Zdravím,
začalo mi blbnúť PC a tak som urobil kontrolu pomocou ESET online scanneru a našlo mi nejaké bacile, dal som ich fixnúť, no po reštarte PC mi vypísalo, že jeden nedokázalo odsrániť--Win32/Sirefef.CH
Nejde mi spustiť Antivir ani Firewall, dokonca ani nainštalovať! Po skúške zapnúť Windows Firewall vypíše hlášku z chybou číslo:0x80070424. Pozeral som na nete a je to chyba aktualizácií. Postupoval som podľa Microsoft Support stránky, ale všetky Služby Updatu boli zapnuté(ako písali v návode). Prosím o kontrolu logu z RSIT, prípadne môžem spraviť log aj z iného programu, ďakujem:
Logfile of random's system information tool 1.09 (written by random/random)
Run by martin2 at 2012-01-02 16:57:01
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 32 GB (16%) free of 200 GB
Total RAM: 8190 MB (81% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:57:07, on 2. 1. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\trend micro\martin2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2435719319-3592366497-3371847141-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2435719319-3592366497-3371847141-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: LocalCooling.lnk = C:\Program Files (x86)\Uniblue\LocalCooling\localcooling2.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8942 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ATKFUSService.exe
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\SysWOW64\ASDR.exe
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe"
taskeng.exe {A1440CCD-D016-495D-B3E9-07A18059BB7C}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Users\martin2\Desktop\OpenHardwareMonitor\OpenHardwareMonitor.exe
"C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe" -b
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe" /start
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9cf767f6-daae-4e3a-bb84-4eedb0d2ba02 -SystemEventPortName:HostProcess-eb8a819b-b911-4464-9395-e868821c068b -IoCancelEventPortName:HostProcess-d19f7ffd-60db-405e-83e1-b8ae8750add9 -NonStateChangingEventPortName:HostProcess-e25854f0-9dd0-401f-8f84-598484eb9996 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:76a2d54b-57f1-481f-898b-6fbd227a7490
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe"
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\Windows\System32\msdtc.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2435719319-3592366497-3371847141-10007_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2435719319-3592366497-3371847141-10007 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
taskeng.exe {CE77C35A-8FA1-4241-89D8-0085E387B2C2}
"C:\Users\martin2\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-12-11 458416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-11 342192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-12-11 458416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-11 342192]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ASUSGamerOSD"=C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe [2009-07-30 380928]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2010-06-25 2441840]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-04-27 113288]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2010-03-05 411864]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
""= []
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2011-08-23 887976]
"NBAgent"=C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [2011-11-18 1492264]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]
C:\Users\martin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
LocalCooling.lnk - C:\Program Files (x86)\Uniblue\LocalCooling\localcooling2.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-01-02 16:57:01 ----D---- C:\rsit
2012-01-02 16:57:01 ----D---- C:\Program Files\trend micro
2011-12-30 20:32:39 ----D---- C:\Users\martin2\AppData\Roaming\ESET
2011-12-30 18:25:05 ----D---- C:\Program Files (x86)\ESET
2011-12-30 14:21:01 ----D---- C:\avrescue
2011-12-30 12:30:14 ----D---- C:\Users\martin2\AppData\Roaming\Avira
2011-12-30 12:29:46 ----D---- C:\Program Files (x86)\Avira
2011-12-30 12:02:43 ----D---- C:\ProgramData\Avira
2011-12-30 11:41:49 ----D---- C:\ProgramData\MFAData
2011-12-30 11:31:07 ----D---- C:\Program Files\ESET
2011-12-30 09:57:19 ----D---- C:\Windows\system32\Macromed
2011-12-30 09:37:01 ----D---- C:\Users\martin2\AppData\Roaming\Winint
2011-12-29 13:05:07 ----D---- C:\ProgramData\SmartSound Software Inc
2011-12-29 13:05:07 ----D---- C:\ProgramData\eSellerate
2011-12-29 13:05:07 ----D---- C:\Program Files (x86)\SmartSound Software
2011-12-29 13:04:39 ----D---- C:\ProgramData\Apple Computer
2011-12-29 13:04:39 ----D---- C:\Program Files (x86)\QuickTime
2011-12-29 13:04:25 ----D---- C:\ProgramData\Apple
2011-12-29 13:04:25 ----D---- C:\Program Files (x86)\Apple Software Update
2011-12-29 13:03:26 ----D---- C:\Program Files (x86)\Cyberlink
2011-12-29 13:02:52 ----D---- C:\Program Files\CyberLink
2011-12-29 13:01:51 ----D---- C:\ProgramData\Temp
2011-12-29 12:55:20 ----D---- C:\ProgramData\CyberLink
2011-12-29 12:55:13 ----D---- C:\Users\martin2\AppData\Roaming\CyberLink
2011-12-18 08:58:34 ----D---- C:\Program Files (x86)\CD Recovery Toolbox Free
2011-12-18 08:10:19 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-18 08:10:18 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-12-18 08:10:17 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-12-18 08:10:17 ----A---- C:\Windows\SYSWOW64\url.dll
2011-12-18 08:10:17 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-12-18 08:10:17 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-12-18 08:10:17 ----A---- C:\Windows\system32\urlmon.dll
2011-12-18 08:10:17 ----A---- C:\Windows\system32\url.dll
2011-12-18 08:10:17 ----A---- C:\Windows\system32\ieui.dll
2011-12-18 08:10:17 ----A---- C:\Windows\system32\iertutil.dll
2011-12-18 08:10:16 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-12-18 08:10:16 ----A---- C:\Windows\system32\wininet.dll
2011-12-18 08:10:16 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-18 08:10:15 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-12-18 08:10:15 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-12-18 08:10:15 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-12-18 08:10:15 ----A---- C:\Windows\system32\jscript9.dll
2011-12-18 08:10:15 ----A---- C:\Windows\system32\jscript.dll
2011-12-18 08:10:14 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-12-18 08:10:12 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-12-18 08:10:12 ----A---- C:\Windows\system32\mshtml.dll
2011-12-18 08:10:11 ----A---- C:\Windows\system32\ieframe.dll
2011-12-17 19:03:37 ----D---- C:\Windows\Minidump
2011-12-17 16:17:37 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-17 16:17:33 ----A---- C:\Windows\system32\win32k.sys
2011-12-17 16:17:28 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-12-17 16:17:28 ----A---- C:\Windows\system32\EncDec.dll
2011-12-17 16:17:13 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-12-17 16:17:13 ----A---- C:\Windows\system32\tzres.dll
2011-12-11 19:20:28 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-12-11 19:20:25 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2011-12-11 19:19:57 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2011-12-11 19:19:57 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2011-12-11 19:19:57 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-12-11 19:19:57 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-12-11 19:19:56 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2011-12-11 19:19:56 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-12-11 19:19:56 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-12-11 19:19:56 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-12-11 19:19:55 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-12-11 19:19:54 ----A---- C:\Windows\system32\D3DX9_43.dll
2011-12-11 19:19:54 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-12-11 19:19:53 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-12-11 19:19:53 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-12-11 19:19:53 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-12-11 19:19:53 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-12-11 19:19:52 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2011-12-11 19:19:52 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-12-11 19:19:52 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-12-11 19:19:52 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-12-11 19:19:52 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-12-11 19:19:52 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-12-11 19:19:51 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2011-12-11 19:19:51 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-12-11 19:19:51 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-12-11 19:19:50 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2011-12-11 19:19:50 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2011-12-11 19:19:50 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-12-11 19:19:50 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-12-11 19:19:49 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2011-12-11 19:19:49 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-12-11 19:19:48 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2011-12-11 19:19:48 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2011-12-11 19:19:48 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2011-12-11 19:19:48 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2011-12-11 19:19:48 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2011-12-11 19:19:48 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-12-11 19:19:48 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-12-11 19:19:48 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-12-11 19:19:48 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-12-11 19:19:48 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-12-11 19:19:48 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-12-11 19:19:47 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2011-12-11 19:19:47 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2011-12-11 19:19:47 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2011-12-11 19:19:47 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2011-12-11 19:19:47 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-12-11 19:19:47 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-12-11 19:19:47 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-12-11 19:19:47 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-12-11 19:19:46 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2011-12-11 19:19:46 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2011-12-11 19:19:46 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2011-12-11 19:19:46 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2011-12-11 19:19:46 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-12-11 19:19:46 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-12-11 19:19:46 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-12-11 19:19:46 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-12-11 19:19:46 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-12-11 19:19:45 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2011-12-11 19:19:45 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2011-12-11 19:19:45 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2011-12-11 19:19:45 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2011-12-11 19:19:45 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2011-12-11 19:19:45 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-12-11 19:19:45 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-12-11 19:19:45 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-12-11 19:19:45 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-12-11 19:19:45 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-12-11 19:19:44 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2011-12-11 19:19:44 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2011-12-11 19:19:44 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2011-12-11 19:19:44 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2011-12-11 19:19:44 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2011-12-11 19:19:44 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2011-12-11 19:19:44 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2011-12-11 19:19:44 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-12-11 19:19:44 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-12-11 19:19:44 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-12-11 19:19:44 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-12-11 19:19:44 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-12-11 19:19:44 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-12-11 19:19:44 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-12-11 19:19:43 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2011-12-11 19:19:43 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-12-11 19:19:42 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2011-12-11 19:19:42 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2011-12-11 19:19:42 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2011-12-11 19:19:42 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2011-12-11 19:19:42 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2011-12-11 19:19:42 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-12-11 19:19:42 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-12-11 19:19:42 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-12-11 19:19:42 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-12-11 19:19:42 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-12-11 19:19:41 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2011-12-11 19:19:41 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-12-11 19:19:40 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2011-12-11 19:19:40 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2011-12-11 19:19:40 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2011-12-11 19:19:40 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2011-12-11 19:19:40 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-12-11 19:19:40 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-12-11 19:19:40 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-12-11 19:19:40 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-12-11 19:19:39 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2011-12-11 19:19:39 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2011-12-11 19:19:39 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2011-12-11 19:19:39 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-12-11 19:19:39 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-12-11 19:19:39 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-12-11 19:19:38 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2011-12-11 19:19:38 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2011-12-11 19:19:38 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2011-12-11 19:19:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2011-12-11 19:19:38 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-12-11 19:19:38 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-12-11 19:19:38 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-12-11 19:19:38 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-12-11 19:19:38 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-12-11 19:19:37 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2011-12-11 19:19:37 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2011-12-11 19:19:37 ----A---- C:\Windows\system32\xinput1_3.dll
2011-12-11 19:19:37 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-12-11 19:19:37 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-12-11 19:19:36 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2011-12-11 19:19:36 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2011-12-11 19:19:36 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2011-12-11 19:19:36 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2011-12-11 19:19:36 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2011-12-11 19:19:36 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2011-12-11 19:19:36 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-12-11 19:19:36 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-12-11 19:19:36 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-12-11 19:19:36 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-12-11 19:19:36 ----A---- C:\Windows\system32\d3dx10.dll
2011-12-11 19:19:36 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-12-11 19:19:35 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2011-12-11 19:19:35 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2011-12-11 19:19:35 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2011-12-11 19:19:35 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2011-12-11 19:19:35 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2011-12-11 19:19:35 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2011-12-11 19:19:35 ----A---- C:\Windows\system32\xinput1_2.dll
2011-12-11 19:19:35 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-12-11 19:19:35 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-12-11 19:19:35 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-12-11 19:19:35 ----A---- C:\Windows\system32\d3dx9_32.dll
2011-12-11 19:19:35 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-12-11 19:19:34 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2011-12-11 19:19:34 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2011-12-11 19:19:34 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2011-12-11 19:19:34 ----A---- C:\Windows\system32\xinput1_1.dll
2011-12-11 19:19:34 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-12-11 19:19:34 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-12-11 19:19:32 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2011-12-11 19:19:32 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2011-12-11 19:19:32 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2011-12-11 19:19:32 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-12-11 19:19:32 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-12-11 19:19:32 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-12-11 19:19:32 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-12-11 19:19:31 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2011-12-11 19:19:31 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2011-12-11 19:19:31 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2011-12-11 19:19:31 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-12-11 19:19:31 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-12-11 19:19:31 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-12-11 19:19:30 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2011-12-11 19:19:30 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2011-12-11 19:19:30 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-12-11 19:19:30 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-12-11 18:57:41 ----D---- C:\ProgramData\Electronic Arts
2011-12-11 18:57:41 ----D---- C:\ProgramData\EA Core
2011-12-11 18:33:53 ----RA---- C:\Windows\SYSWOW64\pbsvc.exe
2011-12-11 17:56:34 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-12-11 17:56:32 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-12-11 17:56:06 ----D---- C:\Users\martin2\AppData\Roaming\DAEMON Tools Lite
2011-12-11 17:56:03 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-12-04 11:14:57 ----D---- C:\Program Files (x86)\Geeks3D
======List of files/folders modified in the last 1 month======
2012-01-02 16:57:07 ----D---- C:\Windows\Prefetch
2012-01-02 16:57:01 ----RD---- C:\Program Files
2012-01-02 16:44:06 ----D---- C:\Windows\registration
2012-01-02 16:39:27 ----RSD---- C:\Windows\assembly
2012-01-02 16:39:27 ----D---- C:\Windows\Microsoft.NET
2012-01-02 16:38:12 ----D---- C:\Windows\System32
2012-01-02 16:38:12 ----D---- C:\Windows\inf
2012-01-02 16:38:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-02 16:37:44 ----D---- C:\Windows\winsxs
2012-01-02 16:37:18 ----SHD---- C:\Windows\Installer
2012-01-02 16:37:18 ----D---- C:\Windows\Temp
2012-01-02 16:37:17 ----HD---- C:\Config.Msi
2012-01-02 16:35:11 ----SHD---- C:\System Volume Information
2012-01-02 16:34:39 ----D---- C:\Windows\system32\config
2012-01-02 16:31:29 ----D---- C:\ProgramData\NVIDIA
2011-12-30 20:50:26 ----D---- C:\Windows\system32\catroot2
2011-12-30 20:34:59 ----D---- C:\Windows\system32\catroot
2011-12-30 20:33:45 ----D---- C:\Windows\system32\DriverStore
2011-12-30 20:32:10 ----D---- C:\Windows\system32\drivers
2011-12-30 19:46:48 ----D---- C:\ProgramData\ESET
2011-12-30 18:25:05 ----RD---- C:\Program Files (x86)
2011-12-30 16:39:19 ----D---- C:\Windows\Tasks
2011-12-30 16:39:19 ----D---- C:\Windows
2011-12-30 16:39:18 ----D---- C:\Windows\system32\wbem
2011-12-30 16:39:13 ----D---- C:\Windows\SysWOW64
2011-12-30 16:39:07 ----HD---- C:\ProgramData
2011-12-30 16:39:06 ----SD---- C:\ProgramData\Microsoft
2011-12-30 16:39:06 ----D---- C:\ProgramData\DeviceVm
2011-12-30 14:26:09 ----HD---- C:\Windows\system32\GroupPolicy
2011-12-30 14:24:01 ----D---- C:\Windows\system32\LogFiles
2011-12-30 11:09:31 ----D---- C:\Windows\system32\NDF
2011-12-29 13:05:27 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-12-29 13:04:50 ----D---- C:\Program Files (x86)\Internet Explorer
2011-12-29 13:04:32 ----D---- C:\Program Files (x86)\Common Files
2011-12-29 13:04:26 ----D---- C:\Windows\system32\Tasks
2011-12-29 13:03:28 ----RSD---- C:\Windows\Fonts
2011-12-29 12:57:38 ----D---- C:\Users\martin2\AppData\Roaming\NVIDIA
2011-12-28 19:17:28 ----D---- C:\Windows\system32\wdi
2011-12-18 12:26:39 ----D---- C:\Windows\SYSWOW64\migration
2011-12-18 12:26:39 ----D---- C:\Windows\system32\migration
2011-12-18 12:26:39 ----D---- C:\Program Files\Internet Explorer
2011-12-18 09:31:07 ----D---- C:\Windows\rescache
2011-12-17 20:11:48 ----A---- C:\Windows\system32\MRT.exe
2011-12-17 20:11:29 ----D---- C:\Windows\SYSWOW64\sk-SK
2011-12-17 20:11:29 ----D---- C:\Windows\system32\sk-SK
2011-12-11 17:57:32 ----D---- C:\Program Files (x86)\Opera
2011-12-04 11:25:21 ----SD---- C:\Users\martin2\AppData\Roaming\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-08-23 16440]
R0 NBVol;Nero Backup Volume Filter Driver; C:\Windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver; C:\Windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2009-08-04 13440]
R1 AsUpIO;AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [2009-07-06 13368]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-11 279616]
R1 EIO64;EIO Driver; C:\Windows\system32\DRIVERS\EIO64.sys [2011-10-16 16384]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 32544]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys [2009-02-17 17792]
R3 atkdisplf;ASUS Kernel Mode Enhanced Driver; C:\Windows\system32\drivers\ATKDispLowFilter.sys [2009-02-17 39424]
R3 IOMap;IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [2010-02-22 23680]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2011-07-08 174184]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2010-05-15 1327520]
R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Users\martin2\AppData\Local\Temp\tmp7444.tmp []
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2); C:\Windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2); C:\Windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 29472]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2); C:\Windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASDR;ASDR; C:\Windows\SysWOW64\ASDR.exe [2009-07-27 61440]
R2 ATKFUSService;ATK Fast User Switch Service; C:\Windows\system32\ATKFUSService.exe [2009-12-01 63488]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-04 687400]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-12-11 75136]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2011-12-11 189248]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 135664]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-16 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-16 1255736]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Eset scanner našiel trojana
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
MartinZiak
- Návštěvník
- Příspěvky: 4
- Registrován: 02 led 2012 16:53
-
Rudy
- Site Admin
- Příspěvky: 119514
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Eset scanner našiel trojana
Také zdravím!
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na ploochu. Spusťte a do leváho okna zkopírujte:
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na ploochu. Spusťte a do leváho okna zkopírujte:
a klikněte na MoveIt! PC bude restartován. Toto jsou vesměs AdWary. V kterém souboru Eset nalezl trojana?:files
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\Google\Google Toolbar
C:\Program Files (x86)\Google\Update
C:\Program Files (x86)\Google\Common\Google Updater
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
:services
gupdate
gupdatem
gusvc
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
MartinZiak
- Návštěvník
- Příspěvky: 4
- Registrován: 02 led 2012 16:53
Re: Eset scanner našiel trojana
Toto je log, ktorý vyhodil ESET Online Snanner:
C:\Users\martin\AppData\Local\Temp\SetupDataMngr_Searchqu.exe probably a variant of Win32/Toolbar.SearchSuite application deleted - quarantined
Operating memory a variant of Win32/Sirefef.CH trojan
C:\Users\martin\AppData\Local\Temp\SetupDataMngr_Searchqu.exe probably a variant of Win32/Toolbar.SearchSuite application deleted - quarantined
Operating memory a variant of Win32/Sirefef.CH trojan
-
MartinZiak
- Návštěvník
- Příspěvky: 4
- Registrován: 02 led 2012 16:53
Re: Eset scanner našiel trojana
A teraz dorobil sken aj MBAM a našiel niečo, tu je jeho log:
!OPRAVA!-->Omylom som sem dal log z rýchlej kontroly MBAMu, tu je log z úplnej kontroly:
Malwarebytes Anti-Malware (Skúšobná verzia) 1.60.0.1800
www.malwarebytes.org
Verzia databázy: v2012.01.02.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
martin2 :: MARTIN2-PC [obmedzené]
Ochrana: Vypnuté
2. 1. 2012 17:46:45
mbam-log-2012-01-02 (18-46-26).txt
Typ kontroly: Úplná kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 380554
Uplynutý čas: 48 min, 47 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)
Detegované registračné hodnoty: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Dáta: C:\Users\martin2\AppData\Local\8070f6c6\X -> Žiadna úloha nevykonaná.
Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)
Detegované priečinky: 0
(Škodlivé položky neboli zistené)
Detegované súbory: 4
C:\Windows\assembly\tmp\U\000000c0.@ (Trojan.Agent) -> Žiadna úloha nevykonaná.
C:\Windows\assembly\tmp\U\000000cb.@ (Trojan.Agent) -> Žiadna úloha nevykonaná.
C:\Windows\assembly\tmp\U\000000cf.@ (Trojan.Agent) -> Žiadna úloha nevykonaná.
D:\Program Files (x86)\Electronic Arts\Medal of Honor\Binaries\loader.dll (Riskware.Tool.CK) -> Žiadna úloha nevykonaná.
(koniec)
!OPRAVA!-->Omylom som sem dal log z rýchlej kontroly MBAMu, tu je log z úplnej kontroly:
Malwarebytes Anti-Malware (Skúšobná verzia) 1.60.0.1800
www.malwarebytes.org
Verzia databázy: v2012.01.02.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
martin2 :: MARTIN2-PC [obmedzené]
Ochrana: Vypnuté
2. 1. 2012 17:46:45
mbam-log-2012-01-02 (18-46-26).txt
Typ kontroly: Úplná kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 380554
Uplynutý čas: 48 min, 47 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)
Detegované registračné hodnoty: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Dáta: C:\Users\martin2\AppData\Local\8070f6c6\X -> Žiadna úloha nevykonaná.
Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)
Detegované priečinky: 0
(Škodlivé položky neboli zistené)
Detegované súbory: 4
C:\Windows\assembly\tmp\U\000000c0.@ (Trojan.Agent) -> Žiadna úloha nevykonaná.
C:\Windows\assembly\tmp\U\000000cb.@ (Trojan.Agent) -> Žiadna úloha nevykonaná.
C:\Windows\assembly\tmp\U\000000cf.@ (Trojan.Agent) -> Žiadna úloha nevykonaná.
D:\Program Files (x86)\Electronic Arts\Medal of Honor\Binaries\loader.dll (Riskware.Tool.CK) -> Žiadna úloha nevykonaná.
(koniec)
-
MartinZiak
- Návštěvník
- Příspěvky: 4
- Registrován: 02 led 2012 16:53
Re: Eset scanner našiel trojana
A tu je log, ktorý dal OTM po reštarte:
All processes killed
========== FILES ==========
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
C:\Program Files (x86)\Google\Google Toolbar\Component folder moved successfully.
C:\Program Files (x86)\Google\Google Toolbar folder moved successfully.
C:\Program Files (x86)\Google\Update\Install folder moved successfully.
C:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24} folder moved successfully.
C:\Program Files (x86)\Google\Update\Download\{46767D3F-4C79-45EA-846B-E8021C197F36} folder moved successfully.
C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.79 folder moved successfully.
C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D} folder moved successfully.
C:\Program Files (x86)\Google\Update\Download folder moved successfully.
C:\Program Files (x86)\Google\Update\1.3.21.79 folder moved successfully.
C:\Program Files (x86)\Google\Update folder moved successfully.
C:\Program Files (x86)\Google\Common\Google Updater folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: martin2
->Temp folder emptied: 3218585449 bytes
->Temporary Internet Files folder emptied: 90158113 bytes
->Opera cache emptied: 17351720 bytes
->Flash cache emptied: 582 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 4216 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1641434568 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50453 bytes
RecycleBin emptied: 4680331438 bytes
Total Files Cleaned = 9 201,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: martin2
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.19.0 log created on 01022012_190831
Files moved on Reboot...
C:\Users\martin2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\martin2\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
C:\Users\UpdatusUser\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
Registry entries deleted on Reboot...
All processes killed
========== FILES ==========
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
C:\Program Files (x86)\Google\Google Toolbar\Component folder moved successfully.
C:\Program Files (x86)\Google\Google Toolbar folder moved successfully.
C:\Program Files (x86)\Google\Update\Install folder moved successfully.
C:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24} folder moved successfully.
C:\Program Files (x86)\Google\Update\Download\{46767D3F-4C79-45EA-846B-E8021C197F36} folder moved successfully.
C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.79 folder moved successfully.
C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D} folder moved successfully.
C:\Program Files (x86)\Google\Update\Download folder moved successfully.
C:\Program Files (x86)\Google\Update\1.3.21.79 folder moved successfully.
C:\Program Files (x86)\Google\Update folder moved successfully.
C:\Program Files (x86)\Google\Common\Google Updater folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: martin2
->Temp folder emptied: 3218585449 bytes
->Temporary Internet Files folder emptied: 90158113 bytes
->Opera cache emptied: 17351720 bytes
->Flash cache emptied: 582 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 4216 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1641434568 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50453 bytes
RecycleBin emptied: 4680331438 bytes
Total Files Cleaned = 9 201,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: martin2
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.19.0 log created on 01022012_190831
Files moved on Reboot...
C:\Users\martin2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\martin2\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
C:\Users\UpdatusUser\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
Registry entries deleted on Reboot...
-
Rudy
- Site Admin
- Příspěvky: 119514
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Eset scanner našiel trojana
Smazáno. Položky, které nalezl MBAM, smažte rovněž.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?