Pro Vyosek

Zpráva

Junfan · #1 Příspěvek od **Junfan** » 05 črc 2013 08:18

Opět Tě zdravím,

dnes jsem si všimnul, že v C:\ mám novou složku "JRT" se spousty soubory která se mi tam dostala včera večer bez mého souhlasu k provedení změn (@Echo off).
Jedná se o ASK a když se podívám do dávkového souboru, tak mi to provedlo sakra hodně změn a já bych to rád kompletně odstranil a je mi jasný, že odstranit pouze složku nestačí.
V prohlížeči (IE9, Firefox) nevidím v doplňcích žádné změny. Prosím podívej se na to a popřípadě mi odstraň i další nesmyli. Děkuju
Posílám log z dávkového souboru (ASK) a log z RSIT:

@Echo off

:: ask.bat
:: Created by Thisisu
:: Last updated 04.16.2013
:: Latest change: Removed taskschedule CACHE

REM ~~~~~~~~~ CUSTOM VARS ~~~~~~~~~~~~
set locallow=%userprofile%\appdata\locallow

Set NirCmd=0
if NOT exist %windir%\system32\taskkill.exe set NirCmd=1

if %NirCmd%==0 (
taskkill /f /im AskService.exe >nul 2>&1
taskkill /f /im Updater.exe >nul 2>&1
taskkill /f /im UpdateTask.exe >nul 2>&1
taskkill /f /im TBNotifier.exe >nul 2>&1
)

if %NirCmd%==1 (
%systemdrive%\jrt\NIRCMD.DAT killprocess AskService.exe >nul 2>&1
%systemdrive%\jrt\NIRCMD.DAT killprocess Updater.exe >nul 2>&1
%systemdrive%\jrt\NIRCMD.DAT killprocess UpdateTask.exe >nul 2>&1
%systemdrive%\jrt\NIRCMD.DAT killprocess TBNotifier.exe >nul 2>&1
)

if exist %windir%\syswow64 (
set arch=x64
) else (
set arch=x86
)

:: GET SID - Credits to GermanOne

set "RegPath=HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
for /f "delims=" %%i in ('reg query "%RegPath%"^|findstr /ibc:"%RegPath%\S-"') do (
reg query "%%i" /v "ProfileImagePath"|findstr /iec:"\\%UserName%" >nul &&set "SID=%%~nxi"
)

REM ~~~~~~~~~~~~~~~~~ START OF SERVICES ~~~~~~~~~~~~~~~~~~~~~~~~~

for /f "usebackq delims=" %%g in ("%systemdrive%\JRT\askservices.dat") do (
%windir%\system32\sc.exe query "%%g" | %windir%\system32\find.exe "STATE" >nul 2>&1
if ERRORLEVEL 1 (
REM DEBUG Echo(%%g : this service does NOT exist >>%systemdrive%\JRT\temp\services.txt
) else (
REM DEBUG Echo %%g : This service does exist >>%systemdrive%\JRT\temp\services.txt
%windir%\system32\sc.exe stop "%%g" >nul 2>&1
%windir%\system32\sc.exe query "%%g" | %windir%\system32\find.exe "STATE" | %windir%\system32\find.exe "STOPPED" >nul 2>&1
if NOT ERRORLEVEL 1 (
Echo(Successfully stopped: [Service] %%g >>%systemdrive%\JRT\temp\services.txt
%windir%\system32\sc.exe delete "%%g" >nul 2>&1
%windir%\system32\sc.exe query "%%g" | %windir%\system32\find.exe "STATE" >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [Service] %%g >>%systemdrive%\JRT\temp\services.txt
) else (
Echo(Failed to delete: [Service] %%g >>%systemdrive%\JRT\temp\services.txt
)

) else (
Echo(Failed to stop: [Service] %%g >>%systemdrive%\JRT\temp\services.txt
)
)
)

REM ~~~~~~~~~~~~~~~~~ END OF SERVICES ~~~~~~~~~~~~~~~~~~~~~~~~~

REM ~~~~~~~~~~~~~~~~~ START OF VALUES ~~~~~~~~~~~~~~~~~~~~~~~~~

if %arch%==x64 (
for /f "usebackq delims=" %%g in ("%systemdrive%\JRT\askCLSID.dat") do (
for /f "usebackq delims=" %%i in ("%systemdrive%\JRT\askregvalue_x64.dat") do (
%windir%\system32\reg.exe query "%%i" /v %%g >nul 2>&1
if NOT ERRORLEVEL 1 (
%windir%\system32\reg.exe delete "%%i" /v %%g /f >nul 2>&1
%windir%\system32\reg.exe query "%%i" /v %%g >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [Registry Value] %%i\\%%g >> %systemdrive%\JRT\temp\values.txt
) else (
Echo(Failed to delete: [Registry Value] %%i\\%%g >> %systemdrive%\JRT\temp\values.txt
)
)
)
)
)

if %arch%==x86 (
for /f "usebackq delims=" %%g in ("%systemdrive%\JRT\askCLSID.dat") do (
for /f "usebackq delims=" %%i in ("%systemdrive%\JRT\askregvalue_x86.dat") do (
%windir%\system32\reg.exe query "%%i" /v %%g >nul 2>&1
if NOT ERRORLEVEL 1 (
%windir%\system32\reg.exe delete "%%i" /v %%g /f >nul 2>&1
%windir%\system32\reg.exe query "%%i" /v %%g >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [Registry Value] %%i\\%%g >> %systemdrive%\JRT\temp\values.txt
) else (
Echo(Failed to delete: [Registry Value] %%i\\%%g >> %systemdrive%\JRT\temp\values.txt
)
)
)
)
)

REM ~~~~~~~~~~~~~~~~~ END OF VALUES ~~~~~~~~~~~~~~~~~~~~~~~~~

REM ~~~~~~~~~~~~~~~~~ START OF SID URLSEARCHHOOKS ~~~~~~~~~~~~~~~~~~~~~~~

if %arch%==x64 (
for /f "usebackq delims=" %%g in ("%systemdrive%\JRT\askCLSID.dat") do (
%windir%\system32\reg.exe query "hkey_users\%sid%\software\microsoft\internet explorer\urlsearchhooks" /v %%g >nul 2>&1
if NOT ERRORLEVEL 1 (
%windir%\system32\reg.exe delete "hkey_users\%sid%\software\microsoft\internet explorer\urlsearchhooks" /v %%g /f >nul 2>&1
%windir%\system32\reg.exe query "hkey_users\%sid%\software\microsoft\internet explorer\urlsearchhooks" /v %%g >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [Registry Value] hkey_users\%sid%\software\microsoft\internet explorer\urlsearchhooks\\%%g >> %systemdrive%\JRT\temp\values.txt
) else (
Echo(Failed to delete: [Registry Value] hkey_users\%sid%\software\microsoft\internet explorer\urlsearchhooks\\%%g >> %systemdrive%\JRT\temp\values.txt
)
)
)
)

if %arch%==x86 (
for /f "usebackq delims=" %%g in ("%systemdrive%\JRT\askCLSID.dat") do (
%windir%\system32\reg.exe query "hkey_users\%sid%\software\microsoft\internet explorer\urlsearchhooks" /v %%g >nul 2>&1
if NOT ERRORLEVEL 1 (
%windir%\system32\reg.exe delete "hkey_users\%sid%\software\microsoft\internet explorer\urlsearchhooks" /v %%g /f >nul 2>&1
%windir%\system32\reg.exe query "hkey_users\%sid%\software\microsoft\internet explorer\urlsearchhooks" /v %%g >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [Registry Value] hkey_users\%sid%\software\microsoft\internet explorer\urlsearchhooks\\%%g >> %systemdrive%\JRT\temp\values.txt
) else (
Echo(Failed to delete: [Registry Value] hkey_users\%sid%\software\microsoft\internet explorer\urlsearchhooks\\%%g >> %systemdrive%\JRT\temp\values.txt
)
)
)
)

REM ~~~~~~~~~~~~~~~~~ END OF SID URLSEARCHHOOKS ~~~~~~~~~~~~~~~~~~~~~~~

REM ~~~~~~~~~~~~~~~ START OF SID TOOLBAR ~~~~~~~~~~~~~~~~~~~~~

if %arch%==x64 (
for /f "usebackq delims=" %%g in ("%systemdrive%\JRT\askCLSID.dat") do (
%windir%\system32\reg.exe query "hkey_users\%sid%\software\microsoft\internet explorer\toolbar" /v %%g >nul 2>&1
if NOT ERRORLEVEL 1 (
%windir%\system32\reg.exe delete "hkey_users\%sid%\software\microsoft\internet explorer\toolbar" /v %%g /f >nul 2>&1
%windir%\system32\reg.exe query "hkey_users\%sid%\software\microsoft\internet explorer\toolbar" /v %%g >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [Registry Value] hkey_users\%sid%\software\microsoft\internet explorer\toolbar\\%%g >> %systemdrive%\JRT\temp\values.txt
) else (
Echo(Failed to delete: [Registry Value] hkey_users\%sid%\software\microsoft\internet explorer\toolbar\\%%g >> %systemdrive%\JRT\temp\values.txt
)
)
)
)

if %arch%==x86 (
for /f "usebackq delims=" %%g in ("%systemdrive%\JRT\askCLSID.dat") do (
%windir%\system32\reg.exe query "hkey_users\%sid%\software\microsoft\internet explorer\toolbar" /v %%g >nul 2>&1
if NOT ERRORLEVEL 1 (
%windir%\system32\reg.exe delete "hkey_users\%sid%\software\microsoft\internet explorer\toolbar" /v %%g /f >nul 2>&1
%windir%\system32\reg.exe query "hkey_users\%sid%\software\microsoft\internet explorer\toolbar" /v %%g >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [Registry Value] hkey_users\%sid%\software\microsoft\internet explorer\toolbar\\%%g >> %systemdrive%\JRT\temp\values.txt
) else (
Echo(Failed to delete: [Registry Value] hkey_users\%sid%\software\microsoft\internet explorer\toolbar\\%%g >> %systemdrive%\JRT\temp\values.txt
)
)
)
)

REM ~~~~~~~~~~~~~~~ END OF SID TOOLBAR ~~~~~~~~~~~~~~~~~~~~~

REM ~~~~~~~~~~~~~~~~~ START OF KEYS ~~~~~~~~~~~~~~~~~~~~~~~~

if %arch%==x64 (
for /f "usebackq delims=" %%g in ("%systemdrive%\JRT\askCLSID.dat") do (
for /f "usebackq delims=" %%i in ("%systemdrive%\JRT\askregkey_x64.dat") do (
%windir%\system32\reg.exe query "%%i%%g" >nul 2>&1
if NOT ERRORLEVEL 1 (
%windir%\system32\reg.exe delete "%%i%%g" /f >nul 2>&1
%windir%\system32\reg.exe query "%%i%%g" >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [Registry Key] %%i%%g >> %systemdrive%\JRT\temp\keys.txt
) else (
Echo(Failed to delete: [Registry Key] %%i%%g >> %systemdrive%\JRT\temp\keys.txt
)
)
)
)
)

if %arch%==x86 (
for /f "usebackq delims=" %%g in ("%systemdrive%\JRT\askCLSID.dat") do (
for /f "usebackq delims=" %%i in ("%systemdrive%\JRT\askregkey_x86.dat") do (
%windir%\system32\reg.exe query "%%i%%g" >nul 2>&1
if NOT ERRORLEVEL 1 (
%windir%\system32\reg.exe delete "%%i%%g" /f >nul 2>&1
%windir%\system32\reg.exe query "%%i%%g" >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [Registry Key] %%i%%g >> %systemdrive%\JRT\temp\keys.txt
) else (
Echo(Failed to delete: [Registry Key] %%i%%g >> %systemdrive%\JRT\temp\keys.txt
)
)
)
)
)

REM ~~~~~~~~~~~~~~~~~ END OF KEYS ~~~~~~~~~~~~~~~~~~~~~~~~

REM ~~~~~~~~~~~~~~~~~ START OF MISC KEYS ~~~~~~~~~~~~~~~~~~~~~~~~

if %arch%==x64 (
for %%g in (
"hkey_classes_root\genericasktoolbar.toolbarwnd"
"hkey_classes_root\genericasktoolbar.toolbarwnd.1"
"hkey_current_user\software\apn"
"hkey_current_user\software\apn pip"
"hkey_current_user\software\appdatalow\askbardis"
"hkey_current_user\software\appdatalow\asktoolbar"
"hkey_current_user\software\appdatalow\asktoolbarinfo"
"hkey_current_user\software\appdatalow\software\asktoolbar"
"hkey_current_user\software\ask.com"
"hkey_current_user\software\asktoolbar"
"hkey_current_user\software\pip"
"hkey_local_machine\software\apn"
"hkey_local_machine\software\apn pip"
"hkey_local_machine\software\asktoolbar"
"hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
"hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd"
"hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd.1"
"hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"
"hkey_local_machine\software\microsoft\windows nt\currentversion\schedule\taskcache\tasks\{309072f6-5046-451f-9f64-bae417b883a7}"
"hkey_local_machine\software\pip"
) do (
%windir%\system32\reg.exe query %%g >nul 2>&1
if NOT ERRORLEVEL 1 (
%windir%\system32\reg.exe delete %%g /f >nul 2>&1
%windir%\system32\reg.exe query %%g >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [Registry Key] %%g >> %systemdrive%\JRT\temp\keys.txt
) else (
Echo(Failed to delete: [Registry Key] %%g >> %systemdrive%\JRT\temp\keys.txt
)
)
)
)

if %arch%==x86 (
for %%g in (
"hkey_classes_root\genericasktoolbar.toolbarwnd"
"hkey_classes_root\genericasktoolbar.toolbarwnd.1"
"hkey_current_user\software\apn"
"hkey_current_user\software\apn pip"
"hkey_current_user\software\appdatalow\askbardis"
"hkey_current_user\software\appdatalow\asktoolbar"
"hkey_current_user\software\appdatalow\asktoolbarinfo"
"hkey_current_user\software\appdatalow\software\asktoolbar"
"hkey_current_user\software\ask.com"
"hkey_current_user\software\asktoolbar"
"hkey_current_user\software\pip"
"hkey_local_machine\software\apn"
"hkey_local_machine\software\apn pip"
"hkey_local_machine\software\asktoolbar"
"hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
"hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd"
"hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd.1"
"hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
"hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"
"hkey_local_machine\software\microsoft\windows nt\currentversion\schedule\taskcache\tasks\{309072f6-5046-451f-9f64-bae417b883a7}"
"hkey_local_machine\software\pip"
) do (
%windir%\system32\reg.exe query %%g >nul 2>&1
if NOT ERRORLEVEL 1 (
%windir%\system32\reg.exe delete %%g /f >nul 2>&1
%windir%\system32\reg.exe query %%g >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [Registry Key] %%g >> %systemdrive%\JRT\temp\keys.txt
) else (
Echo(Failed to delete: [Registry Key] %%g >> %systemdrive%\JRT\temp\keys.txt
)
)
)
)

REM ~~~~~~~~~~~~~~~~~ END OF MISC KEYS ~~~~~~~~~~~~~~~~~~~~~~~~

REM ~~~~~~~~~~~~~~~~~~ START OF FILES ~~~~~~~~~~~~~~~~~~~~~~~~~

if %arch%==x64 (
For %%g in (
"%windir%\tasks\Scheduled Update for Ask Toolbar.job"
) do ( if exist %%g (
del /a/f/q %%g >nul 2>&1
dir %%g >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [File] %%g >> %systemdrive%\JRT\temp\files.txt
) else (
Echo(Failed to delete: [File] %%g >> %systemdrive%\JRT\temp\files.txt
)
)
)
)

if %arch%==x86 (
For %%g in (
"%windir%\tasks\Scheduled Update for Ask Toolbar.job"
) do ( if exist %%g (
del /a/f/q %%g >nul 2>&1
dir %%g >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [File] %%g >> %systemdrive%\JRT\temp\files.txt
) else (
Echo(Failed to delete: [File] %%g >> %systemdrive%\JRT\temp\files.txt
)
)
)
)

REM ~~~~~~~~~~~~~~~~~~ END OF FILES ~~~~~~~~~~~~~~~~~~~~~~~~~

REM ~~~~~~~~~~~~~~~~~~ START OF FOLDERS ~~~~~~~~~~~~~~~~~~~~~~~~~

:: FOLDERS PORTION

if %arch%==x64 (
For %%g in (
"%allusersprofile%\ask"
"%localappdata%\asktoolbar"
"%locallow%\asksbar"
"%locallow%\asktoolbar"
"%programfiles(x86)%\ask.com"
"%programfiles(x86)%\ask.com\updater"
"%programfiles(x86)%\askbardis\bar\bin"
"%programfiles(x86)%\askbardis\bar"
"%programfiles(x86)%\askbardis"
"%programfiles(x86)%\askpartnernetwork"
"%programfiles(x86)%\AskPBar"
"%programfiles(x86)%\asksbar"
"%userprofile%\local settings\application data\asktoolbar"
"%windir%\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
) do ( if exist %%g (
rd /s/q %%g >nul 2>&1
dir %%g >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [Folder] %%g >> %systemdrive%\JRT\temp\folders.txt
) else (
Echo(Failed to delete: [Folder] %%g >> %systemdrive%\JRT\temp\folders.txt
)
)
)
)

if %arch%==x86 (
For %%g in (
"%allusersprofile%\application data\ask"
"%allusersprofile%\ask"
"%localappdata%\asktoolbar"
"%locallow%\asksbar"
"%locallow%\asktoolbar"
"%programfiles%\ask.com"
"%programfiles%\ask.com\updater"
"%programfiles%\askbardis\bar\bin"
"%programfiles%\askbardis\bar"
"%programfiles%\askbardis"
"%programfiles%\askpartnernetwork"
"%programfiles%\asksbar"
"%programfiles%\AskPBar"
"%userprofile%\local settings\application data\asktoolbar"
"%windir%\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
) do ( if exist %%g (
rd /s/q %%g >nul 2>&1
dir %%g >nul 2>&1
if ERRORLEVEL 1 (
Echo(Successfully deleted: [Folder] %%g >> %systemdrive%\JRT\temp\folders.txt
) else (
Echo(Failed to delete: [Folder] %%g >> %systemdrive%\JRT\temp\folders.txt
)
)
)
)

REM ~~~~~~~~~~~~~~~~~~ END OF FOLDERS ~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of random's system information tool 1.09 (written by random/random)
Run by Rosta at 2013-07-05 09:16:48
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 33 GB (27%) free of 122 GB
Total RAM: 4044 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:16:50, on 5.7.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Rosta.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Cobian Backup 11 Stínová kopie - Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
O23 - Service: Cobian Backup 11 Gravity (CobianBackup11) - Luis Cobian, CobianSoft - C:\Program Files (x86)\Cobian Backup 11\cbService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MacDrive 9 service (MacDrive9Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8275 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\Sandboxie\SbieSvc.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe"
"C:\Program Files (x86)\Cobian Backup 11\cbService.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe"
"C:\Program Files\Sandboxie\SbieCtrl.exe"
"C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe"
"C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
"C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://o15.officeredir.microsoft.com/r/ ... lidui=0409
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -Embedding
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3928 CREDAT:1447180 /prefetch:2
"taskhost.exe"
"C:\Program Files\Sandboxie\SbieSvc.exe" Sandboxie_GuiProxy_00000001,1100
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3928 CREDAT:3872193 /prefetch:2
"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Rosta\Documents\Zálohy\Servisní flash\Service\SW inst\Zabezpečení, viry\Scan, cleaner, log\RSIT\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\HP Photo Creations Communicator.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Rosta\AppData\Roaming\Mozilla\Firefox\Profiles\v2wk9w20.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.64 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

Junfan · #2 Příspěvek od **Junfan** » 05 črc 2013 08:19

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5]
"Description"=A component of your photo software powered by RocketLife
"Path"=C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.64 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL

C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-06 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-06 170912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-06-11 12503184]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-12-21 6326448]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-04-30 36352]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-05-16 1012000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2013-06-17 759384]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Cobian Backup 11 interface"=C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [2012-12-05 4407808]

C:\Users\Rosta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\prwntdrv]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoResolveTrack"=0
"NoViewContextMenu"=0
"NoFileAssociate"=0
"NoRun"=0
"NoClose"=0
"StartMenuLogoff"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-07-05 09:16:48 ----D---- C:\rsit
2013-07-05 09:16:48 ----D---- C:\Program Files\trend micro
2013-07-05 08:35:47 ----D---- C:\Program Files\Common Files\DESIGNER
2013-07-05 08:35:30 ----D---- C:\Program Files\Microsoft.NET
2013-07-05 08:35:30 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2013-07-05 08:35:16 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2013-07-05 08:34:53 ----D---- C:\Windows\PCHEALTH
2013-07-05 08:34:53 ----D---- C:\Program Files\Microsoft SQL Server
2013-07-05 08:32:45 ----SHD---- C:\Config.Msi
2013-07-04 21:36:03 ----A---- C:\Windows\system32\FNTCACHE.DAT
2013-07-03 22:26:29 ----A---- C:\Windows\system32\drivers\CBDisk.sys
2013-07-03 22:26:28 ----A---- C:\Windows\system32\drivers\MDPMGRNT.SYS
2013-07-03 22:26:27 ----D---- C:\ProgramData\Mediafour
2013-07-03 22:26:27 ----D---- C:\Program Files\Mediafour
2013-07-03 22:26:27 ----D---- C:\Program Files\Common Files\Mediafour
2013-07-03 22:26:27 ----D---- C:\Program Files (x86)\Mediafour
2013-07-02 23:53:23 ----D---- C:\Windows\ERUNT
2013-07-02 23:53:17 ----D---- C:\JRT
2013-07-02 00:31:11 ----D---- C:\Program Files (x86)\u
2013-07-01 17:31:03 ----D---- C:\Program Files (x86)\AGEIA Technologies
2013-07-01 17:29:40 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2013-07-01 17:29:40 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2013-07-01 17:29:40 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2013-07-01 17:29:40 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2013-07-01 17:29:40 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2013-07-01 17:29:40 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2013-07-01 17:29:40 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2013-07-01 17:29:40 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2013-07-01 17:29:40 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2013-07-01 17:29:40 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2013-07-01 17:29:40 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2013-07-01 17:29:40 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2013-07-01 17:29:40 ----A---- C:\Windows\system32\nvopencl.dll
2013-07-01 17:29:40 ----A---- C:\Windows\system32\nvoglv64.dll
2013-07-01 17:29:40 ----A---- C:\Windows\system32\nvoglshim64.dll
2013-07-01 17:29:40 ----A---- C:\Windows\system32\nvinitx.dll
2013-07-01 17:29:40 ----A---- C:\Windows\system32\NvIFR64.dll
2013-07-01 17:29:40 ----A---- C:\Windows\system32\NvFBC64.dll
2013-07-01 17:29:40 ----A---- C:\Windows\system32\nvdispgenco6432049.dll
2013-07-01 17:29:40 ----A---- C:\Windows\system32\nvdispco6432049.dll
2013-07-01 17:29:40 ----A---- C:\Windows\system32\nvd3dumx.dll
2013-07-01 17:29:40 ----A---- C:\Windows\system32\nvcuvid.dll
2013-07-01 17:29:40 ----A---- C:\Windows\system32\nvcuvenc.dll
2013-07-01 17:29:40 ----A---- C:\Windows\system32\nvcuda.dll
2013-07-01 17:29:40 ----A---- C:\Windows\system32\nvcompiler.dll
2013-07-01 17:29:40 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2013-07-01 15:29:04 ----D---- C:\Program Files (x86)\GIGABYTE
2013-07-01 15:28:57 ----A---- C:\Windows\gdrv.sys
2013-07-01 12:49:46 ----D---- C:\ProgramData\Kaspersky Lab
2013-06-30 23:42:04 ----RD---- C:\Sandbox
2013-06-30 23:40:31 ----A---- C:\Windows\Sandboxie.ini
2013-06-30 23:40:09 ----D---- C:\Program Files\Sandboxie
2013-06-29 19:27:38 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2013-06-29 19:27:38 ----A---- C:\Windows\system32\nvhdap64.dll
2013-06-29 19:27:38 ----A---- C:\Windows\system32\nvdispgenco6432018.dll
2013-06-29 19:27:38 ----A---- C:\Windows\system32\nvdispco6432018.dll
2013-06-29 19:27:38 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2013-06-29 19:27:37 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2013-06-29 12:38:11 ----D---- C:\Users\Rosta\AppData\Roaming\PC Suite
2013-06-29 12:38:11 ----D---- C:\Users\Rosta\AppData\Roaming\Nokia
2013-06-29 12:37:58 ----A---- C:\Windows\system32\drivers\pccsmcfdx64.sys
2013-06-29 12:37:56 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2013-06-29 12:37:51 ----D---- C:\Program Files (x86)\Nokia
2013-06-29 11:37:56 ----A---- C:\Windows\system32\drivers\USBDrv_AMD64.sys
2013-06-21 12:24:47 ----D---- C:\Users\Rosta\AppData\Roaming\GRETECH
2013-06-21 12:24:43 ----D---- C:\Program Files (x86)\GRETECH
2013-06-21 05:16:02 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2013-06-11 23:01:08 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-06-11 23:01:08 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-06-11 23:01:08 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-06-11 23:01:08 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-06-11 23:01:08 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-06-11 23:01:08 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-11 23:01:08 ----A---- C:\Windows\system32\msfeeds.dll
2013-06-11 23:01:08 ----A---- C:\Windows\system32\iesysprep.dll
2013-06-11 23:01:08 ----A---- C:\Windows\system32\iesetup.dll
2013-06-11 23:01:08 ----A---- C:\Windows\system32\iernonce.dll
2013-06-11 23:01:08 ----A---- C:\Windows\system32\ie4uinit.exe
2013-06-11 23:01:07 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-06-11 23:01:07 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-06-11 23:01:07 ----A---- C:\Windows\system32\jscript9.dll
2013-06-11 23:01:07 ----A---- C:\Windows\system32\jscript.dll
2013-06-11 23:01:06 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-06-11 23:01:06 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-06-11 23:01:06 ----A---- C:\Windows\system32\wininet.dll
2013-06-11 23:01:06 ----A---- C:\Windows\system32\jsproxy.dll
2013-06-11 23:00:51 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-06-11 23:00:51 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-06-11 23:00:51 ----A---- C:\Windows\system32\urlmon.dll
2013-06-11 23:00:51 ----A---- C:\Windows\system32\iertutil.dll
2013-06-11 23:00:50 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-06-11 23:00:50 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-06-11 23:00:50 ----A---- C:\Windows\system32\ieui.dll
2013-06-11 23:00:50 ----A---- C:\Windows\system32\ieframe.dll
2013-06-11 23:00:49 ----A---- C:\Windows\system32\mshtml.dll
2013-06-11 23:00:48 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-06-11 22:58:29 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2013-06-11 22:58:29 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-06-11 22:58:28 ----A---- C:\Windows\SYSWOW64\cryptdlg.dll
2013-06-11 22:58:28 ----A---- C:\Windows\system32\cryptdlg.dll
2013-06-11 22:58:25 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2013-06-11 22:58:25 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2013-06-11 22:58:25 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-06-11 22:58:25 ----A---- C:\Windows\SYSWOW64\certutil.exe
2013-06-11 22:58:25 ----A---- C:\Windows\SYSWOW64\certenc.dll
2013-06-11 22:58:25 ----A---- C:\Windows\system32\cryptsvc.dll
2013-06-11 22:58:25 ----A---- C:\Windows\system32\cryptnet.dll
2013-06-11 22:58:25 ----A---- C:\Windows\system32\crypt32.dll
2013-06-11 22:58:25 ----A---- C:\Windows\system32\certutil.exe
2013-06-11 22:58:25 ----A---- C:\Windows\system32\certenc.dll
2013-06-11 22:58:23 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-06-11 22:58:23 ----A---- C:\Windows\system32\win32spl.dll
2013-06-11 22:58:18 ----A---- C:\Windows\SYSWOW64\d3d11.dll
2013-06-11 22:58:18 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-06-11 22:58:18 ----A---- C:\Windows\system32\d3d11.dll

======List of files/folders modified in the last 1 month======

2013-07-05 09:16:48 ----RD---- C:\Program Files
2013-07-05 09:16:48 ----D---- C:\Windows\Temp
2013-07-05 08:48:53 ----SD---- C:\Users\Rosta\AppData\Roaming\Microsoft
2013-07-05 08:47:12 ----D---- C:\Windows\system32\config
2013-07-05 08:47:10 ----D---- C:\Windows\winsxs
2013-07-05 08:38:19 ----SHD---- C:\Windows\Installer
2013-07-05 08:38:17 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-07-05 08:37:48 ----D---- C:\Windows\Microsoft.NET
2013-07-05 08:37:38 ----RSD---- C:\Windows\assembly
2013-07-05 08:37:13 ----D---- C:\ProgramData\Microsoft Help
2013-07-05 08:37:05 ----D---- C:\Windows\System32
2013-07-05 08:36:56 ----D---- C:\Windows\ShellNew
2013-07-05 08:36:42 ----A---- C:\Windows\win.ini
2013-07-05 08:36:30 ----D---- C:\Windows\inf
2013-07-05 08:36:29 ----D---- C:\Windows\system32\DriverStore
2013-07-05 08:36:01 ----RSD---- C:\Windows\Fonts
2013-07-05 08:35:47 ----D---- C:\Program Files\Common Files
2013-07-05 08:35:30 ----RD---- C:\Program Files (x86)
2013-07-05 08:35:30 ----D---- C:\Program Files (x86)\Microsoft.NET
2013-07-05 08:35:16 ----HD---- C:\ProgramData
2013-07-05 08:35:00 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-07-05 08:34:53 ----SD---- C:\ProgramData\Microsoft
2013-07-05 08:34:53 ----D---- C:\Windows
2013-07-05 08:34:53 ----D---- C:\Program Files\Microsoft Office
2013-07-05 08:32:49 ----D---- C:\Program Files (x86)\Microsoft Office
2013-07-05 08:32:38 ----SHD---- C:\System Volume Information
2013-07-05 08:23:36 ----D---- C:\Windows\system32\LogFiles
2013-07-05 08:21:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-07-05 08:16:40 ----A---- C:\Windows\SYSWOW64\log.txt
2013-07-04 23:43:01 ----D---- C:\ProgramData\NVIDIA
2013-07-04 16:33:24 ----D---- C:\Windows\LiveKernelReports
2013-07-03 22:26:29 ----D---- C:\Windows\system32\drivers
2013-07-03 22:26:28 ----DC---- C:\Windows\system32\DRVSTORE
2013-07-03 22:26:28 ----D---- C:\Windows\system32\catroot
2013-07-03 22:26:27 ----D---- C:\Program Files (x86)\Common Files
2013-07-01 23:53:51 ----D---- C:\Program Files (x86)\PROFIT
2013-07-01 21:33:36 ----D---- C:\Users\Rosta\AppData\Roaming\BitTorrent
2013-07-01 17:37:13 ----D---- C:\Windows\SysWOW64
2013-07-01 17:34:11 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-07-01 17:31:11 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2013-07-01 17:30:09 ----D---- C:\Windows\system32\catroot2
2013-07-01 15:29:04 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-07-01 15:19:32 ----D---- C:\Windows\system32\Tasks
2013-06-29 21:00:53 ----D---- C:\Windows\SoftwareDistribution
2013-06-29 19:47:41 ----D---- C:\ProgramData\NVIDIA Corporation
2013-06-29 13:29:32 ----D---- C:\ProgramData\Installations
2013-06-27 23:36:41 ----D---- C:\Users\Rosta\AppData\Roaming\ICQ
2013-06-27 23:32:02 ----D---- C:\Program Files\CCleaner
2013-06-27 19:40:58 ----D---- C:\Users\Rosta\AppData\Roaming\vlc
2013-06-26 21:26:10 ----D---- C:\ProgramData\firebird
2013-06-26 21:16:58 ----AD---- C:\ProgramData\TEMP
2013-06-21 14:06:36 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2013-06-21 14:06:36 ----A---- C:\Windows\system32\OpenCL.dll
2013-06-21 14:06:36 ----A---- C:\Windows\system32\nvwgf2umx.dll
2013-06-21 14:06:36 ----A---- C:\Windows\system32\nvumdshimx.dll
2013-06-21 14:06:36 ----A---- C:\Windows\system32\nvapi64.dll
2013-06-21 12:23:16 ----A---- C:\Windows\system32\nvsvc64.dll
2013-06-21 12:23:16 ----A---- C:\Windows\system32\nvcpl.dll
2013-06-21 12:23:11 ----A---- C:\Windows\system32\nvvsvc.exe
2013-06-21 12:23:10 ----A---- C:\Windows\system32\nvsvcr.dll
2013-06-21 12:23:10 ----A---- C:\Windows\system32\nvshext.dll
2013-06-21 12:23:10 ----A---- C:\Windows\system32\nvmctray.dll
2013-06-12 23:46:34 ----D---- C:\Windows\Panther
2013-06-12 23:46:34 ----D---- C:\Windows\debug
2013-06-12 18:17:34 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-06-12 17:10:36 ----D---- C:\Windows\rescache
2013-06-11 23:05:13 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-06-11 23:05:13 ----D---- C:\Windows\system32\cs-CZ
2013-06-11 23:05:13 ----D---- C:\Program Files\Internet Explorer
2013-06-11 23:05:13 ----D---- C:\Program Files (x86)\Internet Explorer
2013-06-11 23:01:25 ----A---- C:\Windows\system32\MRT.exe
2013-06-07 19:11:19 ----HD---- C:\Program Files (x86)\InstallJammer Registry

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2013-01-10 57904]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-04-30 677360]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-04-30 28656]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
R0 MDFSYSNT;MacDrive file system driver; C:\Windows\system32\drivers\MDFSYSNT.sys [2011-10-03 316080]
R0 MDPMGRNT;MacDrive Partition Driver; C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [2011-05-09 32936]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CBDisk;CBDisk; \??\C:\Windows\system32\drivers\CBDisk.sys [2011-05-06 70344]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-01-10 213416]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2013-01-10 190232]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2012-07-19 110744]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM); C:\Windows\system32\drivers\mobiolawave.sys [2010-05-14 29120]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-25 194848]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2013-06-17 198360]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
S3 awUSB;awUSB; C:\Windows\system32\DRIVERS\USBDrv_AMD64.sys [2013-06-29 17280]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-07-01 25640]
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-11 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-21 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cbVSCService11;Cobian Backup 11 Stínová kopie - Requester; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-12-05 67584]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CobianBackup11;Cobian Backup 11 Gravity; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [2012-12-05 1131008]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-12-21 1333424]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-04-30 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-06-19 634632]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-05 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-19 277824]
R2 MacDrive9Service;MacDrive 9 service; C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe [2011-09-23 178176]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-06-21 884512]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2013-06-17 180824]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-19 365376]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 178824]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-01 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-05-16 1826592]
S4 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-06-21 413472]
S4 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-13 4150112]

-----------------EOF-----------------

Junfan · #3 Příspěvek od **Junfan** » 05 črc 2013 09:13

Oprava:

Složku JRT tu mám od 2.7.2013 23:53
V ten den jsem si stáhnul a otestoval program UltraSurf 12.10 - instalace v podobný čas.
Stáhnul ze stránek http://www.stahuj.centrum.cz/internet_a ... =UltraSurf &g[oz]=12.10

#4 Příspěvek od **vyosek** » 05 črc 2013 10:57

Ahoj

Slozka JRT je zaloha utility JunkwareRemowalTool kterou zde pouzivame. Klidne ji smaz, neni jiz potreba...

Jinak se mi to zda ciste...

Junfan · #5 Příspěvek od **Junfan** » 05 črc 2013 13:49

Sakra a já googlil a nic nenašel... A při tom jsem si mohl všimnout hned druhého řádku "Created by Thisisu"
Děkuju

Junfan · #6 Příspěvek od **Junfan** » 05 črc 2013 13:52

Jinak nově teď používám Sandboxie pro brouzdání netem - je to opravdu tak bezpečné anebo to některý viry umí obejít?
Chci to i používat pro testování nových SW atd.

#7 Příspěvek od **vyosek** » 05 črc 2013 20:08

Primo se Sanboxie nemam osobni zkusenost, ale jsem cetl, tak by mel byt jisty a nemelo by z nej nic utect. Ja pouzivam Sanbox primo v Avastu IS.

Junfan · #8 Příspěvek od **Junfan** » 06 črc 2013 22:25

Ju vím, že Avast ho má. Tak díky a zase někdy

#9 Příspěvek od **vyosek** » 07 črc 2013 06:54

Neni zac, mej se

VIRY.CZ

Pro Vyosek

Pro Vyosek

Re: Pro Vyosek

Re: Pro Vyosek

Re: Pro Vyosek

Re: Pro Vyosek

Re: Pro Vyosek

Re: Pro Vyosek

Re: Pro Vyosek

Re: Pro Vyosek