
2011-11-21 16:27:27 ----D---- C:\Users\AMD2\AppData\Roaming\Identities
2011-11-21 16:25:38 ----SD---- C:\Users\AMD2\AppData\Roaming\Microsoft
2011-11-21 16:25:38 ----D---- C:\Users\AMD2\AppData\Roaming\Media Center Programs
2011-11-21 16:25:38 ----D---- C:\Users\AMD2\AppData\Roaming\Macromedia
2011-11-21 14:52:41 ----D---- C:\Program Files (x86)\SlySoft
2011-11-19 18:28:59 ----D---- C:\Program Files (x86)\IDA
2011-11-17 20:32:55 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2011-11-17 20:32:55 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2011-11-17 20:32:55 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2011-11-17 20:32:55 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-11-17 20:32:55 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-11-17 20:32:55 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-11-17 20:32:54 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2011-11-17 20:32:54 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-11-17 20:32:52 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2011-11-17 20:32:52 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2011-11-17 20:32:52 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2011-11-17 20:32:52 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-11-17 20:32:52 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-11-17 20:32:52 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-11-17 20:32:50 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2011-11-17 20:32:50 ----A---- C:\Windows\system32\D3DX9_43.dll
2011-11-17 04:25:59 ----D---- C:\Program Files (x86)\HDD Regenerator

======List of files/folders modified in the last 1 month======

2011-12-15 22:28:47 ----D---- C:\Windows\Temp
2011-12-15 22:28:33 ----RD---- C:\Program Files
2011-12-15 22:18:08 ----D---- C:\Program Files (x86)\IMVU_Inc
2011-12-15 22:04:34 ----D---- C:\Program Files\WhoCrashed
2011-12-15 21:48:00 ----D---- C:\Windows\system32\config
2011-12-15 20:45:59 ----D---- C:\Windows\Tasks
2011-12-15 20:45:01 ----D---- C:\Windows\Minidump
2011-12-14 20:02:55 ----D---- C:\Windows\system32\Tasks
2011-12-14 19:02:23 ----AD---- C:\Windows
2011-12-14 19:00:35 ----D---- C:\Windows\System32
2011-12-14 18:58:30 ----D---- C:\Windows\system32\drivers
2011-12-14 18:54:13 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-12-14 18:54:12 ----D---- C:\Program Files\NVIDIA Corporation
2011-12-14 18:53:17 ----D---- C:\Windows\SysWOW64
2011-12-14 18:52:30 ----D---- C:\Windows\inf
2011-12-14 18:52:27 ----D---- C:\Windows\system32\catroot
2011-12-14 18:52:25 ----D---- C:\Windows\system32\DriverStore
2011-12-14 18:47:52 ----D---- C:\Windows\winsxs
2011-12-14 18:36:13 ----D---- C:\Program Files (x86)\Opera
2011-12-14 18:23:11 ----D---- C:\Windows\SYSWOW64\migration
2011-12-14 18:23:11 ----D---- C:\Windows\system32\migration
2011-12-14 18:23:11 ----D---- C:\Program Files\Internet Explorer
2011-12-14 18:23:11 ----D---- C:\Program Files (x86)\Internet Explorer
2011-12-14 16:09:51 ----D---- C:\Windows\debug
2011-12-14 16:09:44 ----A---- C:\Windows\system32\MRT.exe
2011-12-14 16:09:10 ----D---- C:\Windows\system32\catroot2
2011-12-14 16:08:12 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-12-14 16:08:11 ----D---- C:\Windows\system32\cs-CZ
2011-12-14 16:07:26 ----SHD---- C:\System Volume Information
2011-12-14 15:56:53 ----D---- C:\Windows\Prefetch
2011-12-13 18:06:29 ----D---- C:\NVIDIA
2011-12-13 16:39:34 ----AD---- C:\ProgramData\TEMP
2011-12-13 15:46:43 ----D---- C:\Windows\system32\NDF
2011-12-10 17:11:28 ----RSD---- C:\Windows\assembly
2011-12-09 19:08:35 ----D---- C:\Program Files (x86)\ffdshow
2011-12-07 22:46:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-07 15:57:29 ----RD---- C:\Program Files (x86)
2011-12-06 19:06:42 ----D---- C:\Windows\Logs
2011-12-03 18:56:45 ----D---- C:\Windows\SYSWOW64\drivers
2011-12-03 05:33:47 ----HD---- C:\ProgramData
2011-12-02 16:27:49 ----RD---- C:\Users
2011-12-02 16:26:05 ----D---- C:\ProgramData\NVIDIA
2011-12-02 16:13:14 ----SHD---- C:\Windows\Installer
2011-12-02 16:13:13 ----SHD---- C:\Config.Msi
2011-12-02 16:03:01 ----D---- C:\Program Files (x86)\Common Files
2011-12-02 16:01:46 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-11-29 15:59:12 ----D---- C:\Windows.old
2011-11-29 15:58:20 ----D---- C:\Downloads
2011-11-29 15:57:35 ----D---- C:\BACKUP
2011-11-29 15:11:01 ----D---- C:\Program Files (x86)\Western Digital
2011-11-28 21:38:05 ----D---- C:\ProgramData\Western Digital
2011-11-28 13:10:27 ----SHD---- C:\$Recycle.Bin
2011-11-28 00:11:05 ----D---- C:\ProgramData\AVAST Software
2011-11-27 19:08:19 ----D---- C:\Program Files (x86)\Registry Mechanic
2011-11-27 18:57:15 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-11-27 18:56:59 ----D---- C:\Program Files (x86)\VIA
2011-11-26 19:58:16 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-11-26 12:57:49 ----D---- C:\Windows\rescache
2011-11-26 09:13:07 ----D---- C:\Windows\Microsoft.NET
2011-11-26 01:57:19 ----D---- C:\Program Files (x86)\MSBuild
2011-11-26 01:57:13 ----D---- C:\Windows\SYSWOW64\inetsrv
2011-11-26 01:57:11 ----D---- C:\Windows\SYSWOW64\wbem
2011-11-26 01:57:09 ----D---- C:\Windows\system32\inetsrv
2011-11-26 01:57:06 ----D---- C:\Windows\system32\wbem
2011-11-26 01:57:05 ----RSD---- C:\Windows\Fonts
2011-11-24 19:42:35 ----D---- C:\Windows\SYSWOW64\en-US
2011-11-24 19:42:35 ----D---- C:\Windows\system32\en-US
2011-11-23 01:20:31 ----D---- C:\Windows\system32\wdi
2011-11-21 22:58:49 ----D---- C:\Program Files (x86)\OGPlanet
2011-11-21 20:15:08 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-11-21 19:30:03 ----D---- C:\Program Files (x86)\AC3Filter
2011-11-21 16:38:29 ----D---- C:\Program Files\Common Files\LogiShrd
2011-11-21 16:36:51 ----D---- C:\ProgramData\Logishrd
2011-11-17 19:12:28 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-11-17 18:51:37 ----D---- C:\Program Files (x86)\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2011-10-28 69376]
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2010-04-09 244328]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-10-08 526392]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-21 270912]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 31400]
R2 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x64.sys [2009-03-27 19432]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-06 17152]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2011-10-08 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2011-10-08 16008]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-09-02 66840]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-09-02 60696]
R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-03-04 349416]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2011-09-07 2173552]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S3 a9sbnd54;a9sbnd54; C:\Windows\system32\drivers\a9sbnd54.sys []
S3 cpuz134;cpuz134; C:\Windows\system32\drivers\cpuz134.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 GPU-Z;GPU-Z; C:\Windows\system32\drivers\GPU-Z.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-21 32768]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 X6va001;X6va001; \??\C:\Users\AMD2\AppData\Local\Temp\0013F9E.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 APC Data Service;APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-08-24 21880]
R2 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [2011-08-24 705912]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-08 974944]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2010-01-21 496232]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R2 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2010-01-21 209000]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 QipGuard;QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [2011-10-06 191440]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2011-09-07 27760]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
R2 WDFMEService;WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
R2 WDRulesService;WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 136176]
S2 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 136176]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 359192]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-10 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravím!
Šmejdy tam máte, ale obávám se, že nějaký problém bude i v hardwaru. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 11-12-15.02 - AMD2 15.12.2011 23:02:30.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2047.544 [GMT 1:00]
Spuštěný z: c:\users\AMD2\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\AMD\ResourceReader.dll
c:\windows\SysWow64\cc32100mt.dll
E:\SETUP.EXE
K:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-15 do 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 22:13 . 2011-12-15 22:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-15 22:13 . 2011-12-15 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 22:13 . 2011-12-15 22:13 -------- d-----w- c:\users\AMD\AppData\Local\temp
2011-12-15 21:28 . 2011-12-15 21:29 -------- d-----w- c:\program files\trend micro
2011-12-15 21:28 . 2011-12-15 21:29 -------- d-----w- C:\rsit
2011-12-14 17:53 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-12-14 15:03 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 15:03 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 15:03 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 15:03 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-13 14:09 . 2011-12-13 14:42 -------- d-----w- c:\windows\$regcmp$
2011-12-13 13:49 . 2000-06-07 10:59 61440 ----a-w- c:\windows\ScanReg.exe
2011-12-13 09:44 . 2011-12-15 19:49 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F03D00D-E03E-4F55-A142-6D758F62110B}\offreg.dll
2011-12-13 09:44 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F03D00D-E03E-4F55-A142-6D758F62110B}\mpengine.dll
2011-12-07 14:57 . 2011-12-07 14:57 -------- d-----w- c:\program files (x86)\Avextinct Defragment
2011-12-02 15:03 . 2011-12-02 15:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-02 15:01 . 2011-12-02 15:01 -------- d-----w- c:\program files (x86)\Java
2011-12-02 12:30 . 2011-12-02 12:30 -------- d-----w- c:\program files\CCleaner
2011-12-02 12:28 . 2011-12-02 12:31 -------- d-----w- c:\program files (x86)\Google
2011-11-29 22:15 . 2011-12-14 15:24 -------- d-----w- c:\users\DefaultAppPool
2011-11-28 20:37 . 2011-11-28 20:37 -------- d-----w- c:\users\Default\AppData\Local\Western Digital
2011-11-28 20:37 . 2011-11-28 20:37 -------- d-----w- c:\program files\Western Digital
2011-11-28 12:37 . 2011-12-06 18:06 -------- d-----w- C:\Temp
2011-11-28 12:10 . 2011-11-28 12:10 -------- d-----w- c:\users\Guest
2011-11-27 23:29 . 2011-11-27 23:29 -------- d-----w- c:\program files\ESET
2011-11-27 17:12 . 2010-10-26 23:55 74240 ----a-w- c:\windows\system32\VMWRP64.DLL
2011-11-27 16:11 . 2007-04-11 20:35 414632 ------w- c:\windows\difxapi.dll
2011-11-26 22:09 . 2010-03-04 17:05 758272 ----a-w- c:\windows\system32\cohelper.dll
2011-11-26 22:09 . 2010-02-22 06:45 10084 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-11-26 22:08 . 2010-03-03 15:36 657512 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-11-26 22:07 . 2010-03-04 00:49 229480 ----a-w- c:\windows\system32\nvconrm.dll
2011-11-26 22:07 . 2009-04-28 23:46 506400 ----a-w- c:\windows\system32\nvunrm.exe
2011-11-26 22:07 . 2009-04-30 11:46 899584 ----a-w- c:\windows\system32\fdco1.dll
2011-11-26 00:57 . 2011-11-26 00:57 -------- d-----w- c:\program files (x86)\Reference Assemblies
2011-11-26 00:57 . 2011-11-26 00:57 -------- d-----w- c:\windows\SysWow64\XPSViewer
2011-11-26 00:57 . 2011-11-26 00:57 -------- d-----w- c:\windows\SysWow64\BestPractices
2011-11-26 00:57 . 2011-11-26 00:57 -------- d-----w- c:\windows\system32\BestPractices
2011-11-26 00:57 . 2011-11-26 00:57 -------- d-----w- c:\program files\Reference Assemblies
2011-11-26 00:57 . 2011-11-26 00:57 -------- d-----w- c:\program files\MSBuild
2011-11-26 00:57 . 2011-11-26 00:57 -------- d-----w- C:\inetpub
2011-11-25 20:07 . 2011-11-25 20:07 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-11-24 18:42 . 2011-11-24 18:42 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-11-24 14:33 . 2011-11-24 14:33 -------- d-----w- c:\program files (x86)\Windsty
2011-11-22 22:13 . 2011-11-22 22:13 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-21 19:15 . 2011-11-21 19:15 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-21 18:40 . 2011-11-21 18:40 -------- d-----w- c:\program files (x86)\Haali
2011-11-21 15:36 . 2011-11-21 15:36 -------- d-----w- c:\program files\Logitech
2011-11-21 15:25 . 2011-12-14 17:55 -------- d-----w- c:\users\AMD2
2011-11-21 13:52 . 2011-11-25 21:50 -------- d-----w- c:\program files (x86)\SlySoft
2011-11-20 22:47 . 2011-11-21 15:28 -------- d-----w- c:\users\TEMP
2011-11-19 17:29 . 2011-11-21 13:51 -------- d-----w- c:\users\AMD\AppData\Roaming\Internet Download Accelerator
2011-11-19 17:28 . 2011-11-19 17:29 -------- d-----w- c:\program files (x86)\IDA
2011-11-17 03:25 . 2011-11-19 18:50 -------- d-----w- c:\program files (x86)\HDD Regenerator
2011-11-16 21:23 . 2011-11-16 21:23 -------- d-----w- c:\users\AMD\AppData\Roaming\FreeArc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 15:01 . 2011-10-13 16:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-01 16:22 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-12-01 16:22 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-29 14:06 . 2011-10-11 21:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 15:38 . 2011-10-08 15:03 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-11-07 14:50 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2011-11-07 14:50 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2011-11-07 14:50 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2011-11-07 14:50 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2011-11-07 14:50 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
2011-11-06 19:03 . 2011-11-06 19:03 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-06 19:03 . 2011-11-06 20:06 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-28 18:35 . 2011-11-06 18:58 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-23 22:21 . 2011-10-23 22:21 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-10-23 22:21 . 2011-10-23 22:21 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-10-23 22:21 . 2011-10-23 22:21 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-10-23 22:21 . 2011-10-23 22:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-10-23 22:21 . 2011-10-23 22:21 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-10-23 22:21 . 2011-10-23 22:21 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-10-23 22:21 . 2011-10-23 22:21 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-10-23 22:21 . 2011-10-23 22:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-10-23 22:21 . 2011-10-23 22:21 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-10-23 22:21 . 2011-10-23 22:21 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-10-23 22:21 . 2011-10-23 22:21 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-10-23 22:21 . 2011-10-23 22:21 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-10-23 22:21 . 2011-10-23 22:21 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-23 22:21 . 2011-10-23 22:21 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-10-23 22:21 . 2011-10-23 22:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-10-23 22:21 . 2011-10-23 22:21 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-10-23 22:21 . 2011-10-23 22:21 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-23 22:21 . 2011-10-23 22:21 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-10-23 22:21 . 2011-10-23 22:21 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-23 22:21 . 2011-10-23 22:21 222208 ----a-w- c:\windows\system32\msls31.dll
2011-10-23 22:21 . 2011-10-23 22:21 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-10-23 22:21 . 2011-10-23 22:21 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-10-23 22:21 . 2011-10-23 22:21 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-10-23 22:21 . 2011-10-23 22:21 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-10-23 22:21 . 2011-10-23 22:21 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-23 22:21 . 2011-10-23 22:21 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-10-23 22:21 . 2011-10-23 22:21 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-10-23 22:21 . 2011-10-23 22:21 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-23 22:21 . 2011-10-23 22:21 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-10-23 22:21 . 2011-10-23 22:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-23 22:21 . 2011-10-23 22:21 448512 ----a-w- c:\windows\system32\html.iec
2011-10-23 22:21 . 2011-10-23 22:21 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-23 22:21 . 2011-10-23 22:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-23 22:21 . 2011-10-23 22:21 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-10-23 22:21 . 2011-10-23 22:21 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-23 22:21 . 2011-10-23 22:21 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-23 22:21 . 2011-10-23 22:21 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-23 22:21 . 2011-10-23 22:21 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-23 22:21 . 2011-10-23 22:21 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-23 22:21 . 2011-10-23 22:21 12288 ----a-w- c:\windows\system32\mshta.exe
2011-10-23 22:21 . 2011-10-23 22:21 114176 ----a-w- c:\windows\system32\admparse.dll
2011-10-23 22:21 . 2011-10-23 22:21 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-15 08:53 . 2011-11-10 16:13 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-11-10 16:13 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-11-10 16:13 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-11-10 16:13 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-11-10 16:13 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-11-10 16:13 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-11-10 16:11 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-11-10 16:11 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-11-10 16:11 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-14 23:54 . 2011-10-14 23:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-08 15:10 . 2011-10-08 15:10 22408 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys
2011-10-08 15:10 . 2011-10-08 15:10 16008 ----a-w- c:\windows\system32\drivers\LGVirHid.sys
2011-10-08 15:10 . 2011-10-08 15:10 374792 ----a-w- c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
2011-10-08 15:10 . 2011-10-08 15:10 157704 ----a-w- c:\windows\system32\drivers\UMDF\lgSSBW.dll
2011-10-08 15:04 . 2011-10-08 15:04 53248 ----a-r- c:\users\AMD\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-10-08 14:34 . 2011-10-08 14:34 8398848 ----a-w- c:\users\AMD\PCPE_3.0.1.msi
2011-10-08 14:34 . 2011-10-08 14:34 8975736 ----a-w- c:\users\AMD\PCPE Setup.exe
2011-10-08 14:34 . 2011-10-08 14:34 626688 ----a-w- c:\users\AMD\msvcr80.dll
2011-10-08 14:34 . 2011-10-08 14:34 21880 ----a-w- c:\users\AMD\grm_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 21880 ----a-w- c:\users\AMD\fr_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 21368 ----a-w- c:\users\AMD\pt_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 21368 ----a-w- c:\users\AMD\it_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 21368 ----a-w- c:\users\AMD\es_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 21368 ----a-w- c:\users\AMD\en_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 20856 ----a-w- c:\users\AMD\ru_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 20344 ----a-w- c:\users\AMD\jp_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 1079808 ----a-w- c:\users\AMD\mfc80u.dll
2011-10-06 14:57 . 2011-10-08 18:41 142288 ----a-w- c:\users\AMD\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2011-09-29 16:29 . 2011-11-08 18:15 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-08 18:15 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-11-07 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-11-07 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\IMVU_Inc\prxtbIMV0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files (x86)\IMVU_Inc\prxtbIMV0.dll" [2011-05-09 176936]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"uTorrent"="h:\program files (x86)\uTorrent\uTorrent.exe" [2011-11-14 640376]
"Infium"="c:\program files (x86)\QIP 2012\qip.exe" [2011-10-06 7096272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-09-13 4958320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"CloneCDTray"="h:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
.
c:\users\AMD2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Registrace produktu.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736]
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 136176]
R3 cpuz134;cpuz134; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 GPU-Z;GPU-Z; [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;c:\users\AMD2\AppData\Local\Temp\0013F9E.tmp [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-08-24 21880]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-08 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2011-10-06 191440]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-06 17152]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 12:28]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 12:28]
.
2011-11-10 c:\windows\Tasks\OpenCandy Download Manager.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-08 4030008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.168.254 79.98.72.27 79.98.72.2
FF - ProfilePath - c:\users\AMD2\AppData\Roaming\Mozilla\Firefox\Profiles\pjawyg1x.default\
FF - prefs.js: browser.search.selectedEngine - Google překladač
FF - prefs.js: browser.startup.homepage - hxxp://www.katedrala.cz/anonym/nph-agent.cgi/0 ... =3fpng=3d4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\AMD2\AppData\Local\Temp\0013F9E.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-12-15 23:17:41
ComboFix-quarantined-files.txt 2011-12-15 22:17
.
Před spuštěním: Volných bajtů: 38 045 368 320
Po spuštění: Volných bajtů: 41 502 658 560
.
- - End Of File - - 7C5FB0147893CEB38B16C6C6B87884D3

Teda koukam ze jeden disk mito procistilo o dobrych kolem 15gb nebo mozna mene i tak je to trochu sok.(mozna prehanim dobre ale i otrochu mam vice volneho mista nez predtim.

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\users\AMD2\AppData\Local\Temp\0013F9E.tmp

Driver::
X6va001

Uložte na plochu lako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 11-12-15.02 - AMD2 17.12.2011 15:19:19.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2047.894 [GMT 1:00]
Spuštěný z: c:\users\AMD2\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\AMD2\Desktop\CFScript.txt.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA001
-------\Service_X6va001
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-17 do 2011-12-17 )))))))))))))))))))))))))))))))
.
.
2011-12-17 14:32 . 2011-12-17 14:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-17 14:32 . 2011-12-17 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-17 14:32 . 2011-12-17 14:32 -------- d-----w- c:\users\AMD\AppData\Local\temp
2011-12-17 14:07 . 2009-07-23 10:57 116992 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-12-17 14:07 . 2009-07-23 10:57 132608 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-12-17 14:06 . 2011-12-17 14:06 -------- d-----w- c:\programdata\Vodafone
2011-12-17 14:06 . 2011-12-17 14:06 -------- d-----w- c:\programdata\FLEXnet
2011-12-17 14:06 . 2011-12-17 14:06 -------- d-----w- c:\program files (x86)\Vodafone
2011-12-15 21:28 . 2011-12-15 21:29 -------- d-----w- c:\program files\trend micro
2011-12-15 21:28 . 2011-12-15 21:29 -------- d-----w- C:\rsit
2011-12-14 17:53 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-12-14 15:03 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 15:03 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 15:03 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 15:03 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-13 14:09 . 2011-12-13 14:42 -------- d-----w- c:\windows\$regcmp$
2011-12-13 13:49 . 2000-06-07 10:59 61440 ----a-w- c:\windows\ScanReg.exe
2011-12-13 09:44 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F03D00D-E03E-4F55-A142-6D758F62110B}\mpengine.dll
2011-12-07 14:57 . 2011-12-07 14:57 -------- d-----w- c:\program files (x86)\Avextinct Defragment
2011-12-02 15:03 . 2011-12-02 15:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-02 15:01 . 2011-12-02 15:01 -------- d-----w- c:\program files (x86)\Java
2011-12-02 12:30 . 2011-12-02 12:30 -------- d-----w- c:\program files\CCleaner
2011-12-02 12:28 . 2011-12-02 12:31 -------- d-----w- c:\program files (x86)\Google
2011-11-29 22:15 . 2011-12-15 22:17 -------- d-----w- c:\users\DefaultAppPool
2011-11-28 20:37 . 2011-11-28 20:37 -------- d-----w- c:\users\Default\AppData\Local\Western Digital
2011-11-28 20:37 . 2011-11-28 20:37 -------- d-----w- c:\program files\Western Digital
2011-11-28 12:37 . 2011-12-06 18:06 -------- d-----w- C:\Temp
2011-11-28 12:10 . 2011-11-28 12:10 -------- d-----w- c:\users\Guest
2011-11-27 23:29 . 2011-11-27 23:29 -------- d-----w- c:\program files\ESET
2011-11-27 17:12 . 2010-10-26 23:55 74240 ----a-w- c:\windows\system32\VMWRP64.DLL
2011-11-27 16:11 . 2007-04-11 20:35 414632 ------w- c:\windows\difxapi.dll
2011-11-26 22:09 . 2010-03-04 17:05 758272 ----a-w- c:\windows\system32\cohelper.dll
2011-11-26 22:09 . 2010-02-22 06:45 10084 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-11-26 22:08 . 2010-03-03 15:36 657512 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-11-26 22:07 . 2010-03-04 00:49 229480 ----a-w- c:\windows\system32\nvconrm.dll
2011-11-26 22:07 . 2009-04-28 23:46 506400 ----a-w- c:\windows\system32\nvunrm.exe
2011-11-26 22:07 . 2009-04-30 11:46 899584 ----a-w- c:\windows\system32\fdco1.dll
2011-11-26 00:57 . 2011-11-26 00:57 -------- d-----w- c:\program files (x86)\Reference Assemblies
2011-11-26 00:57 . 2011-11-26 00:57 -------- d-----w- c:\windows\SysWow64\XPSViewer
2011-11-26 00:57 . 2011-11-26 00:57 -------- d-----w- c:\windows\SysWow64\BestPractices
2011-11-26 00:57 . 2011-11-26 00:57 -------- d-----w- c:\windows\system32\BestPractices
2011-11-26 00:57 . 2011-11-26 00:57 -------- d-----w- c:\program files\Reference Assemblies
2011-11-26 00:57 . 2011-11-26 00:57 -------- d-----w- c:\program files\MSBuild
2011-11-26 00:57 . 2011-11-26 00:57 -------- d-----w- C:\inetpub
2011-11-25 20:07 . 2011-11-25 20:07 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-11-24 18:42 . 2011-11-24 18:42 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-11-24 14:33 . 2011-11-24 14:33 -------- d-----w- c:\program files (x86)\Windsty
2011-11-22 22:13 . 2011-11-22 22:13 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-21 19:15 . 2011-11-21 19:15 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-21 18:40 . 2011-11-21 18:40 -------- d-----w- c:\program files (x86)\Haali
2011-11-21 15:36 . 2011-11-21 15:36 -------- d-----w- c:\program files\Logitech
2011-11-21 15:25 . 2011-12-14 17:55 -------- d-----w- c:\users\AMD2
2011-11-21 13:52 . 2011-11-25 21:50 -------- d-----w- c:\program files (x86)\SlySoft
2011-11-20 22:47 . 2011-11-21 15:28 -------- d-----w- c:\users\TEMP
2011-11-19 17:29 . 2011-11-21 13:51 -------- d-----w- c:\users\AMD\AppData\Roaming\Internet Download Accelerator
2011-11-19 17:28 . 2011-11-19 17:29 -------- d-----w- c:\program files (x86)\IDA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 15:01 . 2011-10-13 16:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-01 16:22 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-12-01 16:22 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-29 14:06 . 2011-10-11 21:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 15:38 . 2011-10-08 15:03 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-11-07 14:50 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2011-11-07 14:50 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2011-11-07 14:50 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2011-11-07 14:50 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2011-11-07 14:50 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
2011-11-06 19:03 . 2011-11-06 19:03 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-06 19:03 . 2011-11-06 20:06 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-28 18:35 . 2011-11-06 18:58 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-23 22:21 . 2011-10-23 22:21 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-10-23 22:21 . 2011-10-23 22:21 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-10-23 22:21 . 2011-10-23 22:21 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-10-23 22:21 . 2011-10-23 22:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-10-23 22:21 . 2011-10-23 22:21 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-10-23 22:21 . 2011-10-23 22:21 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-10-23 22:21 . 2011-10-23 22:21 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-10-23 22:21 . 2011-10-23 22:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-10-23 22:21 . 2011-10-23 22:21 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-10-23 22:21 . 2011-10-23 22:21 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-10-23 22:21 . 2011-10-23 22:21 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-10-23 22:21 . 2011-10-23 22:21 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-10-23 22:21 . 2011-10-23 22:21 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-23 22:21 . 2011-10-23 22:21 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-10-23 22:21 . 2011-10-23 22:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-10-23 22:21 . 2011-10-23 22:21 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-10-23 22:21 . 2011-10-23 22:21 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-23 22:21 . 2011-10-23 22:21 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-10-23 22:21 . 2011-10-23 22:21 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-23 22:21 . 2011-10-23 22:21 222208 ----a-w- c:\windows\system32\msls31.dll
2011-10-23 22:21 . 2011-10-23 22:21 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-10-23 22:21 . 2011-10-23 22:21 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-10-23 22:21 . 2011-10-23 22:21 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-10-23 22:21 . 2011-10-23 22:21 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-10-23 22:21 . 2011-10-23 22:21 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-23 22:21 . 2011-10-23 22:21 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-10-23 22:21 . 2011-10-23 22:21 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-10-23 22:21 . 2011-10-23 22:21 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-23 22:21 . 2011-10-23 22:21 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-10-23 22:21 . 2011-10-23 22:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-23 22:21 . 2011-10-23 22:21 448512 ----a-w- c:\windows\system32\html.iec
2011-10-23 22:21 . 2011-10-23 22:21 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-23 22:21 . 2011-10-23 22:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-23 22:21 . 2011-10-23 22:21 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-10-23 22:21 . 2011-10-23 22:21 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-23 22:21 . 2011-10-23 22:21 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-23 22:21 . 2011-10-23 22:21 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-23 22:21 . 2011-10-23 22:21 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-23 22:21 . 2011-10-23 22:21 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-23 22:21 . 2011-10-23 22:21 12288 ----a-w- c:\windows\system32\mshta.exe
2011-10-23 22:21 . 2011-10-23 22:21 114176 ----a-w- c:\windows\system32\admparse.dll
2011-10-23 22:21 . 2011-10-23 22:21 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-15 08:53 . 2011-11-10 16:13 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-11-10 16:13 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-11-10 16:13 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-11-10 16:13 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-11-10 16:13 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-11-10 16:13 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-11-10 16:11 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-11-10 16:11 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-11-10 16:11 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-14 23:54 . 2011-10-14 23:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-08 15:10 . 2011-10-08 15:10 22408 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys
2011-10-08 15:10 . 2011-10-08 15:10 16008 ----a-w- c:\windows\system32\drivers\LGVirHid.sys
2011-10-08 15:10 . 2011-10-08 15:10 374792 ----a-w- c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
2011-10-08 15:10 . 2011-10-08 15:10 157704 ----a-w- c:\windows\system32\drivers\UMDF\lgSSBW.dll
2011-10-08 15:04 . 2011-10-08 15:04 53248 ----a-r- c:\users\AMD\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-10-08 14:34 . 2011-10-08 14:34 8398848 ----a-w- c:\users\AMD\PCPE_3.0.1.msi
2011-10-08 14:34 . 2011-10-08 14:34 8975736 ----a-w- c:\users\AMD\PCPE Setup.exe
2011-10-08 14:34 . 2011-10-08 14:34 626688 ----a-w- c:\users\AMD\msvcr80.dll
2011-10-08 14:34 . 2011-10-08 14:34 21880 ----a-w- c:\users\AMD\grm_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 21880 ----a-w- c:\users\AMD\fr_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 21368 ----a-w- c:\users\AMD\pt_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 21368 ----a-w- c:\users\AMD\it_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 21368 ----a-w- c:\users\AMD\es_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 21368 ----a-w- c:\users\AMD\en_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 20856 ----a-w- c:\users\AMD\ru_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 20344 ----a-w- c:\users\AMD\jp_res.dll
2011-10-08 14:34 . 2011-10-08 14:34 1079808 ----a-w- c:\users\AMD\mfc80u.dll
2011-10-06 14:57 . 2011-10-08 18:41 142288 ----a-w- c:\users\AMD\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2011-09-29 16:29 . 2011-11-08 18:15 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-08 18:15 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-11-07 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-11-07 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-12-15_22.14.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-12-17 14:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-15 21:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-17 14:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-15 21:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-15 21:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-17 14:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2011-12-16 17:15 39416 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-17 14:38 41366 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-21 15:27 . 2011-12-17 14:38 10096 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2515424161-2927146387-1617500511-1007_UserData.bin
- 2009-07-14 05:30 . 2011-12-14 17:53 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-12-17 14:08 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2007-08-09 02:10 . 2007-08-09 02:10 29696 c:\windows\system32\DriverStore\FileRepository\ewdcsc.inf_amd64_neutral_19212a756b9f5376\ewdcsc.sys
+ 2009-07-14 04:46 . 2011-12-16 17:53 98720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-11-28 11:38 98720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-12-17 14:06 . 2011-12-17 14:06 73728 c:\windows\Installer\{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}\VodafoneConnectionMa_B9D0823E49B04B5B9B0C5415624F0666.exe
+ 2011-12-17 14:06 . 2011-12-17 14:06 73728 c:\windows\Installer\{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}\SMS_B9D0823E49B04B5B9B0C5415624F0666.exe
+ 2011-12-17 14:06 . 2011-12-17 14:06 73728 c:\windows\Installer\{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}\NewShortcut9_B9D0823E49B04B5B9B0C5415624F0666.exe
+ 2011-12-17 14:06 . 2011-12-17 14:06 73728 c:\windows\Installer\{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}\NewShortcut8_B9D0823E49B04B5B9B0C5415624F0666.exe
+ 2011-12-17 14:06 . 2011-12-17 14:06 73728 c:\windows\Installer\{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}\ARPPRODUCTICON.exe
+ 2011-12-17 14:17 . 2011-12-17 14:17 9560 c:\windows\system32\NetworkList\Icons\{D1A61B81-853C-4EE5-BAE6-18A1D9A245BD}_48.bin
+ 2011-12-17 14:17 . 2011-12-17 14:17 4280 c:\windows\system32\NetworkList\Icons\{D1A61B81-853C-4EE5-BAE6-18A1D9A245BD}_32.bin
+ 2011-12-17 14:17 . 2011-12-17 14:17 2456 c:\windows\system32\NetworkList\Icons\{D1A61B81-853C-4EE5-BAE6-18A1D9A245BD}_24.bin
+ 2011-12-17 14:35 . 2011-12-17 14:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-14 18:00 . 2011-12-15 19:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-14 18:00 . 2011-12-15 19:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-17 14:35 . 2011-12-17 14:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-12-07 21:46 725730 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-17 14:10 725730 c:\windows\system32\perfh009.dat
- 2010-11-21 09:27 . 2011-12-07 21:46 740486 c:\windows\system32\perfh005.dat
+ 2010-11-21 09:27 . 2011-12-17 14:10 740486 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-12-07 21:46 147328 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-17 14:10 147328 c:\windows\system32\perfc009.dat
+ 2010-11-21 09:27 . 2011-12-17 14:10 172926 c:\windows\system32\perfc005.dat
- 2010-11-21 09:27 . 2011-12-07 21:46 172926 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:30 . 2011-12-17 14:08 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-12-14 17:53 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-12-17 14:08 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-12-14 17:52 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-12-17 14:07 . 2009-05-26 15:53 691712 c:\windows\system32\DriverStore\FileRepository\mod7700.inf_amd64_neutral_be95eabbd110b321\mod7700.sys
+ 2011-12-17 14:07 . 2009-07-23 10:57 116992 c:\windows\system32\DriverStore\FileRepository\ewser2k.inf_amd64_neutral_cd9458adb5159cb4\ewusbmdm.sys
+ 2011-12-17 14:07 . 2009-07-23 10:57 132608 c:\windows\system32\DriverStore\FileRepository\ewnet.inf_amd64_neutral_090bedeb705f2b5c\ewusbnet.sys
+ 2011-12-17 14:07 . 2009-07-23 10:57 116992 c:\windows\system32\DriverStore\FileRepository\ewmdm2k.inf_amd64_neutral_838e9e160b2f5ccc\ewusbmdm.sys
+ 2011-12-17 14:07 . 2009-07-23 10:57 113792 c:\windows\system32\DriverStore\FileRepository\ewfake.inf_amd64_neutral_7a96901c7282e4f9\ewusbfake.sys
+ 2009-07-14 05:01 . 2011-12-17 14:33 310276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-14 17:58 310276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-27 17:57 . 2011-12-17 14:33 431776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2515424161-2927146387-1617500511-1007-12288.dat
- 2011-11-27 17:57 . 2011-12-14 17:59 431776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2515424161-2927146387-1617500511-1007-12288.dat
+ 2009-07-14 04:45 . 2011-12-16 17:09 7087821 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-11-26 00:59 7087821 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-11-27 17:57 . 2011-12-17 14:33 7655992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2515424161-2927146387-1617500511-1007-8192.dat
- 2009-07-14 02:34 . 2011-12-15 21:52 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-12-16 03:01 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-12-17 14:05 . 2011-12-17 14:05 11988480 c:\windows\Installer\47c095a.msi
+ 2011-12-15 21:58 . 2011-12-17 14:17 10043392 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2011-12-15 21:58 . 2011-12-15 21:58 10043392 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\IMVU_Inc\prxtbIMV0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files (x86)\IMVU_Inc\prxtbIMV0.dll" [2011-05-09 176936]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"uTorrent"="h:\program files (x86)\uTorrent\uTorrent.exe" [2011-11-14 640376]
"Infium"="c:\program files (x86)\QIP 2012\qip.exe" [2011-10-06 7096272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-09-13 4958320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"CloneCDTray"="h:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
.
c:\users\AMD2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Registrace produktu.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736]
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 136176]
R3 cpuz134;cpuz134; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 GPU-Z;GPU-Z; [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 136176]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-06 17152]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-08-24 21880]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-08 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2011-10-06 191440]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 12:28]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 12:28]
.
2011-11-10 c:\windows\Tasks\OpenCandy Download Manager.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-08 4030008]
"combofix"="c:\combofix\CF23355.3XE" [2010-11-21 345088]
.
------- Doplňkový sken -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 217.77.165.81 217.77.161.131
FF - ProfilePath - c:\users\AMD2\AppData\Roaming\Mozilla\Firefox\Profiles\pjawyg1x.default\
FF - prefs.js: browser.search.selectedEngine - Google překladač
FF - prefs.js: browser.startup.homepage - hxxp://www.katedrala.cz/anonym/nph-agent.cgi/0 ... =3fpng=3d4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
c:\program files\Logitech Gaming Software\plugins\LCDAppletsMono-8.01.067\Applets\x86\LCDMedia.exe
.
**************************************************************************
.
Celkový čas: 2011-12-17 15:47:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-17 14:47
ComboFix2.txt 2011-12-15 22:17
.
Před spuštěním: Volných bajtů: 40 064 540 672
Po spuštění: Volných bajtů: 40 052 457 472
.
- - End Of File - - EBA14F6A2FBC3AAD264629FA1A0997A4

Log již vypadá OK. Ještě bych doporučil buď odinstovat Ad_aware, nebo vypnout antispy v NODu. Může docházet k sw kolizím. Nastala nějaká změna?

Rudy: Kuprikladu jeste vcera jsem mnel BSOD pri jedne hre, zdalo se ale ze slo o malou virtualni pamet, jinak ze vcera na dnesek v noci bsod nebyl.
Uvidime dneska takze Ad-aware myslite ze zato muze, NOD32 si nemyslim mam ho jen kratce.Ad-aware se mi zdalo jako dobre u nej sem vypl ten rezdiedntni stit tak snad to nic delat nebude uz, dekuji prozatim za pomoc.

Takhle: Ad-Aware je antispy a součástí NODu je také antispy. Na jednom systému nemohou oba rezidentně běžet, bijí se mezi sebou. Vypnutí rez. štítu by mělo stačit. Netvrdím, že to, co jsme odstranili, ani ty 2 antispy způsobily BSOD. K tomu, abychom mohli zjistit, co problém způsobuje, musíme odstranit možné příčiny. toto by mohla být jedna z nich.