System tool - znova :)

[Skyro]

Zdravim Stala sa mi neskutocne neprijemna vec, chytil som System tool na svoj PC. Netusim ako, neinstaloval som ho. Ako som prehladaval forum, doslo mi ze je to celkom znamy a obvykly virus, ale riesenie byvalo vacsinou vzdy ine.

Symptomy : Zacalo to jednoho krasneho dna, ked som nechraneny hladal wallpapery. Surfujem surfujem, zrazu sa mi spustila Java, krasne modrocervene pozadie a tak dale, a tak dale...Do safemode sa mi dostat este vcera islo, dnes uz nie. Do systemu sa dostanem, ale okrem firefoxu nespustim ani notepad. Presiel som PC avast!om pri startupe (naplanoval som kontrolu spolu s bootom), ten mi nasiel sality a nejake chybky. Bohuzial system tool nenasiel. Mam na kompe v dualboote nainstalovane Ubuntu, z ktoreho aj teraz pisem.

Poprosil by som Vas o nejaky zrozumitelny navod ako postupovat, ktore logy treba a tak, vsetko potrebne dodam

Dalej mam este jeden mensi problemik :
Pri pisani na Facebooku /chat,status,komentar, vsetko/ sa mi po chvili surfovania stava, ze mi kurzor samovolne skoci do okienka s adresou, ja trebars napisem do chatu ,,Ahoj'' a ono napise ''ah'' do chatu a ''oj'' do navigacie na webe. Ja stlacim enter kedze to chcem odoslat, a jak to potvrdim, tak som z Facebooku prec kedze firefox sa ma snazi dostat na adresu ''oj''. Co je este cudnejsie, miesto prveho vysledku v Googli ma hodi na stranku Ask.com s vysledkami vyhladavania pre ''oj''. Robi mi to aj ak mam v jednej karte otvoreny Facebook, a v druhej trebars viry.cz a odpovedam na prispevok. Mam otvorene viry.cz, a po chvili mi to zacne robit to iste co na Facebooku. Ked FB zavriem, vsetko je v poriadku. Prehliadac Mozzila FF, Win7, robi mi to uz dlhsie a len na W7. Reinstall FF som skusal.

Velmi Vam dakujem za Vase odpovede a privitam kazdu radu

[Rudy]

Restartujte do nouz. režimu a dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 .

[Skyro]

Zdravim ...Do safemode sa mi dostat este vcera islo, dnes uz nie.

[Rudy]

Stáhněte a spusťte Rkill: http://download.bleepingcomputer.com/grinler/rkill.com . Od této chvíle nesmíte restartovat PC. Pak zkuste RSIT.

[Skyro]

...ale okrem firefoxu nespustim ani notepad.

[Rudy]

Rkill by měl blokovat ten šmejd.

[Skyro]

Ne, ne, nefunguje ani rkill. Dostanem sa ale do avastu. A zistil som ze ten bordel povypinal vsetky real-time stity ktore momentalne nejdu zapnut.


//Nefunguje rkill.exe, rkill.com ani rkill.scr

A este by som mal jeden problem, po prihlaseni do windwsu sa mi stava ze sa neskutocne dlho nacitava profil, niekedy je to takto a niekedy je to uplne v poriadku, neviem od coho to zavisi, co to moze byt?

[motji]

Omluva za vstup
Funguje Vám v běžném režimu něco?
Pak píšete, že Avast našel SAlity - můžete se kouknout, co přesně Avast hlásil?

[Skyro]

No v beznom rezime spustim firefox, dostanem sa do avastu...tot vse.

A skusim pohladat log z toho avastu, ale vazne nespolieham ci nieco najdem. Ale ten log aj tak ja v PC neotvorim, kedze notepad nespustim.

[motji]

Máte možnost na jiném pc vypálit cd?
Máte v pc nějaká důležitá data?

Zkuste spustit tohle

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT 

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

[Skyro]

Ano mam tam veci o ktore nechcem prist A OTL.exe nespustim, kedze ta bestia mi blokuje vse krom FF. Napadlo ma, keby som rkill.exe nejakym sposobom nastavil tak, aby sa spustal po spusteni? Pripominam ze mam Dualboot s Ubuntu, nedalo by sa nejak si pomoct linuxom?

[motji]

Z linuxu můžete zazálohovat data,ne? Trochu mám strach, pokud máte v pc sality, že budete mít infikované všechny exe soubory, takže ty bych nezálohovala.


Zkuste ještě tohle
Stáhněte OTH http://www.viry.cz/forum/download/file.php?id=3164
-rozbalte
-spustte ho, potvrdte tlačítko KillAll processes
-následně spustte tlačítko OTL

[Skyro]

Novinky : Klikol som na ten odkaz na stiahnutie, a v momente BSOD. Teraz sa mi ale nejakym zazrakom podarilo dostat do safemodu, cize idem spravit RSIT log.

[Skyro]

RSIT Log :

Kód: Vybrat vše

Logfile of random's system information tool 1.08 (written by random/random)
Run by Sprava at 2011-02-15 23:24:02
Microsoft Windows 7 Ultimate  
System drive C: has 278 MB (1%) free of 34 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:24:12, on 15. 2. 2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
D:\Programs\Mozilla Firefox\firefox.exe
C:\Users\Sprava\Desktop\RSIT.exe
C:\Program Files\trend micro\Sprava.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvdirect.iamwired.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
F2 - REG:system.ini: Shell=explorer.exe "C:\Users\Sprava\AppData\Roaming\kvxocdvqxprddmwydlb1mg3lfqhncdc2\csrss.exe"
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O4 - HKLM\..\Run: [avast5] "D:\Programs\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Infium] "D:\Programs\QIP Infium\infium.exe" /autorun
O4 - HKCU\..\Run: [C:\Users\Sprava\AppData\Roaming\InstallMon.exe] C:\Users\Sprava\AppData\Roaming\InstallMon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RGSC] D:\Programs\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [mssend] "C:\Users\Sprava\AppData\Roaming\xwhyudsr1ktnkz2kznzqkikcjzvrrfat2\svcnost.exe"
O4 - HKCU\..\RunOnce: [hMlDiIo14700] C:\ProgramData\hMlDiIo14700\hMlDiIo14700.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programs\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - ALWIL Software - D:\Programs\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programs\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programs\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\Windows\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - D:\Programs\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - D:\Programs\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 6773 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=D:\Programs\Alwil Software\Avast5\avastUI.exe [2010-01-28 2757512]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-11-25 336384]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Infium"=D:\Programs\QIP Infium\infium.exe [2010-03-12 5739472]
"C:\Users\Sprava\AppData\Roaming\InstallMon.exe"=C:\Users\Sprava\AppData\Roaming\InstallMon.exe [2010-06-30 36864]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"RGSC"=D:\Programs\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"mssend"=C:\Users\Sprava\AppData\Roaming\xwhyudsr1ktnkz2kznzqkikcjzvrrfat2\svcnost.exe [2011-02-14 86528]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"hMlDiIo14700"=C:\ProgramData\hMlDiIo14700\hMlDiIo14700 [2011-02-15 98]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
D:\Programs\Alcohol Soft\Alcohol 120\axcmd.exe [2009-09-18 205976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-12-14 47904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
D:\Programs\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe [2007-06-29 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\Windows\FixCamera.exe [2007-02-12 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-22 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
D:\Programs\QIP Infium\infium.exe [2010-03-12 5739472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Programs\iTunes\iTunesHelper.exe [2010-12-13 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
D:\Programs\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=2 /w /h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Windows\system32\oodtray.exe [2007-05-11 2512392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegCom32]
C:\Users\Mama\AppData\Local\Temp\vip.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
D:\Programs\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
C:\Windows\vsnp325.exe [2006-10-10 827392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Programs\Steam\steam.exe [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
C:\Windows\tsnp325.exe [2006-10-10 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^·ţÎńąÜŔíĆ÷.lnk]
C:\PROGRA~1\MI3EDC~1\80\Tools\Binn\sqlmangr.exe [2000-08-06 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Sprava^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Sprava\AppData\Local\Temp\0.20846286101495237.exe"="C:\Users\Sprava\AppData\Local\Temp\0.20846286101495237.exe:*:Enabled:ldrsoft"
"C:\Users\Sprava\AppData\Roaming\xwhyudsr1ktnkz2kznzqkikcjzvrrfat2\svcnost.exe"="C:\Users\Sprava\AppData\Roaming\xwhyudsr1ktnkz2kznzqkikcjzvrrfat2\svcnost.exe:*:Enabled:ldrsoft"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-02-15 23:21:11 ----D---- C:\Program Files\trend micro
2011-02-15 23:21:10 ----D---- C:\rsit
2011-02-15 14:35:55 ----D---- C:\32788R22FWJFW
2011-02-15 14:07:59 ----SHD---- C:\found.000
2011-02-15 14:01:30 ----A---- C:\Windows\ntbtlog.txt
2011-02-14 21:31:25 ----D---- C:\ProgramData\hMlDiIo14700
2011-02-14 15:32:32 ----D---- C:\Program Files\Pontifex
2011-02-14 15:32:15 ----D---- C:\Program Files\Bridge Building Game
2011-02-14 14:12:09 ----H---- C:\Users\Sprava\AppData\Roaming\desktop.ini
2011-02-14 14:12:06 ----D---- C:\Users\Sprava\AppData\Roaming\xwhyudsr1ktnkz2kznzqkikcjzvrrfat2
2011-02-14 12:41:03 ----D---- C:\Users\Sprava\AppData\Roaming\kvxocdvqxprddmwydlb1mg3lfqhncdc2
2011-02-14 10:12:24 ----D---- C:\Program Files\WinAce
2011-02-03 17:05:50 ----A---- C:\Windows\system32\msvbvm50.dll
2011-02-03 17:05:48 ----A---- C:\Windows\system32\msrpjt40.dll
2011-02-03 17:05:47 ----A---- C:\Windows\system32\insrepim.exe
2011-02-03 17:05:42 ----A---- C:\Windows\system32\mdt2fw95.dll
2011-02-03 17:05:39 ----A---- C:\Windows\system32\rdocurs.dll
2011-02-03 17:05:39 ----A---- C:\Windows\system32\ntwdblib.DLL
2011-02-03 17:05:39 ----A---- C:\Windows\system32\Msrdo20.dll
2011-02-03 17:05:38 ----A---- C:\Windows\system32\DBmsSHRn.dll
2011-02-03 17:05:38 ----A---- C:\Windows\system32\dbmslpcn.dll
2011-02-03 17:05:10 ----A---- C:\Windows\IsUninst.exe
2011-02-03 17:05:06 ----D---- C:\Program Files\Microsoft SQL Server
2011-02-03 17:04:22 ----A---- C:\Windows\IsUn0804.exe
2011-02-02 20:06:07 ----D---- C:\Users\Sprava\AppData\Roaming\GHISLER
2011-02-02 20:06:07 ----D---- C:\totalcmd
2011-02-02 20:06:07 ----A---- C:\Windows\UC.PIF
2011-02-02 20:06:07 ----A---- C:\Windows\RAR.PIF
2011-02-02 20:06:07 ----A---- C:\Windows\PKZIP.PIF
2011-02-02 20:06:07 ----A---- C:\Windows\PKUNZIP.PIF
2011-02-02 20:06:07 ----A---- C:\Windows\NOCLOSE.PIF
2011-02-02 20:06:07 ----A---- C:\Windows\LHA.PIF
2011-02-02 20:06:07 ----A---- C:\Windows\ARJ.PIF
2011-01-29 08:01:51 ----N---- C:\Windows\XIIIHooligans.ini
2011-01-26 17:48:29 ----D---- C:\Users\Sprava\AppData\Roaming\OnLive App
2011-01-26 17:48:10 ----D---- C:\Program Files\OnLive
2011-01-23 19:46:12 ----D---- C:\Program Files\HI-TECH Software
2011-01-22 11:51:58 ----D---- C:\ProgramData\SlySoft
2011-01-20 13:58:03 ----D---- C:\Program Files\Foxit Software

======List of files/folders modified in the last 1 months======

2011-02-15 23:41:06 ----D---- C:\Windows\system32\LogFiles
2011-02-15 23:24:05 ----D---- C:\Windows\Temp
2011-02-15 23:21:11 ----RD---- C:\Program Files
2011-02-15 23:05:49 ----D---- C:\Windows\Prefetch
2011-02-15 20:32:23 ----D---- C:\Windows\tracing
2011-02-15 14:01:30 ----AD---- C:\Windows
2011-02-14 21:38:15 ----D---- C:\Users\Sprava\AppData\Roaming\BitTorrent
2011-02-14 21:35:41 ----D---- C:\Users\Sprava\AppData\Roaming\Skype
2011-02-14 21:35:01 ----D---- C:\Users\Sprava\AppData\Roaming\skypePM
2011-02-14 21:31:25 ----HD---- C:\ProgramData
2011-02-14 21:25:01 ----D---- C:\Windows\System32
2011-02-14 21:25:01 ----D---- C:\Windows\inf
2011-02-14 21:25:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-14 15:06:46 ----D---- C:\Windows\pss
2011-02-07 17:09:56 ----SHD---- C:\System Volume Information
2011-02-06 20:57:07 ----SHD---- C:\Windows\Installer
2011-02-06 20:57:06 ----SHD---- C:\Config.Msi
2011-02-06 20:55:04 ----RSD---- C:\Windows\assembly
2011-02-06 18:10:23 ----D---- C:\Users\Sprava\AppData\Roaming\vlc
2011-02-06 15:50:47 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-06 09:08:13 ----D---- C:\Windows\system32\catroot2
2011-02-05 09:28:25 ----D---- C:\Windows\system32\NDF
2011-02-03 17:05:38 ----D---- C:\Program Files\Common Files\microsoft shared
2011-02-03 17:05:15 ----HD---- C:\Program Files\Uninstall Information
2011-01-29 22:42:14 ----D---- C:\Users\Sprava\AppData\Roaming\abgx360
2011-01-26 15:14:07 ----D---- C:\Users\Sprava\AppData\Roaming\dvdcss
2011-01-23 19:46:11 ----D---- C:\Program Files\Common Files\Merge Modules
2011-01-23 19:45:50 ----D---- C:\Windows\system32\drivers
2011-01-22 11:49:49 ----D---- C:\Windows\system32\Tasks
2011-01-21 23:59:49 ----D---- C:\Windows\system32\oodag

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\aswNdis.sys [2010-01-09 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\Windows\system32\drivers\aswNdis2.sys [2010-01-28 194640]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R1 aswFW;avast! TDI Firewall driver; C:\Windows\system32\drivers\aswFW.sys [2010-01-28 103120]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-01-28 23376]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 CLEDX;Team H2O CLEDX service; C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2010-07-13 27632]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 111312]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-03-24 691696]
S1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [2010-07-03 2911848]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2010-01-28 270928]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-01-28 163280]
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-01-28 46672]
S1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
S1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2010-06-25 142992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2010-06-25 41936]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-01-28 19024]
S2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-01-28 51792]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-07-16 278984]
S2 cvintdrv;cvintdrv; C:\Windows\system32\drivers\cvintdrv.sys [2006-07-27 4096]
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-04-24 18048]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2009-07-14 117248]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-11-19 100352]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 FStarForce;FStarForce; C:\Windows\system32\DRIVERS\FStarForce.sys [2009-07-13 9216]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
S3 GGSAFERDriver;GGSAFER Driver; \??\D:\Programs\Garena\safedrv.sys []
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2009-04-06 25512]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-09-02 25280]
S3 LLRING0;LLRING0; \??\D:\Games\NationMU\NationMU\NationMU Season5 Client\MuGuard\llck3.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SNP325;USB PC Camera (SNPSTD325); C:\Windows\system32\DRIVERS\snp325.sys [2007-03-07 10260864]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TSP;TSP; \??\C:\Windows\system32\drivers\klif.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 100496]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2010-06-25 31632]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 AMD Reservation Manager;AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
S2 avast! Antivirus;avast! Antivirus; D:\Programs\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
S2 avast! Firewall;avast! Firewall; D:\Programs\Alwil Software\Avast5\afwServ.exe [2010-01-28 119200]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 LkCitadelServer;Lookout Citadel Server; C:\Windows\system32\lkcitdl.exe [2006-06-19 688190]
S2 lkClassAds;National Instruments PSP Server Locator; C:\Windows\system32\lkads.exe [2006-07-25 45056]
S2 lkTimeSync;National Instruments Time Synchronization; C:\Windows\system32\lktsrv.exe [2006-07-25 57344]
S2 MSSQLSERVER;MSSQLSERVER; C:\PROGRA~1\MI3EDC~1\MSSQL\binn\sqlservr.exe [2000-08-17 7442493]
S2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
S2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
S2 NIDomainService;National Instruments Domain Service; D:\Programs\National Instruments\Shared\Security\nidmsrv.exe [2006-07-25 200704]
S2 niSvcLoc;NI Service Locator; C:\Windows\system32\nisvcloc.exe [2006-02-06 49152]
S2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-05-11 1050120]
S2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-10-29 189248]
S2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 avast! Mail Scanner;avast! Mail Scanner; D:\Programs\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; D:\Programs\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2000-08-06 65602]
S3 NILM License Manager;NILM License Manager; D:\Programs\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2006-06-27 1007616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\PROGRA~1\MI3EDC~1\MSSQL\binn\sqlagent.exe [2000-08-06 303170]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe [2010-07-03 304528]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-07 867080]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; D:\Programs\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-01-05 75064]
S4 StarWindServiceAE;StarWind AE Service; D:\Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-07-02 395048]

-----------------EOF-----------------

[motji]

Fajn, v podpisu mám Avptool, spustte ho

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky


Kdyby Vám zase nešel nouzový režim, můžete použít Kašpersky rescue disk nebo web cureit live cd, vypálite ISO , nabootujete z něj a spustíte kontrolu.
Log bych pak uvítala, stejně jako nový log ze rsitu

http://extrawindows.cnews.cz/kaspersky- ... iry-selzou
http://translate.google.cz/translate?hl ... rmd%3Divns