Kontrola logu - krach antiviru,přejmenování disku....

[sunv]

Dobrý den.
Dostalo se mi rukou PC kde postupně vše selhává. Náhodou se podařilo spustit a dokončit combofix. Tady je log:
ComboFix 10-08-26.02 - Tata 27.08.2010 9:10.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2712 [GMT 2:00]
Spuštěný z: d:\documents and settings\Tata\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Kluci\Local Settings\Temporary Internet Files\TRNCOM.INI
d:\documents and settings\Tata\Data aplikací\TMInc
d:\documents and settings\Tata\Data aplikací\TMInc\game.cfg
d:\documents and settings\Tata\Data aplikací\TMInc\user1.sav
d:\documents and settings\Tata\Dokumenty\cc_20100826_110332.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-27 do 2010-08-27 )))))))))))))))))))))))))))))))
.

2010-08-26 21:05 . 2010-04-29 13:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 21:05 . 2010-08-26 21:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-26 21:05 . 2010-04-29 13:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-08-26 08:56 . 2010-08-26 08:56 -------- d-sh--w- d:\documents and settings\Administrator\IETldCache
2010-08-25 23:11 . 2010-08-25 23:11 413696 ----a-w- d:\windows\system32\wrap_oal.dll
2010-08-25 23:11 . 2010-08-25 23:11 110592 ----a-w- d:\windows\system32\OpenAL32.dll
2010-08-19 17:21 . 2010-08-19 17:21 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2010-08-19 16:49 . 2010-08-19 16:49 3524 ----a-w- d:\windows\system32\ealregsnapshot1.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 22:45 . 2001-10-25 12:00 83674 ----a-w- d:\windows\system32\perfc005.dat
2010-08-26 22:45 . 2001-10-25 12:00 441140 ----a-w- d:\windows\system32\perfh005.dat
2010-08-17 18:24 . 2009-11-26 15:55 -------- d-----w- c:\program files\Opera
2010-08-17 12:23 . 2010-02-18 21:34 138328 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-08-17 12:22 . 2010-02-18 21:34 214816 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-06-30 12:33 . 2002-09-20 16:04 149504 ----a-w- d:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-06-29 05:37 38848 ----a-w- d:\windows\avastSS.scr
2010-06-28 20:57 . 2010-02-18 21:16 165032 ----a-w- d:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-02-18 21:16 46672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-02-18 21:16 165456 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-02-18 21:16 23376 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-02-18 21:16 100176 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-02-18 21:16 94544 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-02-18 21:16 17744 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-02-18 21:16 28880 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:27 . 2002-09-20 16:05 916480 ----a-w- d:\windows\system32\wininet.dll
2010-06-24 09:02 . 2002-09-20 15:41 1851904 ----a-w- d:\windows\system32\win32k.sys
2010-06-21 15:27 . 2001-10-25 12:00 354304 ----a-w- d:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2001-10-25 12:00 80384 ----a-w- d:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-02-18 16:39 744448 ----a-w- d:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:43 . 2002-09-20 16:04 1172480 ----a-w- d:\windows\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

d:\documents and settings\Tata\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - d:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2 - BETA\\BFBC2BetaUpdater.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2 - BETA\\BFBC2Game.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\dvbdream\\dvbdream.exe"=
"d:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910

R0 BtHidBus;Bluetooth HID Bus Service;d:\windows\system32\drivers\BtHidBus.sys [8.1.2009 0:39 20744]
R0 hotcore2;hotcore2;d:\windows\system32\drivers\hotcore2.sys [19.2.2010 15:54 30808]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;d:\windows\system32\drivers\nvcchflt.sys [11.2.2005 19:11 16640]
R0 vax347s;vax347s;d:\windows\system32\drivers\vax347s.sys [21.2.2010 12:51 5248]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [18.2.2010 23:16 165456]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [18.2.2010 23:16 17744]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;d:\windows\system32\drivers\SkyNET.sys [18.2.2010 22:28 419344]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18.7.2009 21:53 133104]
S3 btnetBUs;Bluetooth PAN Bus Service;d:\windows\system32\drivers\btnetBus.sys [7.12.2008 13:44 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;d:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 15:58 26248]
S3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [26.8.2010 23:05 38224]
S3 PAC207;USB PC Cam Plus;d:\windows\system32\drivers\PFC027.sys [24.2.2005 13:29 162176]
S4 sptd;sptd;d:\windows\system32\drivers\sptd.sys [18.2.2010 21:06 691696]
S4 vax347b;vax347b;d:\windows\system32\drivers\vax347b.sys [21.2.2010 12:51 159616]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
2009-03-08 02:32 128512 ----a-w- d:\windows\system32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
2009-03-08 02:32 128512 ----a-w- d:\windows\system32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
2009-03-08 02:32 128512 ----a-w- d:\windows\system32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
2009-12-21 13:18 173056 ------w- c:\windows\system32\ie4uinit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
2004-08-17 14:49 33280 ------w- c:\windows\system32\rundll32.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-08-27 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 19:53]

2010-08-26 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 19:53]

2010-08-27 d:\windows\Tasks\User_Feed_Synchronization-{EE5756D0-C1CA-4BE7-8EFF-757C1D5C5A5D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\system32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-WEBTRAN - (no file)
AddRemove-Microsoft .NET Framework 3.5 Language Pack - csy - c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - csy\setup.exe
AddRemove-{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 09:15
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-220523388-484061587-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-220523388-484061587-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:fc,00,43,70,bb,f3,02,4f,dc,bb,82,e2,a4,cc,da,41,37,68,e1,c6,3d,
dd,5d,cb,d6,87,c2,e4,79,d6,62,81,dd,e8,6e,99,d2,bb,5c,eb,a0,59,a7,9e,aa,29,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(932)
d:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-08-27 09:16:40
ComboFix-quarantined-files.txt 2010-08-27 07:16

Před spuštěním: Volných bajtů: 136 649 621 504
Po spuštění: Volných bajtů: 136 714 850 304

- - End Of File - - 2B0A799261E6947FF228C71523918D83

[motji]

Ahoj,
mbam něco našel?

Tohle víte co je?
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910


Ještě mi vlož log ze Rsitu,viz můj podpis.

[sunv]

Teď se mě v nouzovém režimu podařilo udělat Mbam našel trojáky v koši. Smazal jsem to.
Jinak když jdu třeba do ovládacích panelů tak zamrzne, ale to dělá prakticky při všem co pouštím. Jakoby postrácel části programů (avast, ICQ, media player) na ty jsem zatím narazil.
Až budu chvilku zas k tomu sednu.

Tohle víte co je?[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5910:TCP"= 5910:TCP:vnc5910

nevím co to je.

[motji]

Ještě poprosím o ten log ze Rsitu.
Máš možnost udělat obnovu systému, než začali být problémy?

[sunv]

Obnova systému krachla asi jako první, to zkoušel prý hned. Já to zkoušel teď a ani se na ni nedostanu.
Při startu vyskakuje chyba generic host process win32 services a svhost.exe
To je zralé na přeinstal


Logfile of random's system information tool 1.08 (written by random/random)
Run by Tata at 2010-08-27 23:18:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 130 GB (77%) free of 170 GB
Total RAM: 3071 MB (85% free)

HijackThis download failed

======Scheduled tasks folder======

D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\User_Feed_Synchronization-{EE5756D0-C1CA-4BE7-8EFF-757C1D5C5A5D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-11 98304]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-05-18 49152]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"UserFaultCheck"=D:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

D:\Documents and Settings\Tata\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2009-12-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe:*:Enabled:EA Battlefield: Bad Company™ 2 - BETA"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\dvbdream\dvbdream.exe"="C:\dvbdream\dvbdream.exe:*:Disabled:DVB Dream"
"D:\Program Files\ICQ7.2\ICQ.exe"="D:\Program Files\ICQ7.2\ICQ.exe:*:Disabled:ICQ"
"D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe"="D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-08-27 23:05:34 ----D---- D:\rsit
2010-08-27 23:05:34 ----D---- C:\Program Files\trend micro
2010-08-27 09:32:27 ----A---- D:\WINDOWS\ntbtlog.txt
2010-08-27 09:25:17 ----SHD---- D:\RECYCLER
2010-08-27 09:16:41 ----D---- D:\WINDOWS\temp
2010-08-27 09:16:40 ----A---- D:\ComboFix.txt
2010-08-27 09:08:00 ----A---- D:\WINDOWS\zip.exe
2010-08-27 09:08:00 ----A---- D:\WINDOWS\SWXCACLS.exe
2010-08-27 09:08:00 ----A---- D:\WINDOWS\SWSC.exe
2010-08-27 09:08:00 ----A---- D:\WINDOWS\SWREG.exe
2010-08-27 09:08:00 ----A---- D:\WINDOWS\sed.exe
2010-08-27 09:08:00 ----A---- D:\WINDOWS\PEV.exe
2010-08-27 09:08:00 ----A---- D:\WINDOWS\NIRCMD.exe
2010-08-27 09:08:00 ----A---- D:\WINDOWS\MBR.exe
2010-08-27 09:08:00 ----A---- D:\WINDOWS\grep.exe
2010-08-27 09:07:53 ----D---- D:\WINDOWS\ERDNT
2010-08-27 09:04:36 ----D---- D:\Qoobox
2010-08-26 23:06:02 ----D---- D:\Documents and Settings\Tata\Data aplikací\Malwarebytes
2010-08-26 23:05:49 ----D---- D:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-08-26 23:05:49 ----A---- D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-26 23:05:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-26 23:05:48 ----A---- D:\WINDOWS\system32\drivers\mbam.sys
2010-08-26 13:15:15 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-08-26 10:56:22 ----D---- D:\WINDOWS\pss
2010-08-26 01:11:30 ----A---- D:\WINDOWS\system32\wrap_oal.dll
2010-08-26 01:11:30 ----A---- D:\WINDOWS\system32\OpenAL32.dll
2010-08-25 22:40:59 ----D---- D:\Documents and Settings\Tata\Data aplikací\Leadertech
2010-08-25 20:43:01 ----RHD---- D:\Documents and Settings\Tata\Data aplikací\SecuROM
2010-08-25 18:42:54 ----A---- D:\WINDOWS\CoDUO.INI
2010-08-19 19:21:28 ----A---- D:\WINDOWS\system32\CmdLineExt.dll
2010-08-13 08:24:48 ----HDC---- D:\WINDOWS\$NtUninstallKB982214$
2010-08-13 08:24:43 ----HDC---- D:\WINDOWS\$NtUninstallKB2115168$
2010-08-13 08:24:36 ----HDC---- D:\WINDOWS\$NtUninstallKB981852$
2010-08-13 08:24:30 ----HDC---- D:\WINDOWS\$NtUninstallKB2079403$
2010-08-13 08:21:43 ----HDC---- D:\WINDOWS\$NtUninstallKB2160329$
2010-08-13 08:21:34 ----HDC---- D:\WINDOWS\$NtUninstallKB980436$
2010-08-13 08:19:35 ----HDC---- D:\WINDOWS\$NtUninstallKB981997$
2010-08-13 08:19:08 ----HDC---- D:\WINDOWS\$NtUninstallKB982665$
2010-08-04 10:31:08 ----HDC---- D:\WINDOWS\$NtUninstallKB2286198$

======List of files/folders modified in the last 1 months======

2010-08-27 22:40:00 ----RD---- D:\Program Files
2010-08-27 22:38:02 ----D---- D:\WINDOWS\system32\CatRoot2
2010-08-27 22:38:02 ----D---- D:\WINDOWS
2010-08-27 11:15:34 ----D---- D:\Documents and Settings\All Users\Data aplikací\Google
2010-08-27 11:15:34 ----D---- C:\Program Files\Google
2010-08-27 11:15:10 ----D---- D:\Documents and Settings\Tata\Data aplikací\Skype
2010-08-27 11:11:32 ----D---- D:\WINDOWS\system32\drivers
2010-08-27 09:15:26 ----A---- D:\WINDOWS\system.ini
2010-08-27 09:15:17 ----D---- D:\WINDOWS\system32\drivers\etc
2010-08-27 09:14:04 ----D---- D:\WINDOWS\system32
2010-08-27 09:14:04 ----D---- D:\WINDOWS\AppPatch
2010-08-27 09:14:03 ----D---- C:\Program Files\Common Files
2010-08-27 00:45:39 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2010-08-27 00:43:41 ----HDC---- D:\WINDOWS\$NtUninstallwmp11$
2010-08-26 13:17:17 ----SHD---- D:\System Volume Information
2010-08-26 11:06:49 ----A---- D:\WINDOWS\win.ini
2010-08-26 10:55:54 ----D---- D:\Documents and Settings
2010-08-26 02:47:39 ----A---- D:\WINDOWS\TRNCOM.INI
2010-08-26 02:47:39 ----A---- D:\WINDOWS\MAILTRAN.INI
2010-08-26 01:36:05 ----RSD---- D:\WINDOWS\assembly
2010-08-26 01:36:05 ----D---- D:\WINDOWS\system32\DirectX
2010-08-26 01:35:55 ----HD---- D:\WINDOWS\inf
2010-08-26 01:11:15 ----SHD---- D:\WINDOWS\Installer
2010-08-26 00:55:34 ----D---- D:\Documents and Settings\Tata\Data aplikací\ICQ
2010-08-26 00:00:06 ----D---- D:\WINDOWS\Prefetch
2010-08-25 21:18:45 ----D---- D:\WINDOWS\system32\config
2010-08-25 19:01:37 ----A---- D:\WINDOWS\CoD.INI
2010-08-25 18:43:44 ----A---- D:\WINDOWS\WTRAN32.INI
2010-08-25 18:43:38 ----A---- D:\WINDOWS\WDICT32.INI
2010-08-24 14:17:04 ----D---- D:\WINDOWS\Logs
2010-08-20 11:43:17 ----D---- D:\WINDOWS\system32\ReinstallBackups
2010-08-19 20:29:26 ----D---- D:\WINDOWS\Debug
2010-08-19 19:20:42 ----D---- D:\WINDOWS\WinSxS
2010-08-19 08:40:22 ----SD---- D:\WINDOWS\Tasks
2010-08-17 20:24:34 ----D---- C:\Program Files\Opera
2010-08-17 15:03:27 ----D---- D:\Documents and Settings\Tata\Data aplikací\HLSW
2010-08-17 14:22:40 ----A---- D:\WINDOWS\system32\PnkBstrB.exe
2010-08-17 11:16:12 ----D---- D:\Documents and Settings\Tata\Data aplikací\Canon
2010-08-17 07:58:37 ----D---- D:\Documents and Settings\Tata\Data aplikací\dvdcss
2010-08-13 08:52:59 ----D---- D:\WINDOWS\Microsoft.NET
2010-08-13 08:24:50 ----RSHDC---- D:\WINDOWS\system32\dllcache
2010-08-13 08:24:48 ----HD---- D:\WINDOWS\$hf_mig$
2010-08-13 08:24:27 ----D---- D:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-08-13 08:21:52 ----D---- D:\WINDOWS\ie8updates
2010-08-11 11:49:34 ----A---- D:\WINDOWS\EurekaLog.ini
2010-08-08 21:46:35 ----RSD---- D:\WINDOWS\Fonts
2010-08-08 21:45:26 ----D---- D:\WINDOWS\SHELLNEW
2010-08-08 21:29:21 ----D---- D:\WINDOWS\SoftwareDistribution
2010-08-08 21:11:52 ----SD---- D:\Documents and Settings\Tata\Data aplikací\Microsoft
2010-08-03 20:09:31 ----A---- D:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; D:\WINDOWS\System32\Drivers\BtHidBus.sys [2009-01-08 20744]
R0 BTHidEnum;Bluetooth HID Enumerator; D:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; D:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 hotcore2;hotcore2; D:\WINDOWS\system32\drivers\hotcore2.sys [2006-11-10 30808]
R0 nvatabus;nvatabus; D:\WINDOWS\system32\DRIVERS\nvatabus.sys [2005-02-11 89856]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver; D:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; D:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 vax347s;vax347s; D:\WINDOWS\System32\Drivers\vax347s.sys [2004-04-30 5248]
R1 Aavmker4;avast! Asynchronous Virus Monitor; D:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 aswSP;aswSP; D:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; D:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R2 aswFsBlk;aswFsBlk; D:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;avast! Standard Shield Support; D:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
R3 Arp1394;Protokol 1394 ARP Client; D:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-12-11 4525056]
R3 BlueletAudio;Bluetooth Audio Service; D:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; D:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; D:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-02-24 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; D:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-02-24 12928]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; D:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 SKYNET;TechniSat DVB-PC TV Star PCI; D:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2007-10-01 419344]
R3 VComm;Virtual Serial port driver; D:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; D:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; D:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; D:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S1 kbdhid;Ovladač klávesnice standardu HID; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 aswRdr;aswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
S3 BT;Bluetooth PAN Network Adapter; D:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; D:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 btnetBUs;Bluetooth PAN Bus Service; D:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 catchme;catchme; \??\D:\DOCUME~1\Tata\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 IvtBtBUs;IVT Bluetooth Bus Service; D:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 PAC207;USB PC Cam Plus; D:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WmFilter;Logitech Gaming HID Filter Driver; D:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmHidLo;Logitech Gaming USB Filter Driver; D:\WINDOWS\system32\drivers\WmHidLo.sys [2005-04-12 17632]
S3 WmVirHid;Logitech Virtual Hid Device Driver; D:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys [2010-02-18 691696]
S4 vax347b;vax347b; D:\WINDOWS\system32\DRIVERS\vax347b.sys [2005-07-08 159616]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2009-12-11 602112]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-29 75064]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-18 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-04 72704]
S3 aspnet_state;Stavová služba ASP.NET; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe []
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-08 575488]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe []
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

Skoro bych to na ten reinstal viděla , nevíš, co dělal? Spouštěl nějaký crack?

V nouzovém režimu proved

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

[sunv]

Přesně, crack. Surfoval po strankach s crakama bez firewallu jen s avastem. Ještě minulej tyden řikám udělej si zálohu (dal jsem mu Paragon backup 2006 z chipu) a dej si firewall, riskuješ.
No neposlechl
Ten antivir bude chtít novou databázi z netu co. No já mám strach to pc připojit na net, poskytovatel jak něco zmerči hned odstřihne net, pak se musí všechno dělat přes proxy.
Počítač tuhne při pokusu spustit jakýkoliv program, ale ne vždy. Když ,ale vytuhne musí se dát tvrdý reset.
Mám bootovací cd s f-secure a tedˇpřišel chip s Kaspersky Rescue Disk 10 cokdybych to zkusil

[sunv]

avptoll stažen, jdu na to

[motji]

Ten kaspersky rescue disk taky nezněl špatně, kdyby něco

[sunv]

Tak a je to. Nakonec jsem použil To boot cd Kaspersky protože i nouzový režim dělal neplechu. V podstatě cd je AVPtools s vlastním systémem.
Scan trval něco přes 20 hodin a nic to nenašlo. PC je tedy čisté, ale systém byl tvrdě porušen, ale podařilo image zálohu v paragonu, tak jsem to přeplácl.
Sorry motji za tu ztrátu času a muselo to nejprve vyčistit a udělat zálohy fotek a dokumentů.
Dík za pomoc.

[motji]

Nejspíš byl systém poškozený, to se stává.
Není zač, ahoj