PC infikoval virus "Netsha"

Zpráva

dfstgerw · #1 Příspěvek od **dfstgerw** » 10 dub 2011 11:15

Ahoj.
Opět se obracím na vaše fórum s prosbou o pomoc.
Moje PC infikoval virus "Netsha".
Za pomoc předem děkuji.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Adam at 2011-04-10 11:51:17
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 370 GB (39%) free of 954 GB
Total RAM: 4093 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:55:41, on 10.4.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\PROGRA~2\ROCCAT\KONE__~1\KONE__~2.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Hry\Fallout 3\FalloutLauncher.exe
C:\Users\Adam\AppData\Local\Temp\3582-490\FalloutLauncher.exe
C:\Program Files\trend micro\Adam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [RoccatKone+] "C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - (no file)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8941 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe"
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~2\ROCCAT\KONE__~1\KONE__~2.EXE
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4408.13d3ec20.776852700 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" "Mozilla.Firefox.4.0" -omnijar C:\Program Files (x86)\Mozilla Firefox\omni.jar 4408 \\.\pipe\gecko-crash-server-pipe.4408 plugin
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
\??\C:\Windows\system32\conhost.exe
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2932
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe" /TUStart /pid:4528
"taskhost.exe"
"C:\Hry\Fallout 3\FalloutLauncher.exe"
"C:\Users\Adam\AppData\Local\Temp\3582-490\FalloutLauncher.exe"
"C:\Users\Adam\Desktop\RSITx64(1).exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe13_ Global\UsGthrCtrlFltPipeMssGthrPipe13 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 548 552 560 65536 556

======Scheduled tasks folder======

C:\Windows\tasks\AWC Update.job
C:\Windows\tasks\FixCleaner Scan.job
C:\Windows\tasks\FixCleaner Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-02-23 814160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} -
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-02-23 814160]
{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2010-07-21 2306448]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-01-18 8866120]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-02-24 11780712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adm_tray.exe]
C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [2010-06-04 530768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASM]
C:\Program Files (x86)\AOL\Active Security Monitor\ASMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO]
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [2011-02-07 215792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA]
C:\Program Files\COMODO\COMODO GeekBuddy\Cpa.exe [2011-02-08 1071752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
C:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\PROGRA~1\Eraser\Eraser.exe [2010-11-04 980368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMMON]
C:\Program Files (x86)\IM Magician\Vicamon.exe [2010-09-28 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMMONSUPPORT]
C:\Program Files (x86)\IM Magician\vmonproc.exe [2010-09-28 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2011-01-02 1670656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\Windows\KHALMNPR.EXE [2009-06-17 130576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-02-24 11780712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor]
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2010-11-16 2536752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Služba Acronis Scheduler2]
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2010-12-17 391144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-04-10 3360256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2011-04-10 1451768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2010-12-17 5566176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\Program Files\Mouse\Amoumain.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk]
C:\PROGRA~1\Logitech\SETPOI~1\SETPOI~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Adam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
C:\PROGRA~2\COMMON~1\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=CSY /_WFM=. []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RoccatKone+"=C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE [2011-03-28 556072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\guard64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2010-11-20 290304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 6722448]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"NoThumbnailCache"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"

======File associations======

.exe - open - C:\Windows\svchost.com "%1" %*
.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-04-10 11:50:37 ----D---- C:\Program Files\Unlocker
2011-04-10 10:12:59 ----D---- C:\Windows\SYSWOW64\RTCOM
2011-04-10 10:12:39 ----A---- C:\Windows\system32\WavesGUILib.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\SRSWOW64.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\SRSTSX64.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\SRSTSH64.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\SRSHP64.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\RtPgEx64.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\RtkCfg64.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\RtkApi64.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\RTEEP64A.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\RTEEL64A.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\RTEEG64A.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\RTEED64A.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\RTCOM64.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\RP3DHT64.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\RP3DAA64.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\RCoInst64.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\MBppld64.dll
2011-04-10 10:12:39 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2011-04-10 10:12:38 ----A---- C:\Windows\SYSWOW64\MBAPO32.dll
2011-04-10 10:12:38 ----A---- C:\Windows\system32\MBPPCn64.dll
2011-04-10 10:12:38 ----A---- C:\Windows\system32\MBAPO64.dll
2011-04-10 10:12:38 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2011-04-10 10:12:38 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2011-04-10 10:12:38 ----A---- C:\Windows\system32\FMAPO64.dll
2011-04-10 10:12:38 ----A---- C:\Windows\system32\AERTAR64.dll
2011-04-10 10:12:38 ----A---- C:\Windows\system32\AERTAC64.dll
2011-04-10 00:11:54 ----A---- C:\Windows\directx.sys
2011-04-10 00:05:22 ----D---- C:\ProgramData\Sony
2011-04-10 00:05:18 ----D---- C:\Program Files (x86)\Sony
2011-04-10 00:04:36 ----D---- C:\Users\Adam\AppData\Roaming\Sony
2011-04-08 20:11:34 ----D---- C:\Filmy
2011-04-05 18:34:59 ----D---- C:\Program Files (x86)\Steam
2011-04-02 09:26:19 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2011-04-02 09:26:19 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2011-04-02 09:26:19 ----A---- C:\Windows\system32\OpenCL.dll
2011-04-02 09:26:19 ----A---- C:\Windows\system32\nvoglv64.dll
2011-04-02 09:26:19 ----A---- C:\Windows\system32\nvhdap64.dll
2011-04-02 09:26:19 ----A---- C:\Windows\system32\nvhdagenco642040.dll
2011-04-02 09:26:19 ----A---- C:\Windows\system32\nvd3dumx.dll
2011-04-02 09:26:19 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-04-02 09:26:19 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2011-04-02 09:26:18 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2011-04-02 09:26:18 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2011-04-02 09:26:18 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2011-04-02 09:26:18 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2011-04-02 09:26:18 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2011-04-02 09:26:18 ----A---- C:\Windows\system32\nvcuvid.dll
2011-04-02 09:26:18 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-04-02 09:26:18 ----A---- C:\Windows\system32\nvcuda.dll
2011-04-02 09:26:18 ----A---- C:\Windows\system32\nvcompiler.dll
2011-04-02 08:57:08 ----D---- C:\Program Files (x86)\SlimDrivers
2011-03-27 22:10:49 ----D---- C:\Users\Adam\AppData\Roaming\2K Sports
2011-03-27 16:19:36 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-03-27 16:19:06 ----D---- C:\Windows\SYSWOW64\URTTEMP
2011-03-27 00:33:41 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2011-03-27 00:33:41 ----D---- C:\Program Files (x86)\Microsoft SDKs
2011-03-27 00:33:22 ----D---- C:\Program Files\Microsoft SDKs
2011-03-27 00:33:14 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2011-03-26 19:32:22 ----A---- C:\Windows\War3Unin.pif
2011-03-26 19:32:22 ----A---- C:\Windows\War3Unin.exe
2011-03-26 00:39:12 ----A---- C:\Windows\system32\RtNicProp64.dll
2011-03-26 00:39:12 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2011-03-26 00:26:53 ----D---- C:\Users\Adam\AppData\Roaming\FixCleaner
2011-03-26 00:26:49 ----D---- C:\Program Files (x86)\FixCleaner
2011-03-25 23:38:14 ----D---- C:\Program Files (x86)\SlimCleaner
2011-03-25 23:22:15 ----A---- C:\Windows\SYSWOW64\uxtuneup.dll
2011-03-25 23:22:15 ----A---- C:\Windows\system32\uxtuneup.dll
2011-03-25 23:22:15 ----A---- C:\Windows\system32\authuitu.dll
2011-03-25 23:22:14 ----A---- C:\Windows\SYSWOW64\authuitu.dll
2011-03-25 15:13:26 ----D---- C:\Program Files (x86)\SlimComputer
2011-03-25 15:12:57 ----D---- C:\Program Files (x86)\Downloaded Installers
2011-03-25 13:40:17 ----AD---- C:\ProgramData\TEMP
2011-03-25 13:40:00 ----D---- C:\Program Files (x86)\SpywareBlaster
2011-03-25 13:40:00 ----A---- C:\Windows\SYSWOW64\MSSTDFMT.DLL
2011-03-24 18:44:43 ----SHD---- C:\Windows\SYSWOW64\DMRCYR
2011-03-24 17:48:46 ----A---- C:\Windows\system32\SmartDefragBootTime.exe
2011-03-24 17:48:46 ----A---- C:\Windows\system32\drivers\SmartDefragDriver.sys
2011-03-23 18:15:22 ----D---- C:\Program Files (x86)\DsNET Corp
2011-03-23 13:22:44 ----D---- C:\Users\Adam\AppData\Roaming\Malwarebytes
2011-03-23 13:22:33 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-03-23 13:22:32 ----D---- C:\ProgramData\Malwarebytes
2011-03-23 13:22:26 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-23 13:22:26 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-03-22 21:25:23 ----SHD---- C:\Windows\SYSWOW64\JCIRMM
2011-03-22 20:45:50 ----SHD---- C:\Windows\SYSWOW64\NVBENW
2011-03-22 20:29:59 ----SHD---- C:\Windows\SYSWOW64\HGIQNC
2011-03-22 01:29:45 ----SHD---- C:\$RECYCLE.BIN
2011-03-22 00:37:10 ----D---- C:\Windows\temp
2011-03-22 00:37:08 ----A---- C:\ComboFix.txt
2011-03-22 00:29:29 ----A---- C:\Windows\SWXCACLS.exe
2011-03-21 23:21:14 ----A---- C:\Windows\zip.exe
2011-03-21 23:21:14 ----A---- C:\Windows\SWSC.exe
2011-03-21 23:21:14 ----A---- C:\Windows\SWREG.exe
2011-03-21 23:21:14 ----A---- C:\Windows\sed.exe
2011-03-21 23:21:14 ----A---- C:\Windows\PEV.exe
2011-03-21 23:21:14 ----A---- C:\Windows\NIRCMD.exe
2011-03-21 23:21:14 ----A---- C:\Windows\MBR.exe
2011-03-21 23:21:14 ----A---- C:\Windows\grep.exe
2011-03-21 23:21:08 ----D---- C:\Windows\ERDNT
2011-03-21 23:19:08 ----D---- C:\Qoobox
2011-03-21 22:30:10 ----D---- C:\rsit
2011-03-21 22:30:10 ----D---- C:\Program Files\trend micro
2011-03-21 16:24:42 ----SHD---- C:\Windows\SYSWOW64\TVESPT
2011-03-21 16:14:10 ----SHD---- C:\Windows\SYSWOW64\IMBEQU
2011-03-21 14:49:42 ----D---- C:\Program Files (x86)\FTH
2011-03-20 19:42:37 ----D---- C:\Program Settings
2011-03-20 01:07:06 ----D---- C:\Program Files (x86)\Nero
2011-03-17 18:17:50 ----D---- C:\Program Files (x86)\Google
2011-03-17 00:58:55 ----D---- C:\Program Files (x86)\AfterShocked!
2011-03-15 10:53:58 ----A---- C:\Windows\system32\RtkAPO64.dll
2011-03-15 00:46:52 ----D---- C:\Users\Adam\AppData\Roaming\KeePass
2011-03-15 00:37:19 ----D---- C:\Program Files (x86)\KeePass Password Safe 2

======List of files/folders modified in the last 1 months======

2011-04-10 11:51:30 ----D---- C:\Windows
2011-04-10 11:50:37 ----RD---- C:\Program Files
2011-04-10 11:42:57 ----D---- C:\Windows\system32\Tasks
2011-04-10 11:05:41 ----D---- C:\Windows\system32\config
2011-04-10 10:13:25 ----HD---- C:\Program Files (x86)\Temp
2011-04-10 10:13:09 ----D---- C:\Windows\system32\drivers
2011-04-10 10:13:00 ----D---- C:\Windows\SysWOW64
2011-04-10 10:13:00 ----D---- C:\Windows\System32
2011-04-10 10:12:56 ----D---- C:\Windows\inf
2011-04-10 10:12:55 ----D---- C:\Windows\system32\catroot
2011-04-10 10:12:53 ----D---- C:\Windows\system32\DriverStore
2011-04-10 10:12:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-04-10 10:04:47 ----D---- C:\Windows\Tasks
2011-04-10 08:08:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-10 08:02:07 ----D---- C:\ProgramData\NVIDIA
2011-04-10 00:05:52 ----SHD---- C:\Windows\Installer
2011-04-10 00:05:49 ----RSD---- C:\Windows\assembly
2011-04-10 00:05:31 ----D---- C:\Config.Msi
2011-04-10 00:05:22 ----D---- C:\ProgramData
2011-04-10 00:05:18 ----RD---- C:\Program Files (x86)
2011-04-08 20:10:33 ----D---- C:\Program Files\Recuva
2011-04-08 06:41:56 ----D---- C:\Program Files (x86)\Common Files
2011-04-08 06:41:56 ----D---- C:\Hry
2011-04-07 23:42:26 ----D---- C:\Windows\Prefetch
2011-04-07 23:41:16 ----SHD---- C:\System Volume Information
2011-04-07 20:54:58 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-04-07 20:53:08 ----D---- C:\Program Files\CCleaner
2011-04-07 20:45:44 ----D---- C:\Users\Adam\AppData\Roaming\Spyware Terminator
2011-04-07 20:45:44 ----D---- C:\Program Files (x86)\Spyware Terminator
2011-04-07 20:45:37 ----D---- C:\ProgramData\Spyware Terminator
2011-04-06 13:28:55 ----D---- C:\Windows\system32\catroot2
2011-04-05 18:34:04 ----D---- C:\Windows\winsxs
2011-04-02 10:42:51 ----D---- C:\Windows\system32\LogFiles
2011-03-27 19:59:00 ----D---- C:\Windows\system32\wdi
2011-03-27 16:19:53 ----D---- C:\Windows\Registration
2011-03-27 16:19:06 ----D---- C:\Program Files (x86)\Internet Explorer
2011-03-27 13:39:11 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2011-03-27 12:16:26 ----D---- C:\Windows\Microsoft.NET
2011-03-27 00:36:07 ----SD---- C:\ProgramData\Microsoft
2011-03-27 00:35:53 ----D---- C:\ProgramData\Microsoft Help
2011-03-27 00:35:02 ----SD---- C:\Users\Adam\AppData\Roaming\Microsoft
2011-03-27 00:33:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-03-26 22:49:39 ----D---- C:\Fraps
2011-03-26 15:20:23 ----D---- C:\Windows\SYSWOW64\config
2011-03-26 00:39:11 ----D---- C:\Program Files (x86)\Realtek
2011-03-26 00:17:14 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-03-26 00:16:53 ----D---- C:\Users\Adam\AppData\Roaming\LangSoft
2011-03-25 23:22:00 ----D---- C:\Program Files (x86)\TuneUp Utilities 2011
2011-03-25 16:22:29 ----D---- C:\Users\Adam\AppData\Roaming\TuneUp Software
2011-03-25 14:00:50 ----D---- C:\Users\Adam\AppData\Roaming\IObit
2011-03-24 17:53:29 ----D---- C:\Windows\system32\drivers\etc
2011-03-24 17:44:09 ----D---- C:\Program Files\Zrychleni Pocitace
2011-03-24 13:06:49 ----D---- C:\ProgramData\IObit
2011-03-24 13:06:49 ----D---- C:\Program Files (x86)\IObit
2011-03-23 13:22:33 ----D---- C:\Windows\SYSWOW64\drivers
2011-03-22 00:35:07 ----A---- C:\Windows\system.ini
2011-03-22 00:32:59 ----D---- C:\Windows\AppPatch
2011-03-22 00:32:55 ----D---- C:\Program Files\Common Files
2011-03-21 14:48:10 ----D---- C:\VritualRoot
2011-03-21 02:19:20 ----HD---- C:\Windows\system32\GroupPolicy
2011-03-20 16:03:43 ----D---- C:\Windows\SYSWOW64\LogFiles
2011-03-13 15:30:35 ----D---- C:\Windows\debug
2011-03-11 19:46:28 ----D---- C:\Windows\rescache
2011-03-11 01:36:17 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie64.sys [2010-06-17 16440]
R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2011-02-20 69376]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2011-01-26 277088]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273); C:\Windows\system32\DRIVERS\tdrpm273.sys [2011-01-26 1263200]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2011-01-26 970336]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 Amfilter;Compatible Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfltx64.sys [2000-01-01 12288]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-02-23 31064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-02-23 505176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-02-23 280408]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-02-23 53592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2011-01-06 250008]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2011-01-06 39888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2011-01-06 89840]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2011-02-05 230352]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-02-23 22360]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 64344]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R2 PfFilter;PfFilter; \??\C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [2011-03-16 36792]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2010-07-07 50696]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2011-03-03 174184]
R3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-23 33184]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
S3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2011-01-26 285280]
S3 Amusbprt;USB HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbx64.sys [2000-01-01 17920]
S3 catchme;catchme; C:\Windows\system32\drivers\catchme.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-02-24 2753512]
S3 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2011-03-09 33184]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-20 17152]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 55312]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 57872]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\system32\drivers\Synth3dVsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;tsusbhub; C:\Windows\system32\drivers\tsusbhub.sys []
S3 UrlFilter;UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-23 21328]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VGPU;VGPU; C:\Windows\system32\drivers\VGPU.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S4 FileMonitor;FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-03-23 20336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-02-23 42184]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-02-07 158112]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-01-18 2466032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-04-02 821592]
R2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2011-03-01 8192]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-03-08 1002904]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2011-02-27 948775]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-08 378472]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-03-04 2026304]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2008-12-22 104944]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-27 1255736]
S4 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S4 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2010-12-17 1112664]
S4 afcdpsrv;Služba Acronis Nonstop Backup; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-01-26 3246040]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 136176]
S4 IS360service;IS360service; C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-03-08 1405384]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-07 4466688]
S4 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 10 dub 2011 11:16

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

dfstgerw · #3 Příspěvek od **dfstgerw** » 13 dub 2011 06:20

Nechal jsem test běžet celou noc, ale nedokončil se.
Je to normální ?
Co mám dělat ?
PC se hroutí !

#4 Příspěvek od **Rudy** » 13 dub 2011 16:41

Restartujte do nouz. režimu a zkuste CF spustit tam.

VIRY.CZ

PC infikoval virus "Netsha"

PC infikoval virus "Netsha"

Re: PC infikoval virus "Netsha"

Re: PC infikoval virus "Netsha"

Re: PC infikoval virus "Netsha"